CVE-2019-0887

Опубликовано: 15 июл. 2019

Источник: nvd

CVSS3: 8

CVSS2: 8.5

EPSS Средний

Описание

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Ссылки

http://www.securityfocus.com/bid/108964
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887
Patch
Vendor Advisory
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Technical Description
Third Party Advisory
https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/108964
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887
Patch
Vendor Advisory
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Technical Description
Third Party Advisory
https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:remote_desktop:*:*:*:*:*:windows:*:*

Версия до 1.2.2691 (исключая)

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.376:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.54304

Средний

8 High

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2019-0887

CVSS3: 8

msrc

почти 6 лет назад

Remote Desktop Services Remote Code Execution Vulnerability

GHSA-v82h-xf3f-qj32

CVSS3: 8

github

около 3 лет назад

BDU:2019-02695

CVSS3: 8

fstec

почти 6 лет назад

Уязвимость службы удаленного рабочего стола Remote Desktop Services (RDS) операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%

0.54304

Средний

8 High

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22