Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) |
Informations | |||
---|---|---|---|
Name | MS09-044 | First vendor Publication | 2009-08-11 |
Vendor | Microsoft | Last vendor Modification | 2009-11-04 |
Severity (Vendor) | Critical | Revision | 2.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.1 (November 4, 2009): Added a new known issues entry to the Frequently Asked Questions (FAQ) Related to This Security Update section.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-08-12 | Name : Microsoft Remote Desktop Connection Remote Code Execution Vulnerability (969706) File : nvt/secpod_ms09-044.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56912 | Microsoft Windows Terminal Services Client ActiveX Unspecified Overflow |
56911 | Microsoft Remote Desktop Server (RDS) mstscax.dll Packet Parsing Remote Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-08-13 | IAVM : 2009-A-0071 - Multiple Vulnerabilities in Microsoft Remote Desktop Connection Severity : Category II - VMSKEY : V0019884 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Remote Desktop Client ActiveX clsid access RuleID : 20175 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Remote Desktop Client ActiveX function call unicode access RuleID : 15864 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Remote Desktop Client ActiveX function call access RuleID : 15863 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Remote Desktop Client ActiveX clsid unicode access RuleID : 15862 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Remote Desktop Client ActiveX clsid access RuleID : 15861 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Remote Desktop orderType remote code execution attempt RuleID : 15850 - Revision : 13 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-08-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Remote De... File : macosx_rdesktop.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : It is possible to execute arbitrary code on the remote host. File : smb_nt_ms09-044.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:19 |
|
2014-01-19 21:30:21 |
|
2013-11-11 12:41:12 |
|
2013-05-11 00:49:31 |
|