ID CVE-2019-0708
Summary A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-06-2021 - 18:15)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm
misc
Last major update 03-06-2021 - 18:15
Published 16-05-2019 - 19:29
Last modified 03-06-2021 - 18:15
Back to Top