#rce

Use after free in vhdmp.sys allows an authorized attacker to execute code over a network.

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Microsoft Windows Codecs Library allows an authorized attacker to execute code locally.

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.