Advisory: Thinfinity Remote Desktop Workstation Directory Traversal

Title: Thinfinity Remote Desktop Workstation Directory Traversal Flaw
Version: Thinfinity Remote Desktop Workstation v.3.0.0.3
Vendor: Cybele Software, Inc
Release Date: 01/04/2015

Want to check how good your organisation’s security is? Click here.

Thinfinity vulnerability summary

Thinfinity Remote Desktop Workstation was found to be vulnerable to an unauthenticated directory traversal flaw.

Impact of the Thinfinity vulnerability

Exploiting this flaw allows an adversary to gain unrestricted access to system resources on the affected host as the service runs in the context of Local System (by default).

Unaffected Thinfinity Products

• Thinfinity Remote Desktop Workstation v.3.0.0.0 (32-bit and 64-bit) is not affected by this flaw.
• Thinfinity Remote Desktop Workstation v3.0.0.4 (32-bit and 64-bit) is not affected by this flaw.

Affected Thinfinity Products

Confirmed application versions affected:

• Thinfinity Remote Desktop Workstation v.3.0.0.3 (32-bit)
• Thinfinity Remote Desktop Workstation v.3.0.0.3 (64-bit)

Solution to Thinfinity Vulnerability

Upgrade to Thinfinity Remote Desktop Workstation v3.0.0.4

Thinfinity Vulnerability Time Table

29/01/2015: Perspective Risk Report vulnerability to vendor
06/03/2015: Vendor releases fixed version of the application
31/03/2015: Vendor publishes advisory
01/04/2015: Perspective Risk Advisory Published

Thinfinity Vulnerability Credits

Discovered by Matt Byrne, Principal Security Consultant @ Perspective Risk

Thinfinity References

Security Advisory: PR-20150401
CVE-ID: CVE-2015-1429
Vendor: http://cybelesoft.com/blog/index.php/cybele-software-inc-security-bulletin-2

Want to know more? Get in touch with one of our experts today