Summary
A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.
Solution
see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx
Severity
Classification
-
CVE CVE-2003-0661 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- ASP.NET MVC Security Feature Bypass Vulnerability (2990942)
- Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
- Microsoft Windows Search Script Execution Vulnerability (963093)
- Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)
- Microsoft Windows Active Directory Denial of Service Vulnerability (2830914)