![]() ![]() The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability. Some extensions also mimic more well-known and trusted ones (AdBlock, etc.) Alert MessageīROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt Rule Explanation This can be similar to a Potentially Unwanted Application, as valuable data and network access is often allowed on a phone or browser without proper investigation. ![]() Attackers have refined techniques to smuggle extensions into the Chrome Web Store, which they can then modify remotely once downloaded to add or activate malicious or spyware features. consisting of an ActiveX control and a sample connection page. BROWSER-PLUGINS - Snort has detected suspicious browser plugin traffic, likely targeting the ActiveX plugin in Internet Explorer, though this could apply to any browser. I tried already to put Microsoft Remote Desktop into the Exception list via Diagnostiv.
0 Comments
Leave a Reply. |