module
AnyDesk GUI Format String Write
| Disclosed |
|---|
| Jun 16, 2020 |
Disclosed
Jun 16, 2020
Description
The AnyDesk GUI is vulnerable to a remotely exploitable format string vulnerability. By sending a specially
crafted discovery packet, an attacker can corrupt the frontend process when it loads or refreshes. While the
discovery service is always running, the GUI frontend must be started to trigger the vulnerability. On
successful exploitation, code is executed within the context of the user who started the AnyDesk GUI.
crafted discovery packet, an attacker can corrupt the frontend process when it loads or refreshes. While the
discovery service is always running, the GUI frontend must be started to trigger the vulnerability. On
successful exploitation, code is executed within the context of the user who started the AnyDesk GUI.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.