CVE-2011-0029

CVE Database · CVE-2011-0029

CVE-2011-0029

· HIGHModified

CVSS v3.1

7.4

EPSS

7.16%

Published

Mar 9, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products (23)

microsoft · remote_desktop_connection_clientvulnerable

microsoft · windows_xp

microsoft · remote_desktop_connection_clientvulnerable

microsoft · windows_2003_servervulnerable

microsoft · windows_server_2003vulnerable

microsoft · windows_xpvulnerable

microsoft · remote_desktop_connection_clientvulnerable

microsoft · windows_7vulnerable

microsoft · windows_server_2008vulnerable