RCE in Microsoft Windows_xp

CVE-2012-2526

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.575 (98.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

MS12-053 (x_refsource_MS, vendor-advisory)
oval:org.mitre.oval:def:15650 (x_refsource_OVAL, signature, vdb-entry)
TA12-227A (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)