Summary
A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.
Solution
see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx
Severity
Classification
-
CVE CVE-2003-0661 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft FrontPage Information Disclosure Vulnerability (2825621)
- Microsoft Windows Media Center Remote Code Execution Vulnerability (2978742)
- Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2778344)
- Microsoft Windows Kernel Information Disclosure Vulnerability (2839229)
- Microsoft Windows SAMR Protocol Security Bypass Vulnerability (2934418)