Monday, January 18, 2010

Is not a security bug but… (RDP - mstsc.exe / mstscax.dll crash)

It’s been detected on once of my system (XP SP3 updated to all MS bulletins. One note: the MS09-044 it was related to RDP Client Version 5.0.) this memory exception condition (under investigation) within “mstscax.dll”:


A better view permit to locate the method exposed by ActiveX MSTSCAX.dll where is triggered the issue (CClientHandler::GetAndParseXml(void)):


The ActiveX dll has the following properties:


And the following version:


The function above is called only by two functions as shown:


At this time I don’t think that it’s a security issue that may be triggered from remote but searching by Google i have found a good number of links that reports same problems in older and more recent release of MSTSC (RDP Client):

This search query IMHO may be used for find other possible issues since some link provided by Google are related to developer forums, or at least this kind of queries may give a good starting point for investigate on (potentially bugged) code. A good evidence is given, for example, by the following query:


Note: mshtml.dll is related to CVE-2010-0249.

No comments:

Post a Comment