Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2015-08-15
Updated: 2018-10-12
Summary
Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability." <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a> Per the Microsoft advisory, " In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted RDP file that is designed to exploit the vulnerability. An attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message." This vulnerability has been assigned and Attack Vector of Remote.
Vulnerable Configurations
Msbulletin
bulletin_id | MS15-082 |
bulletin_url | |
date | 2015-08-11T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 3080348 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in RDP Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS15-082.NASL |
description | The remote Windows host is missing a security update. It is, therefore affected by the following vulnerabilities : - A spoofing vulnerability exists due to the Remote Desktop Session Host (RDSH) not properly validating certificates during authentication. An man-in-the-middle attacker can exploit this to impersonate a client session by spoofing a TLS/SSL server via a certificate that appears valid. (CVE-2015-2472) - A code execution vulnerability exists due to the Remote Desktop Protocol client not properly handling the loading of certain specially crafted DLL files. An attacker, by placing a malicious DLL in the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 85332 |
published | 2015-08-11 |
reporter | This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/85332 |
title | MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348) |