Lucene search

K
cve[email protected]CVE-2011-0029
HistoryMar 09, 2011 - 11:00 p.m.

CVE-2011-0029

2011-03-0923:00:01
web.nvd.nist.gov
26
cve-2011-0029
untrusted search path
microsoft remote desktop connection
vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.958 High

EPSS

Percentile

99.5%

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka “Remote Desktop Insecure Library Loading Vulnerability.”

Affected configurations

NVD
Node
microsoftremote_desktop_connection_clientMatch5.2
AND
microsoftwindows_xpsp3
Node
microsoftremote_desktop_connection_clientMatch6.0
AND
microsoftwindows_2003_serversp2
OR
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpMatch-sp2x64
Node
microsoftremote_desktop_connection_clientMatch7.0
AND
microsoftwindows_7Match-
OR
microsoftwindows_server_2008Matchr2itanium
OR
microsoftwindows_server_2008Matchr2x64
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp3
Node
microsoftremote_desktop_connection_clientMatch6.1
AND
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008x32
OR
microsoftwindows_server_2008x64
OR
microsoftwindows_server_2008sp2x32
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpsp3

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.958 High

EPSS

Percentile

99.5%