Gravità: : Alto
  Identificatori CVE: CVE-2011-0029
  Data notifica: 18 maggio 2011

  Descrizione

This update resolves a vulnerability in Windows Remote Desktop Client, which could allow remote code execution. The exploit works if a user opens a legitimate Remote Desktop configuration (.rdp) file located in the same network folder as a specially crafted library file. However, for an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application. More specifically, this update addresses the vulnerability by correcting the manner in which the Windows Remote Desktop Client loads external libraries.

  Informazioni esposizione:


For information on patches specific to the affected software, please proceed to the Microsoft Web page.

  Soluzioni

  Trend Micro Deep Security DPI Rule Number: 1004373
  Trend Micro Deep Security DPI Rule Name: Identified Microsoft DLL File Over Network Share

  Software e versione interessati:

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Vista Service Pack 1 and Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Server 2008 R2 for Itanium-based Systems