Home / Early Warning / Vulnerabilidades / CVE-2019-0708

CVE-2019-0708

Type: 
Input Validation
Severity: 
Critical
Publication date: 
05/16/2019
Last modified: 
07/15/2019
Description
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
  • Microsoft Windows Xp - Sp3 ~~~~x86~
  • Microsoft Windows Xp - Sp2 ~~professional~~x64~
  • Microsoft Windows Vista - Sp2
  • Microsoft Windows Server 2008 R2 Sp1 ~~~~x64~
  • Microsoft Windows Server 2008 R2 Sp1 ~~~~itanium~
  • Microsoft Windows Server 2008 - Sp2
  • Microsoft Windows Server 2003 R2 Sp2
  • Microsoft Windows Server 2003 - Sp2 ~~~~x86~
  • Microsoft Windows Server 2003 - Sp2 ~~~~x64~
  • Microsoft Windows 7 - Sp1
Explanation of fields