Untrusted Search Path Vulnerability in Microsoft Remote Desktop Connection
CVE-2011-0029

Currently unrated

Key Information:

Vendor: Microsoft
Status: Remote Desktop Connection Client
Vendor: CVE Published:; 9 March 2011

Summary

The vulnerability affects various versions of Microsoft Remote Desktop Connection, allowing local users to exploit an untrusted search path. By placing a malicious DLL in the working directory, specifically alongside a .rdp file, an unauthorized user can execute the DLL with elevated privileges. This risk illustrates the importance of secure coding practices and validating executable paths to mitigate the threat posed by Trojan horses.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://osvdb.org/71014

vdb-entryx_refsource_OSVDB

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 9, 2011
Vulnerability Reserved
Dec 10, 2010