CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
Added: 03/14/2011
CVE: CVE-2011-0029
BID: 46678
OSVDB: 71014
The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer.
A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens a Remote Desktop (.rdp) configuration file located in the same network directory as a specially crafted DLL file.
Apply the update referenced in Microsoft Security Bulletin 11-017.
<http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx>
An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified.
The target user must open the RDP file located on the specified share.
Windows