Henrik Andersson

**Name of the Vulnerable Software and Affected Versions** rdesktop versions prior to 1.7.0 **Description** The issue is related to a directory traversal vulnerability in the `disk create` function in `disk.c` when disk redirection is enabled. This allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. The vulnerability can lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider disabling disk redirection to minimize the risk of exploitation. Restrict access to the `disk create` function in `disk.c` until a patch is available. Avoid using the `disk create` function when disk redirection is enabled until the issue is resolved.