Home / Early Warning / Vulnerabilidades / CVE-2019-0708

CVE-2019-0708

Type: 
Input Validation
Severity: 
High
Publication date: 
05/16/2019
Last modified: 
07/15/2019
Description
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
  • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
  • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields