NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2009-1133

Summary	Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
Summary	Desbordamiento de búfer basado en memoria dinámica en la conexión remota de escritorio de Microsoft (anteriormente Terminal Services Client) cuando corre RDP desde v5.0 hasta v6.1 en Windows, y Cliente de escritorio remoto para Mac 2.0, permite a atacantes remotos ejecutar código arbitrario a través de parámetros sin especificar, también conocido como "Vulnerabilidad de memoria dinámica en la conexión de escritorio remoto"
Publication Date	Aug. 13, 2009, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:16 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
cpe:2.3:o:microsoft:windows_server:2003:sp2::::::
cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium:::::
cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*
cpe:2.3:o:microsoft:windows_vista::::::::
cpe:2.3:o:microsoft:windows_vista:::x64:::::*
cpe:2.3:o:microsoft:windows_vista::sp1::::::*
cpe:2.3:o:microsoft:windows_vista::sp2::::::*
cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp::sp2:pro_x64:::::
cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/36229	secure@microsoft.com
2	http://www.securitytracker.com/id?1022709	secure@microsoft.com
3	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	secure@microsoft.com
4	http://www.vupen.com/english/advisories/2009/2238	secure@microsoft.com
5	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044	secure@microsoft.com
6	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5693	secure@microsoft.com
7	http://secunia.com/advisories/36229	af854a3a-2127-422b-91ae-364da2661108
8	http://www.securitytracker.com/id?1022709	af854a3a-2127-422b-91ae-364da2661108
9	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	af854a3a-2127-422b-91ae-364da2661108
10	http://www.vupen.com/english/advisories/2009/2238	af854a3a-2127-422b-91ae-364da2661108
11	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044	af854a3a-2127-422b-91ae-364da2661108
12	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5693	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html