Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Microsoft
  • Windows Xp
  • Windows 2003 Server
  • Windows Server 2008
  • Windows Vista

Configuration 1 [-]

OR cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
References
Link Resource
http://osvdb.org/56912
http://secunia.com/advisories/36229 Vendor Advisory
http://www.securityfocus.com/bid/35973 Patch
http://www.securitytracker.com/id?1022709
http://www.us-cert.gov/cas/techalerts/TA09-223A.html US Government Resource
http://www.vupen.com/english/advisories/2009/2238 Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2009-08-12T17:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2009-06-04T00:00:00

Link: CVE-2009-1929

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-08-12T17:30:00.703

Modified: 2023-12-07T18:38:56.693

Link: CVE-2009-1929

JSON object: View

cve-icon Redhat Information

No data.

CWE