Vulnerability Details CVE-2009-1929
Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.727
EPSS Ranking 98.7%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/56912
- http://secunia.com/advisories/36229
- http://www.securityfocus.com/bid/35973
- http://www.securitytracker.com/id?1022709
- http://www.us-cert.gov/cas/techalerts/TA09-223A.html
- http://www.vupen.com/english/advisories/2009/2238
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329
- http://osvdb.org/56912
- http://secunia.com/advisories/36229
- http://www.securityfocus.com/bid/35973
- http://www.securitytracker.com/id?1022709
- http://www.us-cert.gov/cas/techalerts/TA09-223A.html
- http://www.vupen.com/english/advisories/2009/2238
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329
Products affected by CVE-2009-1929
-
cpe:2.3:o:microsoft:windows_2003_server:sp2
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_vista:-
-
cpe:2.3:o:microsoft:windows_xp:-