Microsoft Remote Desktop Connection Insecure Library Injection

Added: 03/14/2011
CVE: CVE-2011-0029
BID: 46678
OSVDB: 71014

Background

The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer.

Problem

A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens a Remote Desktop (.rdp) configuration file located in the same network directory as a specially crafted DLL file.

Resolution

Apply the update referenced in Microsoft Security Bulletin 11-017.

References

<http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx&gt;

Limitations

An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified.

The target user must open the RDP file located on the specified share.

Platforms

Windows