VYPR
← All advisories
High severity7.4NVD Advisory· Published Mar 9, 2011· Updated Apr 29, 2026

CVE-2011-0029

CVE-2011-0029

Description

A Trojan horse DLL in the same folder as a .rdp file allows local privilege escalation or remote code execution via Microsoft Remote Desktop Connection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Trojan horse DLL in the same folder as a .rdp file allows local privilege escalation or remote code execution via Microsoft Remote Desktop Connection.

Vulnerability

CVE-2011-0029 is an untrusted search path vulnerability in Microsoft Remote Desktop Connection (RDC) versions 5.2, 6.0, 6.1, and 7.0. When a user opens a legitimate Remote Desktop configuration (.rdp) file, the client loads external libraries by searching the current working directory. If a specially crafted DLL is placed in that directory, it can be loaded instead of a legitimate system library. An attacker must first convince the user to open a .rdp file from an untrusted remote file system location or WebDAV share [1].

Exploitation

To exploit the vulnerability, an attacker hosts a malicious DLL in a network folder or WebDAV share that also contains a legitimate .rdp file. The victim must browse to that location and open the .rdp file. The Remote Desktop client then loads the attacker-supplied DLL from the current working directory rather than from a secure system path. The attack does not require authentication or prior access to the victim system; user interaction is the sole trigger [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the logged-on user. While the vulnerability is initiated locally, the attack can be launched remotely by hosting the malicious files on a network share. The code execution can lead to full compromise of the user's session, including access to files, credentials, and system resources. The CVSS v3 score of 7.4 reflects the high impact on confidentiality, integrity, and availability [1][2].

Mitigation

Microsoft released security bulletin MS11-017 in March 2011, which updates the Remote Desktop Connection client to properly validate library search paths. The update is classified as Important and applies to all affected versions. Users with automatic updating enabled receive the patch automatically; others should manually install it via Microsoft Update. There are no effective workarounds other than applying the update, but users are advised to avoid opening .rdp files from untrusted network locations until patched [1][2].

References
  1. Microsoft Security Bulletin MS11-017 - Important
  2. Microsoft Updates for Multiple Vulnerabilities | CISA

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • Microsoft/Remote Desktop Client4 versions
    cpe:2.3:a:microsoft:remote_desktop_connection_client:5.2:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:remote_desktop_connection_client:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:remote_desktop_connection_client:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:remote_desktop_connection_client:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:remote_desktop_connection_client:7.0:*:*:*:*:*:*:*
  • Microsoft/Windows Server 20032 versions
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows 7
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • Microsoft/Windows Server 20088 versions
    cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 7 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • Microsoft/Windows2 versions
    cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Xp2 versions
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • Microsoft/Remote Desktop Connectionllm-fuzzy
    Range: 5.2, 6.0, 6.1, 7.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.