Remote Desktop Client Remote Code Execution Vulnerability - CVE-2019-0788ID: oval:org.secpod.oval:def:58463 | Date: (C)2019-09-11 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect.The update addresses the vulnerability by correcting how the Windows Remote Desktop Client handles connection requests.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 8.1 |