A critical buffer overflow in Remote Desktop Audit allows attackers to achieve Remote Code Execution (RCE) by tricking a user into importing a malicious computer list file.

The "Add Computers Wizard" fails to properly handle large or malformed inputs when importing files. By crafting a malicious file, an attacker can trigger a buffer overflow and bypass Structured Exception Handling (SEH) to execute arbitrary shellcode.

With a CVSS score of 9.8, this flaw represents a significant threat to administrative workstations. An attacker can gain full control over the machine used to manage remote desktop connections, potentially compromising the credentials and access to the entire server fleet managed through the software.

Immediate Action: Update Remote Desktop Audit to the latest available version and refrain from importing computer lists from untrusted or unknown sources.

Proactive Monitoring: Monitor administrative workstations for unusual process spawning (e.g., cmd.exe or powershell.exe) originating from the Remote Desktop Audit application.

Compensating Controls: Enable advanced exploit protection features like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) at the OS level to mitigate buffer overflow impacts.

Public Exploit Available: false

Apply the software update immediately to resolve the underlying memory handling issue. Furthermore, security awareness training should emphasize the danger of importing configuration files from untrusted sources, as this is a common vector for targeting IT administrators.