CVE-2012-0152 — Improper Input Validation in Microsoft Windows Server 2008

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

85.4%

top 0.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedMar 13

Latest updateMay 28

Description

The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-w3mf-3qq9-2rrx: The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a↗2022-05-04

▶

🔍Detection Rules

Suricata

ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set↗2012-03-15

▶

📄Research Papers

arXiv

Does Johnny Get the Message? Evaluating Cybersecurity Notifications for Everyday Users↗2025-05-28

▶