Infesting you with Virus News
 

Vulnerabilities

Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows... (PC1-2009-2099)

Overview

Vulnerability chart
Overview:
Heap-based buffer overflow vulnerability was discovered in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3;
Vulnerable:
Windows XP
Remote Access
Unknown patch
availability
Patch implementation
unknown

References to Advisories, Solutions, and Tools

Release date: 2009-08-12
Description:

By using this type of vulnerability, malicious cyber criminals are enabled to execute arbitrary code through unidentified parameters to unspecified methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."
Impact:

With the help of this vulnerability, malicious people are enabled to get administrator access. Also, this vulnerability enables full confidentiality, integrity, and availability violation. Moreover, it lets to reveal information and break up a service without any authorization.
References: http://www.microsoft.com/technet/security/Bulletin/MS09-044.mspx

Impact

CVSS Severity

CVSS Version 2 Metrics:

CVSS v2 Base Score:9.3 (HIGH)Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Impact Subscore: 10.0Access Complexity: Medium
Exploitability Subscore: 8.6Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Say something interesting!

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Write For Us | Contact Us
© 2008 - 2013 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Files Virus list Vulnerabilities
Home > Vulnerabilities > pc1-2009-2099