9.3
CVSSv2

CVE-2012-0002

Published: 13/03/2012 Updated: 28/09/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 1000
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote malicious users to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 7

microsoft windows server 2003

microsoft windows server 2008

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows vista

microsoft windows xp

microsoft windows xp -

Exploits

####################################################################### Luigi Auriemma Application: Microsoft Terminal Services / Remote Desktop Services wwwmicrosoftcom msdnmicrosoftcom/en-us/library/aa383015(v=vs85)aspx Versions: any Windows version before 13 Mar ...

Nmap Scripts

rdp-vuln-ms12-020

Checks if a machine is vulnerable to MS12-020 RDP vulnerability.

nmap -sV --script=rdp-vuln-ms12-020 -p 3389 <target>

PORT STATE SERVICE VERSION 3389/tcp open ms-wbt-server? | rdp-vuln-ms12-020: | VULNERABLE: | MS12-020 Remote Desktop Protocol Denial Of Service Vulnerability | State: VULNERABLE | IDs: CVE:CVE-2012-0152 | Risk factor: Medium CVSSv2: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Description: | Remote Desktop Protocol vulnerability that could allow remote attackers to cause a denial of service. | | Disclosure date: 2012-03-13 | References: | http://technet.microsoft.com/en-us/security/bulletin/ms12-020 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0152 | | MS12-020 Remote Desktop Protocol Remote Code Execution Vulnerability | State: VULNERABLE | IDs: CVE:CVE-2012-0002 | Risk factor: High CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Description: | Remote Desktop Protocol vulnerability that could allow remote attackers to execute arbitrary code on the targeted system. | | Disclosure date: 2012-03-13 | References: | http://technet.microsoft.com/en-us/security/bulletin/ms12-020 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0002

Metasploit Modules

MS12-020 Microsoft Remote Desktop Checker

This module checks a range of hosts for the MS12-020 vulnerability. This does not cause a DoS on the target.

msf > use auxiliary/scanner/rdp/ms12_020_check
      msf auxiliary(ms12_020_check) > show actions
            ...actions...
      msf auxiliary(ms12_020_check) > set ACTION <action-name>
      msf auxiliary(ms12_020_check) > show options
            ...show and set options...
      msf auxiliary(ms12_020_check) > run
MS12-020 Microsoft Remote Desktop Use-After-Free DoS

This module exploits the MS12-020 RDP vulnerability originally discovered and reported by Luigi Auriemma. The flaw can be found in the way the T.125 ConnectMCSPDU packet is handled in the maxChannelIDs field, which will result an invalid pointer being used, therefore causing a denial-of-service condition.

msf > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
      msf auxiliary(ms12_020_maxchannelids) > show actions
            ...actions...
      msf auxiliary(ms12_020_maxchannelids) > set ACTION <action-name>
      msf auxiliary(ms12_020_maxchannelids) > show options
            ...show and set options...
      msf auxiliary(ms12_020_maxchannelids) > run

Github Repositories

Exploring-MS12-020 / CVE-2012-0002 "The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server RDP is designed to support different types of network topologies and multiple LAN protocols" O RDP é usado pelo "Terminal Services e Remote Desktop Ser

用于漏洞排查的pocsuite3验证POC代码

some_pocsuite 用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。 由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。 插件代码编写 使用pocsuite3 漏洞测试框架,插件编写请参考 pocs

Recent Articles

Update to this Month’s Patch Tuesday Post on MS12-020/CVE-2012-0002
Securelist • Kurt Baumgartner • 16 Mar 2012

The twitter infosec sphere last night and the blogosphere this morning is in a bit of a frenzy about the public leak of a DoS PoC targeting CVE-2012-0002, the RDP pre-auth remote. This vulnerability was highlighted at our previous Securelist post on this month’s patch Tuesday “Patch Tuesday March 2012 – Remote Desktop Pre-Auth Ring0 Use-After-Free RCE!“. First off, patch now. Now. If you can’t, use the mitigation tool that Microsoft is offering – the tradeoff between requiring netwo...

Patch Tuesday March 2012 – Remote Desktop Pre-Auth Ring0 Use-After-Free RCE!
Securelist • Kurt Baumgartner • 13 Mar 2012

Patch Tuesday March 2012 fixes a set of vulnerabilities in Microsoft technologies. Interesting fixes rolled out will patch a particularly problematic pre-authentication ring0 use-after-free in Remote Desktop and a DoS flaw, a DoS flaw in Microsoft DNS Server, and several less critical local EoP vulnerabilities.
It seems to me that every time a small and medium sized organization runs a network, the employees or members expect remote access. In turn, this Remote Desktop service is frequentl...