CVE-2011-0029
Last modified
CVE-2011-0029 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability.". EPSS estimates a 7.16% chance of exploitation in the next 30 days.
Description
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."
Metrics
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Remote Desktop Connection Client | 5.2 | — |
| Microsoft | Remote Desktop Connection Client | 6.0 | — |
| Microsoft | Windows 2003 Server | All versions | Sp2 |
| Microsoft | Windows Server 2003 | All versions | Sp2 |
| Microsoft | Windows Xp | All versions | Sp2 |
| Microsoft | Remote Desktop Connection Client | 7.0 | — |
| Microsoft | Windows 7 | All versions | — |
| Microsoft | Windows Server 2008 | r2 | — |
| Microsoft | Remote Desktop Connection Client | 6.1 | — |
| Microsoft | Windows Server 2008 | All versions | — |
| Microsoft | Windows Vista | All versions | Sp1 |
References
- http://www.us-cert.gov/cas/techalerts/TA11-067A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA11-067A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-0029?
How severe is CVE-2011-0029?
How do I fix CVE-2011-0029?
Are you affected by CVE-2011-0029?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST