CVE-2019-0708
Severity:
CRITICAL
Type:
CWE-416
Use After Free
Publication date:
16/05/2019
Last modified:
03/06/2021
Description
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
High
Vulnerable products and versions
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 (Source:MISC)
- https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf (Source:CONFIRM)
- https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf (Source:CONFIRM)
- https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf (Source:CONFIRM)
- https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf (Source:CONFIRM)
- https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf (Source:CONFIRM)
- https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf (Source:CONFIRM)
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en (Source:CONFIRM)
- http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en (Source:CONFIRM)
- http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html (Source:MISC)
- http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html (Source:MISC)
- http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html (Source:MISC)
- http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html (Source:MISC)
- http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html (Source:MISC)