27 April 2013

Windows Remote Desktop Client vulnerability could allow remote code execution



A  vulnerability in Microsoft Remote Desktop ActiveX Control could upon successful exploitation, allow an attacker to execute code and take control of an affected system.

Detailed Description:

Microsoft has released a security update to address a vulnerability in the Remote Desktop ActiveX control (mstscax.dll). The vulnerability was caused by a memory corruption condition that arises when attempting to access a deleted object in memory. Upon successful exploitation, an attacker could be able to execute code and take control of the affected system.

This issue has been fixed by introducing a modification in the way that Remote Desktop Client handles objects in memory. Users are recommended to install the latest update as a protection measure against possible exploit attempts.

TheHackingAticles.com

 

CVE Reference

CVE-2013-1296

Solution:

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-029)

 

Source: Microsoft Security Bulletin MS13-029

 

ABOUT THE AUTHOR
AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date