CVE-2012-0002
published 2012-03-13CVE-2012-0002: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2…
PriorityP278critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
73.92%
99.4th percentile
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crafted T.125 ConnectMCSPDU packets where the maxChannelIds field (at offset 0x2c) is set to a value less than or equal to 5, targeting RDP port 3389. ↗
- →Detect use-after-free exploitation attempts in termdd.sys: watch for invalid memory pointer returns from termdd!IcaGetPreviousSdLink leading to access violations in termdd!IcaBufferAlloc. ↗
- →The Metasploit auxiliary scanner module ms12_020_check.rb can be used to non-destructively check hosts for MS12-020 / CVE-2012-0002 exposure. ↗
- →The Metasploit DoS module ms12_020_maxchannelids.rb triggers the vulnerability via the maxChannelIDs field in the T.125 ConnectMCSPDU packet, resulting in an invalid pointer dereference. ↗
- ·On post-Vista Windows versions (Windows 7 and Server 2008), the vulnerability may require 'Allow connections from computers running any version of Remote Desktop' to be enabled, though this may be a limitation of the specific proof-of-concept rather than the vulnerability itself. ↗
- ·The proof-of-concept uses BER integer values set at 32-bit big endian and may need to be resent multiple times to trigger the condition; it is not optimized. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fcrc-84gc-hccf: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
ghsa_unreviewed·2022-05-04·CVSS 9.3
CVE-2012-0173 [CRITICAL] CWE-94 GHSA-fcrc-84gc-hccf: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
GHSA
GHSA-5rh5-ff3w-38rh: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
ghsa_unreviewed·2022-05-04
CVE-2012-0002 [HIGH] CWE-94 GHSA-5rh5-ff3w-38rh: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
CISA ICS
Microsoft Remote Desktop Protocol Memory Corruption Vulnerability
cisa_ics·2013-05-01
Microsoft Remote Desktop Protocol Memory Corruption Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Microsoft Remote Desktop Protocol Memory Corruption Vulnerability
Last RevisedMay 01, 2013
Alert CodeICSA-12-079-01
## Overview
ICS-CERT is aware of a public report of a Remote Desktop Protocol (RDP) vulnerability with proof-of-concept (PoC) exploit code affecting multiple Microsoft Windows operating systems. RDP is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer. In a control system environment, this protocol is typically used for remote access.
Security researcher Luigi Auriemma coordinated the release of thi
VMware
VMware vCenter Chargeback Manager Information Leak and Denial of Service
vendor_vmware·2012-03-08·CVSS 6.4
CVE-2012-1472 [MEDIUM] VMware vCenter Chargeback Manager Information Leak and Denial of Service
VMSA-2012-0002: VMware vCenter Chargeback Manager Information Leak and Denial of Service
The vCenter Chargeback Manager (CBM) contains a flaw in its handling of XML API requests. This vulnerability allows an unauthenticated remote attacker to download files from the CBM server or conduct a denial-of-service against the server. VMware thanks Joshua Keyes for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1472 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product ============= Product Version ======= Running on ======= Replace with/ Apply Patch ================= VMware Product ============= CBM Product Vers
No detection rules found.
Exploit-DB
Microsoft Terminal Services - Use-After-Free (MS12-020)
exploitdb·2012-03-16
CVE-2012-0002 Microsoft Terminal Services - Use-After-Free (MS12-020)
Microsoft Terminal Services - Use-After-Free (MS12-020)
---
#######################################################################
Luigi Auriemma
Application: Microsoft Terminal Services / Remote Desktop Services
http://www.microsoft.com
http://msdn.microsoft.com/en-us/library/aa383015(v=vs.85).aspx
Versions: any Windows version before 13 Mar 2012
Platforms: Windows
Bug: use after free
Exploitation: remote, versus server
Date: 16 Mar 2012 (found 16 May 2011)
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
Additional references:
http://www.zerodayinitiative.com/advisories/ZDI-12-044/
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
##
Metasploit
MS12-020 Microsoft Remote Desktop Use-After-Free DoS
metasploit
MS12-020 Microsoft Remote Desktop Use-After-Free DoS
MS12-020 Microsoft Remote Desktop Use-After-Free DoS
This module exploits the MS12-020 RDP vulnerability originally discovered and reported by Luigi Auriemma. The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result an invalid pointer being used, therefore causing a denial-of-service condition.
