Microsoft Remote Desktop Connection Insecure Library Injection

Added: 03/14/2011
CVE: CVE-2011-0029
BID: 46678
OSVDB: 71014

Background

The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer.

Problem

A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens a Remote Desktop (.rdp) configuration file located in the same network directory as a specially crafted DLL file.

Resolution

Apply the update referenced in Microsoft Security Bulletin 11-017.

References

http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx

Limitations

An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified.

The target user must open the RDP file located on the specified share.

Platforms

Windows

Back to exploit index