CVE-2011-0029

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

Published: Mar 10, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0029
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / remote_desktop_connection_client	5.2	5.2.x
microsoft / remote_desktop_connection_client	6.0	6.0.x
microsoft / windows_2003_server	-	-
microsoft / windows_server_2003	-	-
microsoft / windows_xp	--sp2	--sp2.x
microsoft / remote_desktop_connection_client	7.0	7.0.x
microsoft / windows_server_2008	r2	r2.x
microsoft / remote_desktop_connection_client	6.1	6.1.x
microsoft / windows_server_2008	-	-
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_vista	-	-
microsoft / windows_xp	-	-

Vulnerability Database

289,697

CVE-2011-0029