CVSS: 9.3EPSS: 93%CPEs: 2EXPL: 0CVE-2013-1296 – Microsoft Internet Explorer RDP ActiveX Control Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1296
09 Apr 2013 — The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability." El Remote Desktop ActiveX control en mstscax.dll en Microsoft R... • http://www.us-cert.gov/ncas/alerts/TA13-100A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 95%CPEs: 23EXPL: 0CVE-2011-0029
https://notcve.org/view.php?id=CVE-2011-0029
09 Mar 2011 — Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en la conexión de Escritorio Remoto de Microsoft 5.2, 6.0, 6.1 y 7.0 permite a usuarios locales escalar privilegios a través de una DLL tr... • http://osvdb.org/71014 •