Windows : Microsoft Bulletins : Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900813

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-044.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-044.

Vulnerability Insight:
- Error exists when processing specific parameters returned by the RDP server,
which could be exploited to cause a heap-based buffer overflow by tricking a
user into connecting to a malicious RDP server.

- An heap-based buffer overflow error in the Remote Desktop Web Connection
ActiveX control when processing malformed parameters, which can be exploited
via specially crafted web page.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary code which may
result in heap-based buffer overflow on the affected system.

Affected Software/OS:
- Microsoft Windows 2k Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2k3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1133
Cert/CC Advisory: TA09-223A
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
Microsoft Security Bulletin: MS09-044
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5693
http://www.securitytracker.com/id?1022709
http://secunia.com/advisories/36229
http://www.vupen.com/english/advisories/2009/2238
Common Vulnerability Exposure (CVE) ID: CVE-2009-1929
BugTraq ID: 35973
http://www.securityfocus.com/bid/35973
http://osvdb.org/56912
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900813
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-044.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-044. Vulnerability Insight: - Error exists when processing specific parameters returned by the RDP server, which could be exploited to cause a heap-based buffer overflow by tricking a user into connecting to a malicious RDP server. - An heap-based buffer overflow error in the Remote Desktop Web Connection ActiveX control when processing malformed parameters, which can be exploited via specially crafted web page. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code which may result in heap-based buffer overflow on the affected system. Affected Software/OS: - Microsoft Windows 2k Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2k3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1133 Cert/CC Advisory: TA09-223A http://www.us-cert.gov/cas/techalerts/TA09-223A.html Microsoft Security Bulletin: MS09-044 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5693 http://www.securitytracker.com/id?1022709 http://secunia.com/advisories/36229 http://www.vupen.com/english/advisories/2009/2238 Common Vulnerability Exposure (CVE) ID: CVE-2009-1929 BugTraq ID: 35973 http://www.securityfocus.com/bid/35973 http://osvdb.org/56912 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329
Copyright	Copyright (C) 2009 Greenbone AG