Windows : Microsoft Bulletins : Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900273

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)

Zusammenfassung: This host is missing a critical security update according to Microsoft; Bulletin MS11-017.

Beschreibung: Summary:
This host is missing a critical security update according to Microsoft
Bulletin MS11-017.

Vulnerability Insight:
The flaw is caused by the way Windows Remote Desktop Client handles loading
of DLL files. Remote attacker can execute arbitrary code by tricking a user
to open a legitimate Remote Desktop configuration file (.rdp) that
is located in the same network directory as a specially crafted dynamic
link library (DLL) file.

Vulnerability Impact:
Successful exploitation could allow authenticated attackers to execute
arbitrary code with elevated privileges.

Affected Software/OS:
Remote Desktop Connection 5.2 Client

- Windows XP Service Pack 3 and prior

Remote Desktop Connection 6.0/6.1 Client

- Windows XP Service Pack 3

- Windows Vista Service Pack 2 and prior

- Windows Server 2003 Service Pack 2 and prior

- Windows Server 2008 Service Pack 2 and prior

Remote Desktop Connection 7.0 Client

- Windows 7

- Windows XP Service Pack 3 and prior

- Windows Vista Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0029
Cert/CC Advisory: TA11-067A
http://www.us-cert.gov/cas/techalerts/TA11-067A.html
Microsoft Security Bulletin: MS11-017
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-017
http://osvdb.org/71014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12480
http://www.securitytracker.com/id?1025172
http://secunia.com/advisories/43628
http://www.vupen.com/english/advisories/2011/0616

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900273
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)
Zusammenfassung:	This host is missing a critical security update according to Microsoft; Bulletin MS11-017.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-017. Vulnerability Insight: The flaw is caused by the way Windows Remote Desktop Client handles loading of DLL files. Remote attacker can execute arbitrary code by tricking a user to open a legitimate Remote Desktop configuration file (.rdp) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Vulnerability Impact: Successful exploitation could allow authenticated attackers to execute arbitrary code with elevated privileges. Affected Software/OS: Remote Desktop Connection 5.2 Client - Windows XP Service Pack 3 and prior Remote Desktop Connection 6.0/6.1 Client - Windows XP Service Pack 3 - Windows Vista Service Pack 2 and prior - Windows Server 2003 Service Pack 2 and prior - Windows Server 2008 Service Pack 2 and prior Remote Desktop Connection 7.0 Client - Windows 7 - Windows XP Service Pack 3 and prior - Windows Vista Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0029 Cert/CC Advisory: TA11-067A http://www.us-cert.gov/cas/techalerts/TA11-067A.html Microsoft Security Bulletin: MS11-017 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-017 http://osvdb.org/71014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12480 http://www.securitytracker.com/id?1025172 http://secunia.com/advisories/43628 http://www.vupen.com/english/advisories/2011/0616
Copyright	Copyright (C) 2011 Greenbone AG