A structured exception handling-based buffer overflow in Mobatek MobaXterm allows remote code execution through the import of a malicious session file.

This is a buffer overflow vulnerability triggered via the username field within a MobaXterm session file. When a user is coerced into importing and opening a crafted session file, the application triggers an exception that allows for arbitrary code execution.

With a CVSS score of 9.8, this flaw poses a significant risk to workstations and corporate networks. A successful exploit allows an attacker to execute arbitrary code with the privileges of the logged-in user, potentially leading to full workstation compromise and lateral movement within the internal network.

Immediate Action: Update Mobatek MobaXterm to the latest version provided by the vendor to remediate the buffer overflow vulnerability.

Proactive Monitoring: Monitor workstations for suspicious child processes spawned by MobaXterm, such as command shells (cmd.exe, powershell.exe) or unauthorized network connections.

Compensating Controls: Enforce strict application control policies to prevent the execution of untrusted session files from unknown or unverified sources.

Public Exploit Available: Not specified

Users of MobaXterm should update their installations immediately. Organizations should exercise caution when handling session files from external or untrusted parties to mitigate the risk of this remote code execution vector.