APP: Microsoft Remote Desktop Client Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Microsoft Remote Desktop Client. A successful attack can lead to a heap overflow and arbitrary remote code execution within the context of the user.
Extended Description
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
Affected Products
Microsoft windows_vista
Short Name
APP:REMOTE:RDP-HEAP-BO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2009-1133 Client Desktop Heap Microsoft Overflow Remote bid:35971
Release Date
06/15/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3659
Port
TCP/3389
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3