CVE-2011-0029

Published: Mar 9, 2011Modified: Apr 29, 2026

7.4

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.4 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

Affected (19)

Products: Microsoft: Remote Desktop Connection Client, Windows 2003 Server, Windows Server 2003, Windows Xp, Windows 7, Windows Server 2008, Windows Vista

Microsoft

7 products

Remote Desktop Connection Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Remote Desktop Connection Client	Version 5.2

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Remote Desktop Connection Client	Version 6.0
Microsoft Windows 2003 Server	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Xp	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Remote Desktop Connection Client	Version 7.0
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2008	Version r2

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Microsoft Remote Desktop Connection Client	Version 6.1
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions