{"containers": {"cna": {"affected": [{"product": "Multiple", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Multiple"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-08T16:16:08", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "108964", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108964"}, {"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887"}, {"tags": ["x_refsource_MISC"], "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"tags": ["x_refsource_MISC"], "url": "https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0887", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Multiple", "version": {"version_data": [{"version_value": "Multiple"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "108964", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108964"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887"}, {"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", "refsource": "MISC", "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"name": "https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/", "refsource": "MISC", "url": "https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:58:59.592Z"}, "title": "CVE Program Container", "references": [{"name": "108964", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108964"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0887", "datePublished": "2019-07-15T18:56:19", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:58:59.592Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:remote_desktop_client:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B3841E12-6BBD-4608-AFFF-1B54927E757F", "versionEndExcluding": "1.2.2691", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.376:*:*:*:*:*:*:*", "matchCriteriaId": "1436CDC9-CDF1-45B2-8381-B32B3098C4B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Servicios de Escritorio Remoto, anteriormente conocida como Servicios de Terminal, cuando un atacante autenticado viola la redirecci\u00f3n del portapapeles, tambi\u00e9n se conoce como \"Remote Desktop Services Remote Code Execution Vulnerability\"."}], "id": "CVE-2019-0887", "lastModified": "2025-07-07T18:15:34.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-15T19:15:15.797", "references": [{"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108964"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887"}, {"source": "secure@microsoft.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"source": "secure@microsoft.com", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108964"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://research.checkpoint.com/reverse-rdp-the-hyper-v-connection/"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}