目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2019-0708— Microsoft Remote Desktop Services 资源管理错误漏洞

KEV · ランサムウェア EPSS 94.45% · P100
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2019-0708の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Microsoft Remote Desktop Services 资源管理错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Remote Desktop Services是其中的一个远程桌面服务组件。 Microsoft Remote Desktop Services中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源(如内存、磁盘空间、文件等)的管理不当。以下
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

Shenlong 10 Questions — AI 深度分析

十问解析:根本原因、利用方式、修复建议、紧迫性。摘要免费,完整版需登录。

查看摘要 完整分析(登录)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
MicrosoftWindows 7 for 32-bit Systems Service Pack 1 -
MicrosoftWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Core installation) -

II. CVE-2019-0708の公開POC

#POC説明ソースリンクShenlongリンク
1proof of concept exploit for Microsoft Windows 7 and Server 2008 RDP vulnerabilityhttps://github.com/hook-s3c/CVE-2019-0708-pocPOC詳細
2A Win7 RDP exploithttps://github.com/SherlockSec/CVE-2019-0708POC詳細
3CVE-2019-0708https://github.com/yetiddbb/CVE-2019-0708-PoCPOC詳細
4CVE-2019-0708-exploithttps://github.com/p0p0p0/CVE-2019-0708-exploitPOC詳細
5Using CVE-2019-0708 to Locally Promote Privileges in Windows 10 Systemhttps://github.com/rockmelodies/CVE-2019-0708-ExploitPOC詳細
6CVE-2019-0708 exphttps://github.com/anquanscan/CVE-2019-0708POC詳細
7Dark Net Sunset New Release CVE-2019-0708https://github.com/xiyangzuishuai/Dark-Network-CVE-2019-0708POC詳細
8CVE-2019-0708https://github.com/temp-user-2014/CVE-2019-0708POC詳細
9Proof of concept exploit for CVE-2019-0708https://github.com/areusecure/CVE-2019-0708POC詳細
10Testing my new bot outhttps://github.com/pry0cc/cve-2019-0708-2POC詳細
11POCexp:https://pan.baidu.com/s/184gN1tJVIOYqOjaezM_VsA 提取码:e2k8 https://github.com/sbkcbig/CVE-2019-0708-EXPloitPOC詳細
12EXPloit-poc: https://pan.baidu.com/s/184gN1tJVIOYqOjaezM_VsA 提取码:e2k8https://github.com/sbkcbig/CVE-2019-0708-EXPloit-3389POC詳細
13CVE-2019-0708https://github.com/YSheldon/MS_T120POC詳細
143389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)https://github.com/k8gege/CVE-2019-0708POC詳細
15exploit CVE-2019-0708 RDShttps://github.com/hotdog777714/RDS_CVE-2019-0708POC詳細
16RDP POChttps://github.com/jiansiting/CVE-2019-0708POC詳細
17PoC exploit for BlueKeep (CVE-2019-0708)https://github.com/NullByteSuiteDevs/CVE-2019-0708POC詳細
18sup pry0cc :3https://github.com/thugcrowd/CVE-2019-0708POC詳細
19CVE-2019-0708https://github.com/blacksunwen/CVE-2019-0708POC詳細
20Nonehttps://github.com/infenet/CVE-2019-0708POC詳細
21Totally legitimatehttps://github.com/n0auth/CVE-2019-0708POC詳細
22Nonehttps://github.com/gildaaa/CVE-2019-0708POC詳細
23CVE-2019-0708 EXPloit-poc 漏洞描述 微软官方紧急发布安全补丁,修复了一个Windows远程桌面服务的远程代码执行漏洞CVE-2019-0708,该漏洞影响了某些旧版本的Windows系统。此漏洞是预身份验证,无需用户交互。当未经身份验证的攻击者使用RDP(常见端口3389)连接到目标系统并发送特制请求时,可以在目标系统上执行任意命令。甚至传播恶意蠕虫,感染内网其他机器。类似于2017年爆发的WannaCry等恶意勒索软件病毒。 漏洞评级 CVE-2019-0708 严重 安全建议 1、针对Windows 7及Windows Server 2008的用户,及时安装官方安全补丁:https://www.catalog.update.microsoft.com/Search.aspx?q=KB4499175 2、针对Windows 2003及Windows XP的用户,及时更新系统版本或安装官方补丁:https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708 CVE-2019-0708 EXPloit-poc 影响版本 Windows7 XP Windows 2003 Windows Server 2008 Windows Server 2008 R2 EXPloit-poc: https://pan.baidu.com/s/184gN1tJVIOYqOjaezM_VsA 提取码:e2k8https://github.com/sbkcbig/CVE-2019-0708-Poc-exploitPOC詳細
