cbcvebase.
CVE-2019-1181
published 2019-08-14

CVE-2019-1181: A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to…

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

Affected

43 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftmicrosoft_remote_desktop_for_android< publicationpublication
microsoftmicrosoft_remote_desktop_for_ios>= 1.0.0 < publicationpublication
microsoftmicrosoft_remote_desktop_for_mac>= 1.0.0 < publicationpublication
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_version_1507>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1607>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1703>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1709>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1709_for_32-bit_systems>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1803>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1809>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1903_for_32-bit_systems>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1903_for_arm64-based_systems>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1903_for_x64-based_systems>= 10.0.0 < publicationpublication
microsoftwindows_8.1>= 6.3.0 < publicationpublication
microsoftwindows_server_2012
microsoftwindows_server_2012>= 6.2.0 < publicationpublication
microsoftwindows_server_2012_r2>= 6.3.0 < publicationpublication
microsoftwindows_server_2016
microsoftwindows_server_2016