Vulnerability Note VU#989932
Microsoft contains a buffer overflow in the Local Troubleshooter ActiveX control (Tshoot.ocx)
Microsoft Windows ships with a troubleshooting application to assist users with problems. A vulnerability in this application may permit a remote attacker to execute arbitrary code with the privileges of the current user.
Microsoft Windows 2000 ships with an ActiveX control (Tshoot.ocx) that is a troubleshooting application to assist users with various system problems. A buffer overflow vulnerability exists in this control that may permit a remote attacker to execute arbitrary code with the privileges of the current user. Since this control is marked Safe for Scripting, a remote attacker who could trick the victim into viewing a crafted HTML web site, or HTML-based email message may be able to exploit this vulnerability.
It should be noted that the Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000.
Exploitation of this vulnerability could lead to the arbitrary execution of code with the privileges of the current user.
Microsoft has released patches in MS03-042 and Knowledgebase Article 826232 to address this issue. Apply the patches as appropriate.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||16 Oct 2003|
CVSS Metrics (Learn More)
This vulnerability was reported in a Microsoft Security Bulletin.
This document was written by Jason A Rafail and is based on MS03-042.
- CVE IDs: CAN-2003-0661
- Date Public: 15 Oct 2003
- Date First Published: 16 Oct 2003
- Date Last Updated: 16 Oct 2003
- Severity Metric: 25.31
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.