| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
| Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. |
| Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally. |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. |
| Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. |
| Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. |
| Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. |
| Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information. |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability |
