Summary
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not
encrypt the checksums of plaintext session data,
which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, and
Remote Data Protocol (RDP) version 5.1 in Windows
XP allows remote attackers to cause a denial of
service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command.
Impact of vulnerability: Two vulnerabilities:
information disclosure, denial of service.
Maximum Severity Rating: Moderate.
Recommendation: Administrators of Windows
2000 terminal servers and Windows XP users
who have enabled Remote Desktop should apply
the patch.
Affected Software:
Microsoft Windows 2000
Microsoft Windows XP
Solution
http://www.microsoft.com/technet/security/bulletin/ms02-051.mspx
Severity
Classification
-
CVE CVE-2002-0863, CVE-2002-0864 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)
- Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
- Microsoft SQL Server Report Manager Cross Site Scripting Vulnerability (2754849)
- Exchange 2000 Exhaust CPU Resources (Q320436)