|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Alert: Microsoft Security Bulletin MS03-042 - Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
From: Russ (Russ.Cooper
RC.ON.CA)
Date: Wed Oct 15 2003 - 18:37:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-042.asp
Summary:
Version Number: V1.0
Revision Date: 10-15-2003
Patch(es) Replaced: None
Caveats: None
CVE Number(s): CAN-2003-0661
Tested Software:
Affected Software:
* Microsoft Windows 2000, Service Pack 2
* Microsoft Windows 2000, Service Pack 3, Service Pack 4
Software Not Affected:
* Microsoft Windows NT 4.0
* Microsoft Windows NT Server 4.0, Terminal Server Edition
* Microsoft Windows Millennium Edition
* Microsoft Windows XP
* Microsoft Windows Server 2003
Technical Description:
A security vulnerability exists in the Microsoft Local Troubleshooter
ActiveX control. The vulnerability exists because the ActiveX control
(Tshoot.ocx) contains a buffer overflow that could allow an attacker to
run code of their choice on a user's system. Because this control is
marked "safe for scripting", an attacker could exploit this
vulnerability by convincing a user to view a specially crafted HTML page
that references this ActiveX control. The Microsoft Local Troubleshooter
ActiveX control is installed as a default part of the operating system
on Windows 2000. To exploit this vulnerability, the attacker would have
to create a specially formed HTML-based e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site that
contained a Web page designed to exploit this vulnerability. In the
worst case, this vulnerability could allow an attacker to load malicious
code onto a user's system and then to execute the code. The code would
run in the context of the user. Therefore, the code is limited to any
action that the legitimate user could take on the system. Any
limitations on the user's account would also limit the actions of any
arbitrary code that the attacker could execute. The risk of attack from
the HTML email vector can be significantly reduced if the following
conditions are met:
* You have applied the patch included with Microsoft Security bulletin
MS03-040
* You are using Internet Explorer 6 or later
* You are using the Microsoft Outlook Email Security Update or
Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or
higher in their default configuration.
This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]