| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. |
| Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. |
| Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. |
| Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. |
| Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. |
| Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0. |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability |
| Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
| Remote Desktop Protocol Client Information Disclosure Vulnerability |
| Remote Desktop Protocol Client Information Disclosure Vulnerability |
| Remote Desktop Client Remote Code Execution Vulnerability |