24Nonehttps://github.com/HackerJ0e/CVE-2019-0708POC詳細
25PoC about CVE-2019-0708 (RDP; Windows 7, Windows Server 2003, Windows Server 2008) https://github.com/syriusbughunt/CVE-2019-0708POC詳細
26A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.https://github.com/Barry-McCockiner/CVE-2019-0708POC詳細
27A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.https://github.com/ShadowBrokers-ExploitLeak/CVE-2019-0708POC詳細
28CVE-2019-0708 demohttps://github.com/safly/CVE-2019-0708POC詳細
29Nonehttps://github.com/Jaky5155/cve-2019-0708-expPOC詳細
30Powershell script to run and determine if a specific device has been patched for CVE-2019-0708. This checks to see if the termdd.sys file has been updated appropriate and is at a version level at or greater than the versions released in the 5/14/19 patches.https://github.com/fourtwizzy/CVE-2019-0708-Check-Device-Patch-StatusPOC詳細
31POC for CVE-2019-0708https://github.com/303sec/CVE-2019-0708POC詳細
32PoC for CVE-2019-0708https://github.com/f8al/CVE-2019-0708-POCPOC詳細
33CVE-2019-0708漏洞MSF批量巡检插件https://github.com/blockchainguard/CVE-2019-0708POC詳細
34LOLhttps://github.com/yushiro/CVE-2019-0708POC詳細
35It's only hitting vulnerable path in termdd.sys!!! NOT DOShttps://github.com/skyshell20082008/CVE-2019-0708-PoC-Hitting-PathPOC詳細
36Announces fraudhttps://github.com/ttsite/CVE-2019-0708-POC詳細
37Report fraudhttps://github.com/ttsite/CVE-2019-0708POC詳細
38CVE-2019-0708 远程代码执行漏洞批量检测https://github.com/biggerwing/CVE-2019-0708-pocPOC詳細
39dumphttps://github.com/n1xbyte/CVE-2019-0708POC詳細
40High level exploithttps://github.com/freeide/CVE-2019-0708POC詳細
41根据360的程序,整的CVE-2019-0708批量检测https://github.com/edvacco/CVE-2019-0708-POCPOC詳細
42My bot (badly written) to search and monitor cve-2019-0708 repositories https://github.com/pry0cc/BlueKeepTrackerPOC詳細
43Nonehttps://github.com/zjw88282740/CVE-2019-0708-win7POC詳細
44Scanner PoC for CVE-2019-0708 RDP RCE vulnhttps://github.com/victor0013/CVE-2019-0708POC詳細
45根据360Vulcan Team开发的CVE-2019-0708单个IP检测工具构造了个批量检测脚本而已https://github.com/herhe/CVE-2019-0708pocPOC詳細
46cve-2019-0708 vulnerablility scannerhttps://github.com/l9c/rdp0708scannerPOC詳細
47Nonehttps://github.com/major203/cve-2019-0708-scanPOC詳細
48Check vuln CVE 2019-0708https://github.com/SugiB3o/Check-vuln-CVE-2019-0708POC詳細
49Goby support CVE-2019-0708 "BlueKeep" vulnerability checkhttps://github.com/gobysec/CVE-2019-0708POC詳細
50Working proof of concept for CVE-2019-0708, spawns remote shell.https://github.com/smallFunction/CVE-2019-0708-POCPOC詳細
51CVE-2019-0708 PoC Exploithttps://github.com/freeide/CVE-2019-0708-PoC-ExploitPOC詳細
52A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.https://github.com/robertdavidgraham/rdpscanPOC詳細
53cve-2019-0708 poc .https://github.com/closethe/CVE-2019-0708-POCPOC詳細
5450 first stargazers will get get the tool via emailhttps://github.com/SQLDebugger/CVE-2019-0708-ToolPOC詳細
55CVE-2019-0708https://github.com/Rostelecom-CERT/bluekeepscanPOC詳細
56Only Hitting PoC [Tested on Windows Server 2008 r2]https://github.com/Leoid/CVE-2019-0708POC詳細
57基于360公开的无损检测工具的可直接在windows上运行的批量检测程序https://github.com/ht0Ruial/CVE-2019-0708Poc-BatchScanningPOC詳細
58CVE-2019-0708 bluekeep 漏洞检测https://github.com/oneoy/BlueKeepPOC詳細
59Nonehttps://github.com/infiniti-team/CVE-2019-0708POC詳細
60Nonehttps://github.com/haishanzheng/CVE-2019-0708-generate-hostsPOC詳細
