<< Back
CVE Number Vulnerability Product Severity Date
MS11-017 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062) Windows XP Critical 09-03-2011

Technical Information

Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user opens a legitimate Remote Desktop Configuration (.rdp) file located in the same network folder as a specially crafted library file.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that Windows Remote Desktop Client handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Further information on this exploit is available at : MS11-017

Affected Software

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2