Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows Remote Desktop Client vulnerability could allow remote code execution


Report ID: MS201304002
Date Published: 10 April 2013

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Remote Desktop Connection 6.1 Client
Remote Desktop Connection 7.0 Client




Summary

A vulnerability in Microsoft Remote Desktop ActiveX Control could upon successful exploitation, allow an attacker to execute code and take control of an affected system.



Detailed Description

Microsoft has released a security update to address a vulnerability in the Remote Desktop ActiveX control (mstscax.dll). The vulnerability was caused by a memory corruption condition that arises when attempting to access a deleted object in memory. Upon successful exploitation, an attacker could be able to execute code and take control of the affected system.

This issue has been fixed by introducing a modification in the way that Remote Desktop Client handles objects in memory. Users are recommended to install the latest update as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-1296



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-029)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.