Thinfinity Solutions

Security Bulletin about Thinfinity Remote Desktop Workstation vulnerability: Summary:

Thinfinity Remote Desktop Workstation v3.0.0.3 includes the following vulnerability:

A generic directory traversal flaw was found. After testing both Thinfinity Remote Desktop Workstation version 3.0.0.0 and version 3.0.0.3, the flaw is only present in the later version.

Successful exploitation of this vulnerability could result in the possibility of downloading a file of the remote Windows host (i.e. via the default port 8081 or whichever other port it is configured to use). The flaw was present whether or not “File Transfer” was enabled -regardless of the security model in use (i.e. None, Digest, or Windows Logon).
Note: This vulnerability does not affect Thinfinity Remote Desktop.

We thank Matt Byrne, from Perspective Risk for identifying this issue.
 

Software Versions and Fixes

Cybele Software has released a free software update (v3.0.0.4) that addresses this vulnerability. The update is available at the following links:
32-bit: http://www.cybelesoft.com/downloads/Thinfinity_Remote_Desktop_Workstation_Setup_x86.exe
64-bit: http://www.cybelesoft.com/downloads/Thinfinity_Remote_Desktop_Workstation_Setup_x64.exe
Make sure to uninstall the previous version before installing the new one.
 

Security Bulletin: Policy Statement on Information Provided in Patch Updates and Security Alerts

When Cybele Software publishes a Security Bulletin here on our blog, the company intends to provide vulnerability information in a socially responsible way. Cybele Software does not intend to issue vulnerability details that could enable someone to craft an exploit.
As a matter of policy, Cybele Software will not provide additional information about the specifics of vulnerabilities beyond what is provided in the Patch Update or Security Alert notification, the readme files, and FAQs. Cybele Software provides all customers with the same information in order to protect all customers equally. Cybele Software will not provide advance notification or “insider information” on Patch Update or Security Alerts to individual customers.
You can reach us at [email protected] if you have any questions.

Comments (3)

Hi,
Please provide 32-bit version of Remote Desktop Workstation fix v3.0.0.4
Currently both links are 64bit version….. 🙁
Thanks & Regards
Eugen

Thanks for the message, Eugen.
The links are fixed now!
I apologize for the inconvenience.
Regards,
Mauro

Leave a comment