Buffer Overflow In Windows Troubleshooter ActiveX Control (826232) Network Vulnerability

Summary

A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.

Solution

see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx

Severity

Classification

CVE CVE-2003-0661

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
Microsoft Windows Digital Signatures Denial of Service Vulnerability (2868626)
Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2813170)
Microsoft Exchange Server Multiple Vulnerabilities (3009712)

Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)

Take action and discover your vulnerabilities