Lucene search

[email protected]CVE-2011-0029

HistoryMar 09, 2011 - 11:00 p.m.

CVE-2011-0029

2011-03-0923:00:01

[email protected]

web.nvd.nist.gov

cve-2011-0029

untrusted search path

microsoft remote desktop connection

vulnerability

6.3 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.958 High

EPSS

Percentile

99.5%

JSON

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka “Remote Desktop Insecure Library Loading Vulnerability.”

Affected configurations

NVD

Node

microsoftremote_desktop_connection_clientMatch5.2

AND

microsoftwindows_xpsp3

Node

microsoftremote_desktop_connection_clientMatch6.0

AND

microsoftwindows_2003_serversp2

microsoftwindows_server_2003sp2

microsoftwindows_xpMatch-sp2x64

Node

microsoftremote_desktop_connection_clientMatch7.0

AND

microsoftwindows_7Match-

microsoftwindows_server_2008Matchr2itanium

microsoftwindows_server_2008Matchr2x64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_xpsp3

Node

microsoftremote_desktop_connection_clientMatch6.1

AND

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_xpsp3

CPENameOperatorVersion
microsoft:remote_desktop_connection_clientmicrosoft remote desktop connection clienteq5.2

CPE	Name	Operator	Version
microsoft:remote_desktop_connection_client	microsoft remote desktop connection client	eq	5.2

References

osvdb.org/71014

secunia.com/advisories/43628

www.securitytracker.com/id?1025172

www.us-cert.gov/cas/techalerts/TA11-067A.html

www.vupen.com/english/advisories/2011/0616

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-017

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12480

6.3 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.958 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2011-0029

openvas2 saint4 mskb1 nvd1 prion1 checkpoint_advisories2 nessus1 cvelist1 securityvulns1