61Proof of concept for CVE-2019-0708https://github.com/Ekultek/BlueKeepPOC詳細
62CVE-2019-0708https://github.com/UraSecTeam/CVE-2019-0708POC詳細
63A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability. https://github.com/Gh0st0ne/rdpscan-BlueKeepPOC詳細
64An Attempt to Port BlueKeep PoC from @Ekultek to actual exploitshttps://github.com/algo7/bluekeep_CVE-2019-0708_poc_to_exploitPOC詳細
65Nonehttps://github.com/JasonLOU/CVE-2019-0708POC詳細
66CVE-2019-0708批量蓝屏恶搞https://github.com/AdministratorGithub/CVE-2019-0708POC詳細
67CVE-2019-0708 - BlueKeep (RDP)https://github.com/umarfarook882/CVE-2019-0708POC詳細
68Python script to detect bluekeep vulnerability (CVE-2019-0708) with TLS/SSL and x509 supporthttps://github.com/HynekPetrak/detect_bluekeep.pyPOC詳細
69CVE-2019-0708批量检测https://github.com/Pa55w0rd/CVE-2019-0708POC詳細
70CVE-2019-0708-PoC It is a semi-functional exploit capable of remotely accessing a Windows computer by exploiting the aforementioned vulnerability, this repository also contains notes on how to complete the attack.https://github.com/at0mik/CVE-2019-0708-PoCPOC詳細
71CVE-2019-0708-Msf-验证https://github.com/cream-sec/CVE-2019-0708-Msf--POC詳細
72蓝屏pochttps://github.com/ZhaoYukai/CVE-2019-0708POC詳細
73改写某大佬写的0708蓝屏脚本 改为网段批量蓝屏https://github.com/ZhaoYukai/CVE-2019-0708-Batch-Blue-ScreenPOC詳細
74Nonehttps://github.com/wdfcc/CVE-2019-0708POC詳細
75POC CVE-2019-0708 with python script!https://github.com/cvencoder/cve-2019-0708POC詳細
76Nonehttps://github.com/ze0r/CVE-2019-0708-expPOC詳細
77Metasploit module for massive Denial of Service using #Bluekeep vector.https://github.com/mekhalleh/cve-2019-0708POC詳細
78CVE-2019-0708 Exploit Toolhttps://github.com/cve-2019-0708-poc/cve-2019-0708POC詳細
79Scanner PoC for CVE-2019-0708 RDP RCE vulnhttps://github.com/andripwn/CVE-2019-0708POC詳細
80Public work for CVE-2019-0708https://github.com/0xeb-bp/bluekeepPOC詳細
81收集网上CVE-2018-0708的poc和exp(目前没有找到exp)https://github.com/ntkernel0/CVE-2019-0708POC詳細
82rce exploit , made to work with pocsuite3https://github.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-POC詳細
83Research Regarding CVE-2019-0708.https://github.com/turingcompl33t/bluekeepPOC詳細
84Nonehttps://github.com/fade-vivida/CVE-2019-0708-testPOC詳細
85CVE-2019-0708 BlueKeep漏洞批量扫描工具和POC,暂时只有蓝屏。https://github.com/skommando/CVE-2019-0708POC詳細
86Metasploit module for CVE-2019-0708 (BlueKeep) - https://github.com/rapid7/metasploit-framework/tree/5a0119b04309c8e61b44763ac08811cd3ecbbf8d/modules/exploits/windows/rdphttps://github.com/RickGeex/msf-module-CVE-2019-0708POC詳細
87initial exploit for CVE-2019-0708, BlueKeep CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.https://github.com/wqsemc/CVE-2019-0708POC詳細
88CVE-2019-0708RDP MSFhttps://github.com/Micr067/CVE-2019-0708RDP-MSFPOC詳細
89CVE-2019-0708 With Metasploit-Framework Exploithttps://github.com/FrostsaberX/CVE-2019-0708POC詳細
90CVE-2019-0708 RCE远程代码执行getshell教程https://github.com/0x6b7966/CVE-2019-0708-RCEPOC詳細
91CVE-2019-0708-EXP(MSF) Vulnerability exploit program for cve-2019-0708https://github.com/qing-root/CVE-2019-0708-EXP-MSF-POC詳細
92Nonehttps://github.com/distance-vector/CVE-2019-0708POC詳細
93CVE-2019-0708 C#验证漏洞https://github.com/0xFlag/CVE-2019-0708-testPOC詳細
94Nonehttps://github.com/1aa87148377/CVE-2019-0708POC詳細
95it works on xp (all version sp2 sp3)https://github.com/coolboy4me/cve-2019-0708_bluekeep_rcePOC詳細
96ispy V1.0 - Eternalblue(ms17-010)/Bluekeep(CVE-2019-0708) Scanner and exploit ( Metasploit automation )https://github.com/Cyb0r9/ispyPOC詳細
97CVE-2019-0708https://github.com/lwtz/CVE-2019-0708POC詳細
98Nonehttps://github.com/ulisesrc/-2-CVE-2019-0708POC詳細
99CVE-2019-0708 (BlueKeep)https://github.com/worawit/CVE-2019-0708POC詳細
100Mass exploit for CVE-2019-0708https://github.com/Ameg-yag/WincrashPOC詳細
101CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shellhttps://github.com/cbwang505/CVE-2019-0708-EXP-WindowsPOC詳細
102这篇文章将分享Windows远程桌面服务漏洞(CVE-2019-0708),并详细讲解该漏洞及防御措施。作者作为网络安全的小白,分享一些自学基础教程给大家,主要是关于安全工具和实践操作的在线笔记,希望您们喜欢。同时,更希望您能与我一起操作和进步,后续将深入学习网络安全和系统安全知识并分享相关实验。总之,希望该系列文章对博友有所帮助,写文不易,大神们不喜勿喷,谢谢!https://github.com/eastmountyxz/CVE-2019-0708-WindowsPOC詳細
103CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7https://github.com/RICSecLab/CVE-2019-0708POC詳細
104Scanner CVE-2019-0708https://github.com/JSec1337/Scanner-CVE-2019-0708POC詳細
105vulnerabilidad CVE-2019-0708 testing y explotacion https://github.com/nochemax/bLuEkEeP-GUIPOC詳細
106Nonehttps://github.com/AaronCaiii/CVE-2019-0708-POCPOC詳細
107Scan through given ip listhttps://github.com/DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-ExploitPOC詳細
108Nonehttps://github.com/go-bi/CVE-2019-0708-EXP-WindowsPOC詳細
109POC-CVE-2019-0708https://github.com/CircuitSoul/CVE-2019-0708POC詳細
110Nonehttps://github.com/pywc/CVE-2019-0708POC詳細
111Nonehttps://github.com/bibo318/kali-CVE-2019-0708-labPOC詳細
112Nonehttps://github.com/lisinan988/CVE-2019-0708-scanPOC詳細
113CVE-2019-0708 DOS RDPhttps://github.com/5l1v3r1/CVE-2019-0708-DOSPOC詳細
114Nonehttps://github.com/offensity/CVE-2019-0708POC詳細
115MS CVE 2019-0708 Python Exploithttps://github.com/CPT-Jack-A-Castle/Haruster-CVE-2019-0708-ExploitPOC詳細
116CVE-2019-0708, A tool which mass hunts for bluekeep vulnerability for exploitation.https://github.com/Ravaan21/Bluekeep-HunterPOC詳細
117Checker and exploit for Bluekeep CVE-2019-0708 vulnerabilityhttps://github.com/davidfortytwo/bluekeepPOC詳細
118a simple tool to detect the exploitation of BlueKeep vulnerability (CVE-2019-0708)https://github.com/tranqtruong/Detect-BlueKeepPOC詳細
119CVE-2019-0708 Exploit With 100% Success Ratio You Can Pay a reasonable Price for my hard Time Gone For this exploit https://github.com/jdouglas12a/CVE-2019-0708POC詳細
120Nonehttps://github.com/rasan2001/CVE-2019-0708POC詳細
121Nonehttps://github.com/adyanamul/Remote-Code-Execution-RCE-Exploit-BlueKeep-CVE-2019-0708-PoCPOC詳細
122Nonehttps://github.com/rasan2001/Microsoft-Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708POC詳細
123CVE Exploitation Reports: CVE-2007-3280, CVE-2017-0144, CVE-2019-0708https://github.com/DenuwanJayasekara/CVE-Exploitation-ReportsPOC詳細
124Nonehttps://github.com/hualy13/CVE-2019-0708-CheckPOC詳細
125Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Windows%20%E8%BF%9C%E7%A8%8B%E6%A1%8C%E9%9D%A2%E6%9C%8D%E5%8A%A1%E6%BC%8F%E6%B4%9E%20CVE-2019-0708.mdPOC詳細
126Nonehttps://github.com/isabelacostaz/CVE-2019-0708-POCPOC詳細
127CVE Exploitation Reports: CVE-2007-3280, CVE-2017-0144, CVE-2019-0708https://github.com/denuwanjayasekara/CVE-Exploitation-ReportsPOC詳細
128A hands-on Windows 7 lab designed to demonstrate the real-world impact of the BlueKeep (CVE-2019-0708) vulnerability through practical exploitation and security analysis.https://github.com/GopeshKachhadiya/Windows-2POC詳細
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2019-0708のインテリジェンス情報

