CVE-2015-0079

2015-03-1110:59:08

CWE-399

[email protected]

web.nvd.nist.gov

microsoft

rdp

windows

remote desktop

denial of service

vulnerability

cve-2015-0079

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka “Remote Desktop Protocol (RDP) Denial of Service Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-sp1

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2