Successful exploits will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow vulnerability.Īttackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser. This signature detects attempts to use unsafe ActiveX controls in Microsoft Remote Desktop. HTTP: Microsoft Remote Desktop ActiveX Unsafe Method = "notepad.Microsoft Remote Desktop ActiveX Unsafe Method if MsRdpClient.SecuredSettingsEnabled then Run this script before calling the IMsTscAx::Connect method. The following script launches Microsoft Notepad.exe upon connection. This property specifies how and when to apply Windows key combinations for example, ALT+TAB. This property specifies whether to redirect sounds, or play sounds at the Remote Desktop Session Host (RD Session Host) server. The properties that the IMsRdpClientSecuredSettings interface accesses are the following: Although the use of the FullScreen property is restricted to the Internet Explorer URL security zones listed earlier, a user can always change to full-screen mode after connection by pressing the full-screen mode shortcut key combination (CTRL+ALT+BREAK). If the value of this property is TRUE, the connection will be opened in full-screen mode.
This property specifies whether the state of the control upon connection will be in full-screen or window mode. This property specifies the working directory of the program specified in StartProgram. This property specifies the program that will be started upon connection. The restricted properties that the IMsTscSecuredSettings interface accesses are the following: If you call these restricted properties within your Remote Desktop Services web application, you should call IMsTscAx::get_SecuredSettings and IMsTscAx::get_SecuredSettingsEnabled to access the Secured Settings properties. These restricted properties are accessed using the IMsTscSecuredSettings interface and the IMsRdpClientSecuredSettings interface, and are available in the following Internet Explorer URL security zones:
This means that, when a user browsing the web accesses the page and the page is in a higher URL security zone than the computer they are browsing the web with, these properties are disabled.
To allow clients to protect themselves from potentially untrustworthy servers, some properties of the Remote Desktop ActiveX control object are restricted to specific Internet Explorer URL security zones.
0 kommentar(er)
