Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-053.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user or cause a denial of service condition. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-053

Insight

The flaw is due to an error within Remote Desktop Services when accessing an object in memory after it has been deleted. This can be exploited by sending a sequence of specially crafted RDP packets to the target system.

Affected

Microsoft Windows XP x32 Edition Service Pack 3 and prior

References

http://secunia.com/advisories/50244/
http://support.microsoft.com/kb/2723135
http://technet.microsoft.com/en-us/security/bulletin/ms12-053
http://www.securelist.com/en/advisories/50244

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2526
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
Cumulative Security Update for Internet Explorer (961260)
Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
IE 5.01 5.5 6.0 Cumulative patch (890923)
Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Take action and discover your vulnerabilities