Oval Definition:oval:org.mitre.oval:def:6329
Revision Date:2009-12-28Version:43
Title:Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability
Description:Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-1929
Platform(s):Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis
  • AND
  • Microsoft Windows XP (x86) SP2 is installed
  • OR Microsoft Windows XP (x86) SP3 is installed
  • AND the version of Mstscax.dll is less than 6.0.6001.18266
  • AND the version of Mstscax.dll is greater than or equal 6.0.6001.18000
  • OR
  • Microsoft Windows XP (x86) SP2 is installed
  • OR Microsoft Windows XP (x86) SP3 is installed
  • AND the version of Mstscax.dll is less than 6.0.6001.22443
  • AND the version of Mstscax.dll is greater than or equal 6.0.6001.22000
  • OR
  • Microsoft Windows Vista (32-bit) is installed
  • AND the version of Mstscax.dll is less than 6.0.6000.16865
  • AND the version of Mstscax.dll is greater than or equal 6.0.6000.16000
  • OR
  • Microsoft Windows Vista (32-bit) is installed
  • AND the version of Mstscax.dll is less than 6.0.6000.21061
  • AND the version of Mstscax.dll is greater than or equal 6.0.6000.20000
  • OR
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of Mstscax.dll is less than 6.0.6001.18266
  • AND the version of Mstscax.dll is greater than or equal 6.0.6001.18000
  • OR
  • Microsoft Windows Vista (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of Mstscax.dll is less than 6.0.6001.22443
  • AND the version of Mstscax.dll is greater than or equal 6.0.6001.22000
  • OR
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND the version of Mstscax.dll is less than 6.0.6002.18045
  • AND the version of Mstscax.dll is greater than or equal 6.0.6002.18000
  • OR
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND the version of Mstscax.dll is less than 6.0.6002.22146
  • AND the version of Mstscax.dll is greater than or equal 6.0.6002.22000
    • BACK