Buffer Overflow In Windows Troubleshooter ActiveX Control (826232) Network Vulnerability

Summary

A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.

Solution

see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx

Severity

Classification

CVE CVE-2003-0661

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

ASP.NET MVC Security Feature Bypass Vulnerability (2990942)
Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
Microsoft Windows Search Script Execution Vulnerability (963093)
Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)
Microsoft Windows Active Directory Denial of Service Vulnerability (2830914)

Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)

Take action and discover your vulnerabilities