Microsoft Security Bulletin MS03-042Buffer Overflow Could Allow Code Execution | |
Download |
Microsoft Security Bulletin MS03-042 Ranking & Summary
Advertisement
- License:
- Update
- Price:
- Free
- Publisher Name:
- By Microsoft
- Operating Systems:
- Windows 2000 SP 2, Windows 2000 SP 4, Windows 2000, Windows 2000 SP 3, Windows
- Additional Requirements:
- Windows 2000 SP 2, 3, 4
- File Size:
- list
- Total Downloads:
- 37
Microsoft Security Bulletin MS03-042 Tags
- execution code execution Buffer Buffer Manager Buffer Sizer DAG Execution package execution video buffer buffer override override buffer Buffer Synth Buffer Fix ASF Buffer vertex buffer buffer overflow text overflow overflow Flush File Buffer Disk Buffer automate execution manage execution buffer overflow protection Stack Overflow Frontend Stack Overflow viewer Stack Overflow browser Stack Overflow buffer repeater Metafile Image Code Execution Prevent Code Execution buffer block read buffer keyboard buffer copy buffer Allocate buffer jitter buffer simulation secure buffer overflow Stack overflow detection buffer designer buffer maker typeahead buffer Flush Buffer buffer length Execution Management code execution time buffer overflow vulnerability execution ennvironment
Microsoft Security Bulletin MS03-042 Description
A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a users system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000. To exploit this vulnerability, the attacker would have to create a specially formed HTMLbased e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability. In the worst case, this vulnerability could allow an attacker to load malicious code onto a user's system and then to execute the code. The code would run in the context of the user. Therefore, the code is limited to any action that the legitimate user could take on the system. Any limitations on the user's account would also limit the actions of any arbitrary code that the attacker could execute. The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met: You have applied the patch included with Microsoft Security bulletin MS03-040 You are using Internet Explorer 6 or later You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.
Microsoft Security Bulletin MS03-042 Related Software