The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote malicious users to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
microsoft remote desktop connection 7.0 |
||
microsoft remote desktop connection 6.1 |
Microsoft released two Bulletins this month patching 3 critical vulnerabilities. Along with these immediate issues, they released five other Bulletins rated “Important”. It appears that the two critical Bulletins address use-after-free vulnerabilities that can all be attacked through Internet Explorer. For the Windows workstation environments, all versions of Internet Explorer need to be patched asap, including v10 preview running on Windows RT. The patch for Internet Explorer 10 on Windo...
Vulmon