Summary
A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.
Solution
see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx
Severity
Classification
-
CVE CVE-2003-0661 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
- Microsoft Windows Digital Signatures Denial of Service Vulnerability (2868626)
- Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
- Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2813170)
- Microsoft Exchange Server Multiple Vulnerabilities (3009712)