SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Windows Remote Desktop Vendors:   Microsoft
Windows Remote Desktop Connection Heap Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022709
SecurityTracker URL:  http://securitytracker.com/id/1022709
CVE Reference:   CVE-2009-1133, CVE-2009-1929   (Links to External Site)
Date:  Aug 11 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 5.1, 5.2, 6.0, 6.1
Description:   Two vulnerabilities were reported in Microsoft Remote Desktop Connection. A remote user can execute arbitrary code on the target system.

A remote Remote Desktop Protocol (RDP) server can return specially crafted data to the connected Remote Desktop Connection client to trigger a heap overflow and execute arbitrary code on the target system [CVE-2009-1929]. The code will run with the privileges of the target service.

Wushi of Team509 reported this vulnerability via Zero Day Initiative.

A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the Microsoft Terminal Services Client ActiveX control and trigger a heap overflow to execute arbitrary code on the target user's system [CVE-2009-1133]. The code will run with the privileges of the target service.

Yamata Li reported this vulnerability.

Microsoft Remote Desktop Connection is formerly known as Terminal Services Client.

Remote Desktop Connection Client for Mac 2.0 is also affected.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4 , RDP Version 5.0:

http://www.microsoft.com/downloads/details.aspx?familyid=027e757d-08d5-4932-b8c4-52ee1be1c864

Windows XP Service Pack 2, RDP Version 5.1:

http://www.microsoft.com/downloads/details.aspx?familyid=2a8830dd-8fb3-4556-a6e7-2c237235357f

Windows XP Service Pack 2, RDP Version 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=d1f82d76-eeb2-4ff4-9d2c-46882f214719

Windows XP Service Pack 3, RDP Version 6.1:

http://www.microsoft.com/downloads/details.aspx?familyid=d1f82d76-eeb2-4ff4-9d2c-46882f214719

Windows XP Professional x64 Edition Service Pack 2, RDP Version 5.2:

http://www.microsoft.com/downloads/details.aspx?familyid=948da99a-44ed-4390-b1b4-7ed3f15a9cda

Windows XP Professional x64 Edition Service Pack 2, RDP Version 6.1:

http://www.microsoft.com/downloads/details.aspx?familyid=5061615f-fa8f-465f-ac8f-393998b7e91b

Windows Server 2003 Service Pack 2, RDP Version 5.2:

http://www.microsoft.com/downloads/details.aspx?familyid=60c79729-ef01-4630-bd67-ec63e7f8b56b

Windows Server 2003 Service Pack 2, RDP Version 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=a37a2d8a-a5ce-4f06-bf07-8cafa16e7a59

Windows Server 2003 x64 Edition Service Pack 2, RDP Version 5.2:

http://www.microsoft.com/downloads/details.aspx?familyid=57393588-dc96-4bda-ab1e-ae550961e5d4

Windows Server 2003 x64 Edition Service Pack 2, RDP Version 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=957c2e01-89a1-4550-aacb-de8ff896d762

Windows Server 2003 with SP2 for Itanium-based Systems, RDP Version 5.2:

http://www.microsoft.com/downloads/details.aspx?familyid=8f88a714-b917-4193-9002-19fa65722028

Windows Vista, RDP Version 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=cf95a552-f6fd-4e35-815a-d16c015cd3ea

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, RDP Version 6.1:

http://www.microsoft.com/downloads/details.aspx?familyid=cf95a552-f6fd-4e35-815a-d16c015cd3ea

Windows Vista x64 Edition, RDP Version 6.0:

http://www.microsoft.com/downloads/details.aspx?familyid=5e19cef7-2413-4575-9597-c6273a097aad

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, RDP Version 6.1:

http://www.microsoft.com/downloads/details.aspx?familyid=5e19cef7-2413-4575-9597-c6273a097aad

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*, RDP Version 6.1:

http://www.microsoft.com/downloads/details.aspx?familyid=71c17a87-710b-434d-9b2a-2f471674915a

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*, RDP Version 6.1:

http://www.microsoft.com/downloads/details.aspx?familyid=f095d2d5-4513-4ae1-96c7-cbcf83304261

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 , RDP Version 6.1:

http://www.microsoft.com/downloads/details.aspx?familyid=65d0af4e-22a2-4524-a003-2f4858012fa8

Remote Desktop Connection Client for Mac 2.0:

http://www.microsoft.com/downloads/details.aspx?familyid=cd9ec77e-5b07-4332-849f-046611458871

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms09-044.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)
Underlying OS Comments:  2000 SP4, 2003 SP2, XP SP3, Vista SP2, 2008; and prior service packs; Mac OS X

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC