Buffer Overflow In Windows Troubleshooter ActiveX Control (826232) Network Vulnerability

Summary

A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.

Solution

see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx

Severity

Classification

CVE CVE-2003-0661
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)
Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
Microsoft .NET Framework Denial of Service Vulnerability (2990931)
Microsoft Lync Server Information Disclosure Vulnerability (2969258)
Flaw in Certificate Enrollment Control (Q323172)

Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)

Take action and discover your vulnerabilities