お願いします ログイン より多くのインテリジェンス情報を見る

Same Patch Batch · Microsoft · 2019-05-16 · 79 CVEs total

CVE-2019-0927Microsoft Edge和ChakraCore 缓冲区错误漏洞
CVE-2019-0929Microsoft Internet Explorer 缓冲区错误漏洞
CVE-2019-0893Microsoft Windows Jet Database Engine 缓冲区错误漏洞
CVE-2019-0931Microsoft Windows Storage Service 权限许可和访问控制问题漏洞
CVE-2019-0932Microsoft Skype for Android 信息泄露漏洞
CVE-2019-0930Microsoft Internet Explorer 信息泄露漏洞
CVE-2019-0926Microsoft Edge 缓冲区错误漏洞
CVE-2019-0925Microsoft Edge和ChakraCore 缓冲区错误漏洞
CVE-2019-0924Microsoft Edge和ChakraCore 缓冲区错误漏洞
CVE-2019-0923Microsoft Edge 缓冲区错误漏洞
CVE-2019-0872Microsoft Team Foundation Server和Microsoft Azure DevOps Server 跨站脚本漏洞
CVE-2019-0881Microsoft Windows Kernel 权限许可和访问控制问题漏洞
CVE-2019-0882Microsoft Windows Graphics Device Interface 信息泄露漏洞
CVE-2019-0884Microsoft Edge和Internet Explorer 缓冲区错误漏洞
CVE-2019-0885Microsoft Windows OLE 输入验证错误漏洞
CVE-2019-0886Microsoft Windows Hyper-V 输入验证错误漏洞
CVE-2019-0889Microsoft Windows Jet Database Engine 缓冲区错误漏洞
CVE-2019-0890Microsoft Windows Jet Database Engine 缓冲区错误漏洞
CVE-2019-0891Microsoft Windows Jet Database Engine 缓冲区错误漏洞
CVE-2019-0892Microsoft win32k 权限许可和访问控制问题漏洞

Showing 20 of 79 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Windows
同じベンダー: Microsoft

V. CVE-2019-0708へのコメント

匿名ユーザー
2026-01-15 06:09:08

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

コメントを残す