CVE-2019-0887

CWE-22 — Path Traversal5 documents5 sources

Severity

8.0HIGH

EPSS

68.5%

top 1.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Remote Desktop Client Microsoft Multiple Microsoft Windows 10 +4 more

Timeline

PublishedJul 15

Latest updateMay 24

Description

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages5 packages

▶NVDmicrosoft/remote_desktop_client< 1.2.2691

▶NVDmicrosoft/windowsr2, 1803, 1903+2

▶CVEListV5microsoft/multipleMultiple

▶NVDmicrosoft/windows_106 versions+5

▶NVDmicrosoft/windows_11_21h210.0.22000.376

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-v82h-xf3f-qj32: A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses↗2022-05-24

▶

CVEList

CVE-2019-0887: A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses↗2019-07-15

▶

📋Vendor Advisories

Microsoft

Remote Desktop Services Remote Code Execution Vulnerability↗2019-07-09

▶