CVE-2013-1296

CVE Database · CVE-2013-1296

CVE-2013-1296

· N/AModified

CVSS v3.1

N/A

EPSS

20.66%

Published

Apr 9, 2013

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."

Weaknesses (CWE)

CWE-94

Affected Products (2)

microsoft · remote_desktop_connectionvulnerable

References (6)

http://www.us-cert.gov/ncas/alerts/TA13-100A

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-029

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16598

http://www.us-cert.gov/ncas/alerts/TA13-100A

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-029

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16598

KEV Catalog EPSS Scores Vendors All CVEs