← Back

CVE-2019-0887

nvd nist
Published: Jul 15, 2019Modified: Jul 7, 2025

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Affected (21)

Microsoft
10 products
Remote Desktop Client
Windows 10
Windows 11 21h2
Windows 7
Windows 8.1
Windows Rt 8.1
Windows Server 2008
Windows Server 2012
Windows Server 2016
Windows Server 2019
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Remote Desktop Client
Before 1.2.2691
Microsoft
Windows 10
All versions
Windows 10
Version 1607
Windows 10
Version 1703
Windows 10
Version 1709
Windows 10
Version 1803
Windows 10
Version 1809
Windows 10
Version 1903
Windows 11 21h2
Version 10.0.22000.376
Windows 7
All versions
Windows 8.1
All versions
Windows Rt 8.1
All versions
Microsoft
Windows Server 2008
All versions
Windows Server 2008
Version r2 sp1
Windows Server 2008
Version r2 sp1
Microsoft
Windows Server 2012
All versions
Windows Server 2012
Version r2
Microsoft
Windows Server 2016
All versions
Windows Server 2016
Version 1803
Windows Server 2016
Version 1903
Windows Server 2019
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (8)

Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Technical DescriptionThird Party Advisory
Source: secure@microsoft.com
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory

Timeline

No history available yet.