Vulnerability

(MS13-029) Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)

Publish date: May 14, 2013

CVE-2013-1296

SEVERITY

CRITICAL

//  ADVISORY DATE

14 MAY 2013


DESCRIPTION

This security update resolves a reported vulnerability in Windows Remote Desktop Client. The vulnerability, if left unpatched, may allow remote code execution once a user views a specially crafted webpage. An attacker who successfully exploits the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The vulnerability affects Windows Remote Desktop Connection Client versions 6.1 and 7.0.

SOLUTION

AFFECTED SOFTWARE AND VERSION

  • Remote Desktop Connection 6.1 Client
  • Remote Desktop Connection 7.0 Client
  • Remote Desktop Connection 7.1 Client

Featured Stories

Connect with us on