8.1 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.02 Low
EPSS
Percentile
88.7%
Microsoft Terminal Server, when running an application session with the “Start program at logon” and “Override settings from user profile and Client Connection Manager wizard” options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are “a convenience to users” and were not intended to restrict execution of arbitrary code
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:terminal_server | microsoft terminal server | eq | * |