CVE-2009-1929

Name of the Vulnerable Software and Affected Versions: Microsoft Terminal Services Client ActiveX control versions 5.2 and 6.1

Description: A heap-based buffer overflow issue exists in the Microsoft Terminal Services Client ActiveX control. This allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods. The issue affects Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2 with RDP 6.1, and Windows XP SP3 with versions 5.2 or 6.1.

Recommendations: For version 5.2, update to a newer version to mitigate the risk. For version 6.1, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the ActiveX control until a patch is available.