Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability.
Successful exploits will allow the attacker to execute arbitrary code on the affected system. This may facilitate a complete system compromise. Failed attacks may cause denial-of-service conditions.
Information
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Embedded SP3
Microsoft Windows XP Embedded SP2
Microsoft Windows XP Embedded SP1
Microsoft Windows XP 0
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 0
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- shadowbroker windows exploits Esteemaudit-2.1.0.0.xml (misterch0c)
- Microsoft Homepage (Microsoft)
- Microsoft Windows Homepage (Microsoft )
- Remote desktop protocol remote code execution vulnerability (Microsoft)
- Microsoft Security Advisory 4025685 (Microsoft)