| Vulnerability Name: | CVE-2012-2526 (CCN-77347) | ||||||||
| Assigned: | 2012-08-14 | ||||||||
| Published: | 2012-08-14 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-2526 Source: CCN Type: SA50244 Microsoft Windows Remote Desktop Protocol Object Handling Vulnerability Source: CCN Type: Microsoft Security Bulletin MS12-053 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135) Source: CCN Type: BID-54935 Microsoft Remote Desktop Protocol CVE-2012-2526 Remote Code Execution Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA12-227A Source: MS Type: UNKNOWN MS12-053 Source: XF Type: UNKNOWN ms-win-rdp-code-execution(77347) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:15650 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||