Metasploit
MS12-020 Microsoft Remote Desktop Checker
metasploit
MS12-020 Microsoft Remote Desktop Checker
MS12-020 Microsoft Remote Desktop Checker
This module checks a range of hosts for the MS12-020 vulnerability. This does not cause a DoS on the target.
arXiv
Does Johnny Get the Message? Evaluating Cybersecurity Notifications for Everyday Users
arxiv_fulltext·2025-05-28
Does Johnny Get the Message? Evaluating Cybersecurity Notifications for Everyday Users
Does Johnny Get the Message?
Evaluating Cybersecurity Notifications for Everyday Users
Victor Jüttner
Dept. of Computer Science, Leipzig University
Center for Scalable Data Analytics and Artificial
Intelligence (ScaDS.AI) Dresden/Leipzig, Germany
e-mail: [email protected]
Erik Buchmann
Dept. of Computer Science, Leipzig University
Center for Scalable Data Analytics and Artificial
Intelligence (ScaDS.AI) Dresden/Leipzig, Germany
e-mail: [email protected]
## Abstract
Due to the increasing presence of networked devices in everyday life, not only cybersecurity specialists but also end users benefit from security applications such as firewalls, vulnerability scanners, and intrusion detection systems. Recent approaches use large language models (LLMs) to
arXiv
Security of Medical Cyber-physical Systems: An Empirical Study on Imaging Devices
arxiv_fulltext·2020-01-05
Security of Medical Cyber-physical Systems: An Empirical Study on Imaging Devices
Security of Medical Cyber-physical Systems: \ Empirical Study on Imaging Devices
The authors would like to thank the vendors and developers for their help in the research. This research was financially supported by the National Key Research and Development Plan (2018YFB1004101), Key Lab of Information Network Security, Ministry of Public Security (C19614), Special fund on education and teaching reform of Besti (jy201805), the Fundamental Research Funds for the Central Universities(328201910), China Postdoctoral Science Foundation funded project, 2019 Beijing Common Construction Project-Teaching Reform and Innovation Project for Universities in Beijing, Key Laboratory of Network Assessment Technology of Institute of Information Engineering, Chinese Academy of Sciences.
Zhiqiang Wang^1,*,
arXiv
Economic Factors of Vulnerability Trade and Exploitation
arxiv_fulltext·2018-01-03
Economic Factors of Vulnerability Trade and Exploitation
Economic Factors of Vulnerability Trade and Exploitation
Luca Allodi
0000-0003-1600-0868
Eindhoven University of Technology
P.O. Box 513, Eindhoven
The Netherlands
5600 MB
[email protected]
2017
2017
acmcopyright
CCS '17October 30-November 3, 2017Dallas, TX, USA15.0010.1145/3133956.3133960 978-1-4503-4946-8/17/10
## Abstract
Cybercrime markets support
the development and diffusion of new attack technologies, vulnerability
exploits, and malware.
Whereas the revenue streams of cyber attackers have been studied
multiple times in the literature,
no quantitative account currently exists on the economics
of attack acquisition and deployment. Yet, this understanding is critical
to characterize the production of (traded) exploits, the economy that drives it, and its effects on the overall at
Bugzilla
CVE-2012-6098 moodle: Users without the appropriate capability were able to set a custom outcome (MSA-13-0002)
bugzilla·2013-01-23·CVSS 4.0
CVE-2012-6098 [MEDIUM] CVE-2012-6098 moodle: Users without the appropriate capability were able to set a custom outcome (MSA-13-0002)
CVE-2012-6098 moodle: Users without the appropriate capability were able to set a custom outcome (MSA-13-0002)
A security flaw was found in the way Moodle, a course management system, performed capability checks in certain situations. Users without appropriate capability were able to set a custom outcome they had created as a standard site-wide capability when editing that outcome.
References:
[1] http://www.openwall.com/lists/oss-security/2013/01/21/1
Relevant upstream patch:
[2] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619
Discussion:
This issue did NOT affect the versions of the moodle package, as shipped with Fedora release of 16, 17, 18, and Fedora EPEL 6 (moodle package versions for those releases are already updated).
--
This issue affects the v
http://blogs.quickheal.com/remote-desktop-protocol-vulnerability-cve-2012-0002-not-dead-yet/http://www.securitytracker.com/id?1026790http://www.us-cert.gov/cas/techalerts/TA12-073A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14623http://blogs.quickheal.com/remote-desktop-protocol-vulnerability-cve-2012-0002-not-dead-yet/http://www.securitytracker.com/id?1026790http://www.us-cert.gov/cas/techalerts/TA12-073A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-020https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14623
2012-03-13
Published