Windows 7/8 and WS2012 RDP Remote Code Execution Exploit 0day

ID 1337DAY-ID-23897
Type zdt
Reporter 0day Today Team
Modified 2015-07-18T00:00:00


The vulnerability could allow remote code execution if an attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled. By default, the RDP server service is not enabled on any Windows operating system. Systems that do not have the RDP server service enabled are not at risk. Vulnerability Information A remote code execution vulnerability exists in how the Remote Desktop Protocol (RDP) (terminal) service handles packets. While the most likely outcome of this vulnerability is denial of the remote desktop (terminal) service (DOS), remote code execution is possible. To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by modifying how the terminal service handles packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

This is private exploit. You can buy it at