CVE-2012-0002

Name of the Vulnerable Software and Affected Versions Windows Embedded Standard 2009 Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2, R2, and R2 SP1 Microsoft Windows 7 Gold and SP1

Description A remote code execution issue exists in the way the Remote Desktop Protocol accesses an object in memory that has been improperly initialized or has been deleted. This allows remote attackers to execute arbitrary code by sending crafted RDP packets, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. The vulnerability is related to the rdpwd.sys driver in Windows Embedded Standard 2009, which incorrectly handles dynamic memory allocation.

Recommendations For Windows Embedded Standard 2009, consider disabling the rdpwd.sys driver as a temporary workaround until a patch is available. For Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability in some of the affected products, so users should be cautious when using Remote Desktop Protocol.