CVE-2005-1794

HIGH

Microsoft Terminal Server <5.2 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1794. PoCs published by InitRoot.

AI-analyzed exploit summary This repository contains a Python-based scanner for CVE-2005-1794, which targets a vulnerability in Microsoft's Remote Desktop Protocol (RDP). The script checks for the presence of the vulnerability by analyzing server certificates and comparing signatures, but it does not include exploit code for achieving remote code execution.

Description

Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.

Exploits (1)

nomisec SCANNER 1 stars
by InitRoot · poc
https://github.com/InitRoot/CVE-2005-1794Scanner

This repository contains a Python-based scanner for CVE-2005-1794, which targets a vulnerability in Microsoft's Remote Desktop Protocol (RDP). The script checks for the presence of the vulnerability by analyzing server certificates and comparing signatures, but it does not include exploit code for achieving remote code execution.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Remote Desktop Protocol (RDP)
No auth needed
Prerequisites: Network access to the target RDP service (port 3389)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15605/
Vendor Advisory x_refsource_misc
http://www.oxid.it/downloads/rdp-gbu.pdf
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13818
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12441

Scores

CVSS v3 7.4
EPSS 0.1619
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (2)
microsoft/remote_desktop_connection 5.1.2600.2180
microsoft/windows_terminal_services_using_rdp 5.2
Published Jun 01, 2005
Tracked Since Feb 18, 2026