Advisory: Thinfinity Remote Desktop Workstation Directory Traversal
Title: Thinfinity Remote Desktop Workstation Directory Traversal Flaw
Version: Thinfinity Remote Desktop Workstation v.22.214.171.124
Vendor: Cybele Software, Inc
Release Date: 01/04/2015
Thinfinity vulnerability summary
Thinfinity Remote Desktop Workstation was found to be vulnerable to an unauthenticated directory traversal flaw.
Impact of the Thinfinity vulnerability
Exploiting this flaw allows an adversary to gain unrestricted access to system resources on the affected host as the service runs in the context of Local System (by default).
Unaffected Thinfinity Products
- Thinfinity Remote Desktop Workstation v.126.96.36.199 (32-bit and 64-bit) is not affected by this flaw.
- Thinfinity Remote Desktop Workstation v188.8.131.52 (32-bit and 64-bit) is not affected by this flaw.
Affected Thinfinity Products
Confirmed application versions affected:
- Thinfinity Remote Desktop Workstation v.184.108.40.206 (32-bit)
- Thinfinity Remote Desktop Workstation v.220.127.116.11 (64-bit)
Solution to Thinfinity Vulnerability
Upgrade to Thinfinity Remote Desktop Workstation v18.104.22.168
Thinfinity Vulnerability Time Table
29/01/2015: Perspective Risk Report vulnerability to vendor
06/03/2015: Vendor releases fixed version of the application
31/03/2015: Vendor publishes advisory
01/04/2015: Perspective Risk Advisory Published
Thinfinity Vulnerability Credits
Discovered by Matt Byrne, Principal Security Consultant @ Perspective Risk
Security Advisory: PR-20150401
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.