Signature Detail

Short Name	APP:REMOTE:RDP-HEAP-OF
Severity	High
Recommended	No
Recommended Action	Drop
Category	APP
Keywords	Microsoft Remote Desktop Client Heap Overflow
Release Date	2009/08/11
Update Number	1479
Supported Platforms	idp-4.1+, isg-3.5+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Microsoft Remote Desktop Client Heap Overflow

This signature detects attempts to exploit a known vulnerability in the Microsoft Remote Desktop Client. A successful attack can lead to a heap overflow and arbitrary remote code execution within the context of the user.

Extended Description

Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability when processing certain parameters returned by a malicious RDP (Remote Desktop Protocol) server. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions.

Affected Products

Microsoft RDP 5.1
Microsoft RDP 5.2
Microsoft RDP 6.0
Microsoft RDP 6.1
Microsoft Remote Desktop Connection Client for Mac 2
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 Datacenter Edition
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for Itanium-based Systems
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems
Microsoft Windows Server 2008 Standard Edition SP2
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Vista Business
Microsoft Windows Vista Business SP1
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista SP1
Microsoft Windows Vista Ultimate
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Business 64-bit edition
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Vista x64 Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Tablet PC Edition SP2

References

BugTraq: 35971
CVE: CVE-2009-1133

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Microsoft Remote Desktop Client Heap Overflow

Extended Description

Affected Products

References