CVE-2013-1296

Name of the Vulnerable Software and Affected Versions Microsoft Remote Desktop Connection Client versions 6.1 through 7.0

Description The issue arises from the Remote Desktop ActiveX control in mstscax.dll, which fails to properly handle objects in memory. This allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object. Additionally, it enables remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object.

Recommendations For Microsoft Remote Desktop Connection Client versions 6.1 through 7.0, consider disabling the Remote Desktop ActiveX control as a temporary workaround until a patch is available. Restrict access to web pages that could potentially trigger the vulnerability to minimize the risk of exploitation.