Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft RDP client multiple security vulnerabilities
updated since 11.08.2009
Published:12.08.2009
Source:
SecurityVulns ID:10146
Type:client
Threat Level:
7/10
Description:Memory corruption in ActiveX control, memory corruption on server reply processing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Remote Desktop Connection Client for Mac 2.0
CVE:CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability.")
 CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability.")
Original documentdocumentZDI, ZDI-09-057: Microsoft Remote Desktop Client Arbitrary Code Execution Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-044 - Critical Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) (11.08.2009)
Files:Microsoft Security Bulletin MS09-044 - Critical Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod