#Windows RDP

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory.

**How would an attacker exploit this vulnerability?** An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents.

**How would an attacker exploit this vulnerability?** An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents.

**What is required to exploit this vulnerability?** An authenticated user might be tricked into connecting to a malicious remote desktop server in which the remote desktop host server sends a specially crafted PDU (Server RDP Preconnection) targeting the remote client's drive redirection virtual channel. The end result is a potential for remote code execution on the victims machine.

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

**How would an attacker exploit this vulnerability?** An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents.

*How could an attacker exploit this vulnerability?* In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators.