cbcvebase.
CVE-2019-1333
published 2019-10-10

CVE-2019-1333: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote…

PriorityP259high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
14.91%
96.3th percentile
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

Affected

72 ranges· showing 25
VendorProductVersion rangeFixed in
djangoprojectdjango>= 3.2 < 3.2.253.2.25
djangoprojectdjango>= 4.2 < 4.2.114.2.11
djangoprojectdjango>= 5.0 < 5.0.35.0.3
khanacademysimple-markdown>= 0 < 0.6.10.6.1
khanacademysimple-markdown>= 0 < 0.5.20.5.2
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation requires a user to connect to an attacker-controlled RDP server; monitor for outbound RDP connections to unknown/external servers, especially those initiated via social engineering, DNS poisoning, or MitM scenarios.
  • An attacker may compromise a legitimate RDP server and host malicious code on it; monitor legitimate RDP servers for unexpected code execution or new account creation following client connections.
  • Exploitation is rated 'More Likely' for both latest and older software releases; prioritize detection and patching of Windows Remote Desktop Client across all supported Windows versions.
  • ·The vulnerability is in the Windows Remote Desktop Client (client-side), not the RDP server; exploitation requires the client to initiate a connection to a malicious server — server-side RDP hardening alone is insufficient.
  • ·No public exploit or active in-the-wild exploitation was confirmed at time of disclosure; however, exploitation was rated as 'More Likely' by Microsoft.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.