<< Back
CVE Number Vulnerability Product Severity Date
MS12-053 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135) Windows XP Critical 15-08-2012

Technical Information

Brief overview of the risk:
The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that the Remote Desktop Protocol accesses an object in memory after it has been deleted. An attacker who successfully exploited this vulnerability could run arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Further information on this exploit is available at : MS12-053

Affected Software

Windows XP Service Pack 3