Security
Headlines
HeadlinesLatestCVEs

Tag

#Remote Desktop Client

CVE-2024-43599: Remote Desktop Client Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

Microsoft Security Response Center
#vulnerability#mac#rce#Remote Desktop Client#Security Vulnerability
CVE-2024-43533: Remote Desktop Client Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

CVE-2024-21307: Remote Desktop Client Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2023-29362: Remote Desktop Client Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

CVE-2023-29352: Windows Remote Desktop Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-29352: Windows Remote Desktop Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince the user to open said file.

CVE-2023-29362: Remote Desktop Client Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

CVE-2023-24905: Remote Desktop Client Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince the user to open said file.

CVE-2022-22017: Remote Desktop Client Remote Code Execution Vulnerability

**How would an attacker exploit this vulnerability?** An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user.

CVE-2022-26940: Remote Desktop Protocol Client Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.