9.3

CVE-2011-0029

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftRemote Desktop Connection Client Version5.2
   MicrosoftWindows Xp Updatesp3
MicrosoftWindows Xp Version- Updatesp2 Editionx64
MicrosoftRemote Desktop Connection Client Version7.0
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Xp Updatesp3
MicrosoftWindows 7 Version-
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Xp Updatesp3
MicrosoftWindows Server 2008 Versionr2 Editionitanium
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Xp Updatesp3
MicrosoftWindows Server 2008 Versionr2 Editionx64
   MicrosoftWindows Vista Updatesp1
   MicrosoftWindows Vista Updatesp2
   MicrosoftWindows Xp Updatesp3
MicrosoftWindows Server 2008 Editionitanium
MicrosoftWindows Server 2008 Updatesp2 Editionx32
MicrosoftWindows Server 2008 Updatesp2 Editionx64
MicrosoftWindows Server 2008 Version- Updatesp2 Editionitanium
MicrosoftWindows Vista Updatesp1
MicrosoftWindows Vista Updatesp2
MicrosoftWindows Xp Updatesp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.16% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 1.4 5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA11-067A.html
US Government Resource
http://osvdb.org/71014
http://secunia.com/advisories/43628
http://www.securitytracker.com/id?1025172
http://www.vupen.com/english/advisories/2011/0616
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12480