CVE-2013-1296
Last modified
CVE-2013-1296 is a vulnerability of currently unknown severity. The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability.". EPSS estimates a 20.66% chance of exploitation in the next 30 days.
Description
The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Remote Desktop Connection | 6.1 |
| Microsoft | Remote Desktop Connection | 7.0 |
References
- http://www.us-cert.gov/ncas/alerts/TA13-100AUS Government Resource
- http://www.us-cert.gov/ncas/alerts/TA13-100AUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1296?
How severe is CVE-2013-1296?
How do I fix CVE-2013-1296?
Are you affected by CVE-2013-1296?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST