1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

Windows Remote Desktop Client vulnerability could allow remote code execution

Report ID: MS201304002
Date Published: 10 April 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote

Affected Product/Component:

Remote Desktop Connection 6.1 Client
Remote Desktop Connection 7.0 Client


A vulnerability in Microsoft Remote Desktop ActiveX Control could upon successful exploitation, allow an attacker to execute code and take control of an affected system.

Detailed Description

Microsoft has released a security update to address a vulnerability in the Remote Desktop ActiveX control (mstscax.dll). The vulnerability was caused by a memory corruption condition that arises when attempting to access a deleted object in memory. Upon successful exploitation, an attacker could be able to execute code and take control of the affected system.

This issue has been fixed by introducing a modification in the way that Remote Desktop Client handles objects in memory. Users are recommended to install the latest update as a protection measure against possible exploit attempts.

CVE Reference



Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-029)

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.