NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2009-1929

Summary	Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."
Summary	Desbordamiento de búfer basado en pila en el control Microsoft Terminal Services Client ActiveX cuando se corre RDP v6.1 en Windows XP SP2, Vista SP1 o SP2, o Server 2008 Gold o SP2; o v5.2 o v6.1 en Windows XP SP3; permite a atacantes remotos ejecutar código de forma arbitraria a través de parámetros sin especificar mediante métodos desconocidos, también conocido como "Vulnerabilidad de desbordamiento de búfer en el control ActiveX en la conexión a escritorio remoto".
Publication Date	Aug. 13, 2009, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:19 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2003_server:sp2:::::::*
cpe:2.3:o:microsoft:windows_2003_server:sp2::itanium:::::
cpe:2.3:o:microsoft:windows_2003_server:sp2::x64:::::
cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:::::*
cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*
cpe:2.3:o:microsoft:windows_vista::sp1::::::*
cpe:2.3:o:microsoft:windows_vista::sp2::::::*
cpe:2.3:o:microsoft:windows_vista:-:-:x64:::::*
cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::
cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/56912	secure@microsoft.com
2	http://secunia.com/advisories/36229	secure@microsoft.com
3	http://www.securityfocus.com/bid/35973	secure@microsoft.com
4	http://www.securitytracker.com/id?1022709	secure@microsoft.com
5	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	secure@microsoft.com
6	http://www.vupen.com/english/advisories/2009/2238	secure@microsoft.com
7	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044	secure@microsoft.com
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329	secure@microsoft.com
9	http://osvdb.org/56912	af854a3a-2127-422b-91ae-364da2661108
10	http://secunia.com/advisories/36229	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securityfocus.com/bid/35973	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securitytracker.com/id?1022709	af854a3a-2127-422b-91ae-364da2661108
13	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	af854a3a-2127-422b-91ae-364da2661108
14	http://www.vupen.com/english/advisories/2009/2238	af854a3a-2127-422b-91ae-364da2661108
15	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-044	af854a3a-2127-422b-91ae-364da2661108
16	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6329	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html