London: 020 0200 8142
Leeds: 0113 880 0722 Northampton: 01604 882 882

Advisory: Thinfinity Remote Desktop Workstation Directory Traversal

cybele_23

Title: Thinfinity Remote Desktop Workstation Directory Traversal Flaw
Version: Thinfinity Remote Desktop Workstation v.3.0.0.3
Vendor: Cybele Software, Inc
Release Date: 01/04/2015

Thinfinity vulnerability summary

Thinfinity Remote Desktop Workstation was found to be vulnerable to an unauthenticated directory traversal flaw.

Impact of the Thinfinity vulnerability

Exploiting this flaw allows an adversary to gain unrestricted access to system resources on the affected host as the service runs in the context of Local System (by default).

Unaffected Thinfinity Products

  • Thinfinity Remote Desktop Workstation v.3.0.0.0 (32-bit and 64-bit) is not affected by this flaw.
  • Thinfinity Remote Desktop Workstation v3.0.0.4 (32-bit and 64-bit) is not affected by this flaw.

Affected Thinfinity Products

Confirmed application versions affected:

  • Thinfinity Remote Desktop Workstation v.3.0.0.3 (32-bit)
  • Thinfinity Remote Desktop Workstation v.3.0.0.3 (64-bit)

Solution to Thinfinity Vulnerability

Upgrade to Thinfinity Remote Desktop Workstation v3.0.0.4

Thinfinity Vulnerability Time Table

29/01/2015: Perspective Risk Report vulnerability to vendor
06/03/2015: Vendor releases fixed version of the application
31/03/2015: Vendor publishes advisory
01/04/2015: Perspective Risk Advisory Published

Thinfinity Vulnerability Credits

Discovered by Matt Byrne, Principal Security Consultant @ Perspective Risk

Thinfinity References

Security Advisory: PR-20150401
CVE-ID: CVE-2015-1429
Vendor: http://cybelesoft.com/blog/index.php/cybele-software-inc-security-bulletin-2

We are Perspective Risk

  • Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.

    Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.

    Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.

  • Call Me

    Pop your details in below and we’ll be in touch soon!

    • This field is for validation purposes and should be left unchanged.

    ×
    Get Quote
    • This field is for validation purposes and should be left unchanged.
    ×