CVE-2019-1333
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
Published : 2019-10-10 14:15 Updated : 2019-10-11 18:37
CVSS Score
More info
Score 9.3 / 10
A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.
The access conditions are somewhat specialized; the following are examples:
- The attacking party is limited to a group of systems or users at some level of authorization, possibly untrusted.
- Some information must be gathered before a successful attack can be launched.
- The affected configuration is non-default, and is not commonly configured (e.g., a vulnerability present when a server performs user account authentication via a specific scheme, but not present for another authentication scheme).
- The attack requires a small amount of social engineering that might occasionally fool cautious users (e.g., phishing attacks that modify a web browsers status bar to show a false link, having to be on someones buddy list before sending an IM exploit).
Authentication is not required to exploit the vulnerability.
There is total information disclosure, resulting in all system files being revealed. The attacker is able to read all of the system's data (memory, files, etc.)
There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised. The attacker is able to modify any files on the target system.
There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.
| Vendor | Product | Version | URI |
|---|---|---|---|
| Microsoft | Windows 10 | - | cpe:/o:microsoft:windows_10:- |
| Microsoft | Windows 10 | 1607 | cpe:/o:microsoft:windows_10:1607 |
| Microsoft | Windows 10 | 1703 | cpe:/o:microsoft:windows_10:1703 |
| Microsoft | Windows 10 | 1709 | cpe:/o:microsoft:windows_10:1709 |
| Microsoft | Windows 10 | 1803 | cpe:/o:microsoft:windows_10:1803 |
| Microsoft | Windows 10 | 1809 | cpe:/o:microsoft:windows_10:1809 |
| Microsoft | Windows 10 | 1903 | cpe:/o:microsoft:windows_10:1903 |
| Microsoft | Windows 7 | - | cpe:/o:microsoft:windows_7:-:sp1 |
| Microsoft | Windows 8.1 | - | cpe:/o:microsoft:windows_8.1:- |
| Microsoft | Windows Rt 8.1 | - | cpe:/o:microsoft:windows_rt_8.1:- |
| Microsoft | Windows Server 2008 | - | cpe:/o:microsoft:windows_server_2008:-:sp2 |
| Microsoft | Windows Server 2012 | - | cpe:/o:microsoft:windows_server_2012:- |
| Microsoft | Windows Server 2012 | r2 | cpe:/o:microsoft:windows_server_2012:r2 |
| Microsoft | Windows Server 2016 | - | cpe:/o:microsoft:windows_server_2016:- |
| Microsoft | Windows Server 2016 | 1803 | cpe:/o:microsoft:windows_server_2016:1803 |
| Microsoft | Windows Server 2016 | 1903 | cpe:/o:microsoft:windows_server_2016:1903 |
| Microsoft | Windows Server 2019 | - | cpe:/o:microsoft:windows_server_2019:- |
| Microsoft | Windows Server 2008 | r2 | cpe:/o:microsoft:windows_server_2008:r2:sp1:~~~~itanium~ |
| Microsoft | Windows Server 2008 | r2 | cpe:/o:microsoft:windows_server_2008:r2:sp1:~~~~x64~ |
-
Microsoft (8) Search CVE
-
Windows Server 2016 (3) Search CVE
-
-
-
1803
-
1903
-
-
Windows Server 2012 (2) Search CVE
-
-
-
R2
-
-
Windows 8.1 (1) Search CVE
-
-
-
-
Windows Server 2008 (2) Search CVE
-
-
-
R2
-
-
Windows 7 (1) Search CVE
-
-
-
-
Windows Server 2019 (1) Search CVE
-
-
-
-
Windows 10 (7) Search CVE
-
-
-
1607
-
1703
-
1709
-
1803
-
1809
-
1903
-
-
Windows Rt 8.1 (1) Search CVE
-
-
-
-
Reference
History of changes
| Date | Event | ||
|---|---|---|---|
| 2019-10-11 18:37 |
2 added
2 removed
|
||
| 2019-10-11 15:57 |
19 added
1 changed
|
||
| 2019-10-10 14:19 |
New CVE |