Vulnerability Note VU#183397

Microsoft Windows 2000 System Monitor ActiveX Control contains buffer overflow

Original Release date: 23 May 2002 | Last revised: 23 May 2002

Overview

There is a buffer overflow in the System Monitor ActiveX control that ships with Windows 2000.

Description

The System Monitor ActiveX control (sysmon.ocx) included with Windows 2000 contains a buffer overflow. For more information, see


The class id for this control is C4D2D8E0-D1DD-11CE-940F-008029004347.

Impact

Intruders who can script the control (e.g. by constructing a malicious web page or email message) can execute arbitrary code with the privileges of the victim.

Solution

Apply a patch as described in the Microsoft bulletin.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
MicrosoftAffected-23 May 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Our thanks to Microsoft and Underground Security Systems Research and for the information contained in their advisories.

This document was written by Shawn V. Hernan.

Other Information

  • CVE IDs: CVE-2000-1034
  • Date Public: 02 Nov 2000
  • Date First Published: 23 May 2002
  • Date Last Updated: 23 May 2002
  • Document Revision: 4

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.