Your RDP Clipboard will get you compromised

Exploit steps

If a client uses the “Copy & Paste” feature over an RDP connection, a malicious RDP server can transparently drop arbitrary files to arbitrary file locations on the client’s computer, limited only by the permissions of the client. For example, drop malicious scripts to the client’s “Startup” folder, and after a reboot they will be executed on his computer, giving full control.

The research

The research was performed by Checkpoint, and they have published a full step by step article which explains how it is possible to exploit the RDP sessions via clipboards.