CVE-2019-8385

Name of the Vulnerable Software and Affected Versions Thomson Reuters Desktop Extensions version 1.9.0.358

Description An issue allows an unauthenticated remote attacker to perform directory traversal and local file inclusion via a .. to port 6677, potentially listing or enumerating sensitive file contents. This could also lead to privilege escalation by accessing the machine's SAM and SYSTEM database files, as well as remote code execution.

Recommendations For Thomson Reuters Desktop Extensions version 1.9.0.358, consider restricting access to port 6677 as a temporary workaround until a patch is available. Avoid using the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe services in sensitive environments until the issue is resolved.