Summary
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not
encrypt the checksums of plaintext session data,
which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, and
Remote Data Protocol (RDP) version 5.1 in Windows
XP allows remote attackers to cause a denial of
service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command.
Impact of vulnerability: Two vulnerabilities:
information disclosure, denial of service.
Maximum Severity Rating: Moderate.
Recommendation: Administrators of Windows
2000 terminal servers and Windows XP users
who have enabled Remote Desktop should apply
the patch.
Affected Software:
Microsoft Windows 2000
Microsoft Windows XP
Solution
http://www.microsoft.com/technet/security/bulletin/ms02-051.mspx
Severity
Classification
-
CVE CVE-2002-0863, CVE-2002-0864 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
- Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)
- Microsoft .NET Framework Security Bypass Vulnerability (2984625)
- Microsoft Windows Active Directory Denial of Service Vulnerability (2853587)
- Microsoft Client/Server Run-time Subsystem Privilege Elevation Vulnerability (978037)