Skip to main content

Remote Desktop Client CVE-2019-0887

HIGH
Path Traversal (CWE-22)
2019-07-15 secure@microsoft.com
8.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 15, 2019 - 19:15 nvd
HIGH 8.0

DescriptionNVD

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

AnalysisAI

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. Affected products include: Microsoft Remote Desktop Client, Microsoft Windows 10, Microsoft Windows 11 21H2, Microsoft Windows 7, Microsoft Windows 8.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2026-42985 HIGH
8.8 Jun 09

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or

CVE-2025-48817 HIGH
8.8 Jul 08

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2024-38131 HIGH
8.8 Aug 13

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2023-29362 HIGH
8.8 Jun 14

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2022-22017 HIGH
8.8 May 10

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2021-34535 HIGH
8.8 Aug 12

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2021-1669 HIGH
8.8 Jan 12

Windows Remote Desktop Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2024-49105 HIGH
8.4 Dec 12

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotel

CVE-2025-27487 HIGH
8.0 Apr 08

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated

CVE-2022-41121 HIGH
7.8 Dec 13

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2026-45639 HIGH
7.5 Jun 09

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to rea

CVE-2026-44801 HIGH
7.5 Jun 09

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RD

Share

CVE-2019-0887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy