CVE-2019-1333
published 2019-10-10CVE-2019-1333: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote…
PriorityP259high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
14.91%
96.3th percentile
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
Affected
72 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| djangoproject | django | >= 3.2 < 3.2.25 | 3.2.25 |
| djangoproject | django | >= 4.2 < 4.2.11 | 4.2.11 |
| djangoproject | django | >= 5.0 < 5.0.3 | 5.0.3 |
| khanacademy | simple-markdown | >= 0 < 0.6.1 | 0.6.1 |
| khanacademy | simple-markdown | >= 0 < 0.5.2 | 0.5.2 |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires a user to connect to an attacker-controlled RDP server; monitor for outbound RDP connections to unknown/external servers, especially those initiated via social engineering, DNS poisoning, or MitM scenarios. ↗
- →An attacker may compromise a legitimate RDP server and host malicious code on it; monitor legitimate RDP servers for unexpected code execution or new account creation following client connections. ↗
- →Exploitation is rated 'More Likely' for both latest and older software releases; prioritize detection and patching of Windows Remote Desktop Client across all supported Windows versions. ↗
- ·The vulnerability is in the Windows Remote Desktop Client (client-side), not the RDP server; exploitation requires the client to initiate a connection to a malicious server — server-side RDP hardening alone is insufficient. ↗
- ·No public exploit or active in-the-wild exploitation was confirmed at time of disclosure; however, exploitation was rated as 'More Likely' by Microsoft. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Regular expression denial-of-service in Django
ghsa·2024-03-15·CVSS 7.5
CVE-2024-27351 [HIGH] CWE-1333 Regular expression denial-of-service in Django
Regular expression denial-of-service in Django
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
GHSA
Regular Expression Denial of Service in simple-markdown
ghsa·2023-02-12
CVE-2019-25102 [HIGH] CWE-1333 Regular Expression Denial of Service in simple-markdown
Regular Expression Denial of Service in simple-markdown
A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The name of the patch is 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability.
GHSA
Regular Expression Denial of Service in simple-markdown
ghsa·2023-02-12
CVE-2019-25103 [HIGH] CWE-1333 Regular Expression Denial of Service in simple-markdown
Regular Expression Denial of Service in simple-markdown
A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.
GHSA
GHSA-83hg-4r84-wrr4: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
ghsa_unreviewed·2022-05-24
CVE-2019-1333 [HIGH] GHSA-83hg-4r84-wrr4: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Clie
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
GHSA
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
ghsa·2022-05-24
CVE-2019-16555 [MEDIUM] CWE-1333 Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process.
GHSA
Regular Expression Denial of Service in System.Text.RegularExpressions
ghsa·2021-08-04·CVSS 7.5
CVE-2019-0820 [HIGH] CWE-1333 Regular Expression Denial of Service in System.Text.RegularExpressions
Regular Expression Denial of Service in System.Text.RegularExpressions
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
GHSA
Regular Expression Denial of Service in remarkable
ghsa·2019-06-06
CVE-2019-12041 [HIGH] CWE-1333 Regular Expression Denial of Service in remarkable
Regular Expression Denial of Service in remarkable
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.
Red Hat
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
vendor_redhat·2024-03-04·CVSS 7.5
CVE-2024-27351 [HIGH] CWE-1333 python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words()
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
An inefficient regular expression complexity flaw was found in the Truncator.words function and truncatewords_html filter of Django. This issue may allow an attacker to use a suitably crafted string to cause a denial of service.
Package: ansible-tower (Red Hat Ansible Automation Platform 1.2) - Not affected
Package: python-django (
Red Hat
python-django: Denial-of-service possibility in django.utils.text.Truncator
vendor_redhat·2023-10-04·CVSS 7.5
CVE-2023-43665 [HIGH] CWE-1333 python-django: Denial-of-service possibility in django.utils.text.Truncator
python-django: Denial-of-service possibility in django.utils.text.Truncator
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given cert
Microsoft
Remote Desktop Client Remote Code Execution Vulnerability
vendor_msrc·2019-10-08·CVSS 7.5
CVE-2019-1333 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker
No detection rules found.
No public exploits indexed.
Trendmicro
Short October Patch Tuesday: 9 Critical Fixes Featured
blogs_trendmicro·2019-10-09·CVSS 8.8
[HIGH] Short October Patch Tuesday: 9 Critical Fixes Featured
Exploits & Vulnerabilities
# Short October Patch Tuesday: 9 Critical Fixes Featured
This month's update includes only 59 fixes, but addresses significant issues. The nine Critical items were for various IE and Edge flaws, and one for a Remote Desktop Client gap. The rest of the 50 were ranked important, including server concerns.
By: Trend Micro
2019/10/09
Read time: ( words)
Save to Folio
October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability
Trendmicro
Short October Patch Tuesday: 9 Critical Fixes Featured
blogs_trendmicro·2019-10-09·CVSS 8.8
[HIGH] Short October Patch Tuesday: 9 Critical Fixes Featured
# Short October Patch Tuesday: 9 Critical Fixes Featured
This month's update includes only 59 fixes, but addresses significant issues. The nine Critical items were for various IE and Edge flaws, and one for a Remote Desktop Client gap. The rest of the 50 were ranked important, including server concerns.
By: Trend Micro
Oct 09, 2019
Read time: ( words)
Save to Folio
October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability. The Important bulletins
Qualys
October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
blogs_qualys·2019-10-08·CVSS 7.8
[HIGH] October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
## Workstation Patches
Scripting Engine, Browser, and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## Azure App Service RCE
A Remote Code Execution
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of which we will highlight below.
CVE-2019-1333 is a client-side remote execution vulne
Tenable
Microsoft's October 2019 Patch Tuesday: Tenable Roundup
blogs_tenable·2019-10-08
Microsoft's October 2019 Patch Tuesday: Tenable Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
October 2019 Patch Tuesday - 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting | Qualys
blogs_qualys·2019-10-08·CVSS 7.8
[HIGH] October 2019 Patch Tuesday - 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting | Qualys
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
### Workstation Patches
Scripting Engine, Browser, and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### Azure App Service RCE
A Remote Code Executi
Fortinet
October Patch Tuesday
blogs_fortinet·2019-10-08·CVSS 8.8
[HIGH] October Patch Tuesday
FORTIGUARD LABS THREAT RESEARCH
October Patch Tuesday
By Jeannette Jarvis | October 08, 2019
October Patch Tuesday brought a myriad of updates from a variety of vendors. Here we highlight the critical vulnerabilities released by Microsoft, but also touch on updates from Apple and Google as well. There were no updates from Adobe at the time of this posting. Get Patching!
Patch Overview
Microsoft
Today, Microsoft released security updates fixing 59 security vulnerabilities. Nine of these patches have a critical severity level, and the rest are rated as important. None of the vulnerabilities patched this month were publicly disclosed before Patch Tuesday, nor are any known to have been publicly exploited at this time. Regardless, users are advised to install these security updates as soon
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of
2019-10-10
Published