A connection manager in the Windows Remote Access feature on Windows 7 and Windows 2008 R2 allows remote attackers to eleviate privileges due to the lack of adequate validation of user credentials. A remote attacker can exploit this vulnerability to execute arbitrary code as a standard user.
In addition, this connection manager could be exploited to corrupt memory and execute arbitrary code as an administrator.
An attacker can exploit this vulnerability by sending a maliciously crafted packet to a targeted client.
An attacker can exploit this vulnerability by sending a maliciously crafted packet to a targeted client.
Microsoft received information about this vulnerability from the community. As a result, they released a security update.
Microsoft received information about this vulnerability from the community. As a result, they released a security update.
Microsoft received information about this vulnerability from the community. As a result, they released a security update.
Microsoft received information about this vulnerability from the community. As a result, they released a security update.
Due to the critical severity of the vulnerability, Microsoft assigned it the CVE ID of CVE-2001-2216.
An attacker can exploit this vulnerability by sending a maliciously crafted packet to a targeted client.
An attacker can exploit this vulnerability by sending a maliciously crafted packet to a targeted client.
Microsoft Edge and Internet Explorer
Microsoft Edge is a web browsing application that Microsoft has developed for Windows 10. It was released on October 26, 2015.
Microsoft Edge is a web browsing application that Microsoft has developed for Windows 10. It was released on October 26, 2015.
Microsoft Edge is a web browsing application that Microsoft has developed for Windows 10. It was released on October 26, 2015.
Daesh - An Example of Connectivity Vulnerability
A connection manager in the Windows Remote Access feature on Windows 7 and Windows 2008 R2 allows remote attackers to eleviate privileges due to the lack of adequate validation of user credentials. A remote attacker can exploit this vulnerability to execute arbitrary code as a standard user.
In addition, this connection manager could be exploited to corrupt memory and execute arbitrary code as an administrator.
An attacker can exploit this vulnerability by sending a maliciously crafted packet to a targeted client.
Microsoft released security updates for this vulnerability
Microsoft released security updates for this vulnerability. As a result, they released a security update.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC