Oval Definition:	oval:org.mitre.oval:def:5693
Revision Date: 2014-06-30 Version: 47 Title: Remote Desktop Connection Heap Overflow Vulnerability Description: Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-1133 Platform(s): Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Product(s): Definition Synopsis AND Microsoft Windows 2000 SP4 or later is installed AND the version of Mstsc.exe is less than 5.1.2600.3552 OR Microsoft Windows XP (x86) SP2 is installed OR Microsoft Windows XP x64 Edition SP2 is installed AND the version of Mstscax.dll is less than 5.1.2600.3581 OR Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Windows Server 2003 SP2 (x86) is installed OR Microsoft Windows Server 2003 SP2 (x64) is installed OR Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of Mstscax.dll is less than 5.2.3790.4524 OR Microsoft Windows XP (x86) SP2 is installed OR Microsoft Windows XP (x86) SP3 is installed AND the version of Mstscax.dll is less than 6.0.6001.18266 AND the version of Mstscax.dll is greater than or equal 6.0.6001.18000 OR Microsoft Windows XP (x86) SP2 is installed OR Microsoft Windows XP (x86) SP3 is installed AND the version of Mstscax.dll is less than 6.0.6001.22443 AND the version of Mstscax.dll is greater than or equal 6.0.6001.22000 OR Microsoft Windows Vista (32-bit) is installed AND the version of Mstscax.dll is less than 6.0.6000.16865 AND the version of Mstscax.dll is greater than or equal 6.0.6000.16000 OR Microsoft Windows Vista (32-bit) is installed AND the version of Mstscax.dll is less than 6.0.6000.21061 AND the version of Mstscax.dll is greater than or equal 6.0.6000.20000 OR Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND the version of Mstscax.dll is less than 6.0.6001.18266 AND the version of Mstscax.dll is greater than or equal 6.0.6001.18000 OR Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND the version of Mstscax.dll is less than 6.0.6001.22443 AND the version of Mstscax.dll is greater than or equal 6.0.6001.22000 OR Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Mstscax.dll is less than 6.0.6002.18045 AND the version of Mstscax.dll is greater than or equal 6.0.6002.18000 OR Microsoft Windows Vista (32-bit) Service Pack 2 is installed OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Mstscax.dll is less than 6.0.6002.22146 AND the version of Mstscax.dll is greater than or equal 6.0.6002.22000
BACK