#Security Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to execute code locally.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing the file could trigger this vulnerability.

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.