CVE-2011-0029 — Microsoft Remote Desktop Connection Client vulnerability

2 documents2 sources

Severity

7.4HIGHNVD

EPSS

34.7%

top 2.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Remote Desktop Connection Client Microsoft Windows Server 2008

Timeline

PublishedMar 9

Latest updateMay 3

Description

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/remote_desktop_connection_client4 versions+3

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-28h2-7xq2-6cjf: Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5↗2022-05-03

▶