CVE-2013-1296

2013-04-0922:55:01

CWE-94

microsoft

web.nvd.nist.gov

cve-2013-1296

remote desktop

activex control

mstscax.dll

microsoft

remote desktop connection client

rdp

code execution

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.923

Percentile

99.0%

JSON

The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka “RDP ActiveX Control Remote Code Execution Vulnerability.”

Affected configurations

Nvd

Node

microsoftremote_desktop_connectionMatch6.1

microsoftremote_desktop_connectionMatch7.0

VendorProductVersionCPE
microsoftremote_desktop_connection6.1cpe:2.3:a:microsoft:remote_desktop_connection:6.1:*:*:*:*:*:*:*
microsoftremote_desktop_connection7.0cpe:2.3:a:microsoft:remote_desktop_connection:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	remote_desktop_connection	6.1	cpe:2.3:a:microsoft:remote_desktop_connection:6.1:::::::*
microsoft	remote_desktop_connection	7.0	cpe:2.3:a:microsoft:remote_desktop_connection:7.0:::::::*