Summary
A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.
Solution
see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx
Severity
Classification
-
CVE CVE-2003-0661 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
- Microsoft .NET Framework Denial of Service Vulnerability (2990931)
- Microsoft Lync Server Information Disclosure Vulnerability (2969258)
- Flaw in Certificate Enrollment Control (Q323172)