CVE-2020-0765
https://notcve.org/view.php?id=CVE-2020-0765
An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'. Existe una vulnerabilidad de divulgación de información en la aplicación Remote Desktop Connection Manager (RDCMan) cuando analiza inapropiadamente la entrada XML que contiene una referencia a una entidad externa, también se conoce como "Remote Desktop Connection Manager Information Disclosure Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0765 •
CVE-2013-1296 – Microsoft Internet Explorer RDP ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1296
The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." El Remote Desktop ActiveX control en mstscax.dll en Microsoft Remote Desktop Connection Client v6.1 y v7.0 no controla correctamente los objetos en memoria, lo que permite a atacantes remotos ejecutar código arbitrario a través de una página web que pone en marcha el acceso a un objeto eliminado, y permite remoto RDP servidores para ejecutar código arbitrario a través de vectores no especificados que el acceso de disparo a un objeto eliminado, alias "RDP ActiveX control de código vulnerabilidad de ejecución remota". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Remote Desktop ActiveX control. By manipulating TransportSettings or AdvancedSettings, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16598 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-0029
https://notcve.org/view.php?id=CVE-2011-0029
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en la conexión de Escritorio Remoto de Microsoft 5.2, 6.0, 6.1 y 7.0 permite a usuarios locales escalar privilegios a través de una DLL troyanizada en el directorio de trabajo actual, como se ha demostrado con un directorio que contiene un fichero .rdp. También conocido como "vulnerabilidad de carga de librerías inseguras en Remote Desktop". • http://osvdb.org/71014 http://secunia.com/advisories/43628 http://www.securitytracker.com/id?1025172 http://www.us-cert.gov/cas/techalerts/TA11-067A.html http://www.vupen.com/english/advisories/2011/0616 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12480 •
CVE-2005-1794
https://notcve.org/view.php?id=CVE-2005-1794
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. • http://secunia.com/advisories/15605 http://www.oxid.it/downloads/rdp-gbu.pdf http://www.securityfocus.com/bid/13818 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12441 •
CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt http://secunia.com/advisories/15393 http://secunia.com/advisories/15417 http://secunia.com/advisories/18222 http://secunia.com/advisories/18662 http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml http:/& •