Lucene search

K
cve[email protected]CVE-2011-0029
HistoryMar 09, 2011 - 11:00 p.m.

CVE-2011-0029

2011-03-0923:00:01
web.nvd.nist.gov
26
cve-2011-0029
untrusted search path
microsoft remote desktop connection
vulnerability

6.3 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.958 High

EPSS

Percentile

99.5%

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka “Remote Desktop Insecure Library Loading Vulnerability.”

Affected configurations

NVD
Node
microsoftremote_desktop_connection_clientMatch5.2
AND
microsoftwindows_xpsp3
Node
microsoftremote_desktop_connection_clientMatch6.0
AND
microsoftwindows_2003_serversp2
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpMatch-sp2x64
Node
microsoftremote_desktop_connection_clientMatch7.0
AND
microsoftwindows_7Match-
OR
microsoftwindows_server_2008Matchr2itanium
OR
microsoftwindows_server_2008Matchr2x64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp3
Node
microsoftremote_desktop_connection_clientMatch6.1
AND
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp3

6.3 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.958 High

EPSS

Percentile

99.5%