Alert: Microsoft Security Bulletin MS03-042 - Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/21/03
- Previous message: Russ: "Alert: Microsoft Security Bulletin MS03-041 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Oct 2003 17:17:45 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-042.asp
Summary:
Version Number: V1.0
Revision Date: 10-15-2003
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: None
Caveats: None
CVE Number(s): CAN-2003-0662
Tested Software:
Affected Software:
* Microsoft Windows 2000, Service Pack 2
<http://www.ntbugtraq.com/link/48D16574-9B17-463B-A5D2-D75BA5128EF9.asp>
* Microsoft Windows 2000, Service Pack 3, Service Pack 4
<http://www.ntbugtraq.com/link/FC1FD84B-B3A4-43F5-804B-A2608EC56163.asp>
Software Not Affected:
* Microsoft Windows NT 4.0
* Microsoft Windows NT Server 4.0, Terminal Server Edition
* Microsoft Windows Millennium Edition
* Microsoft Windows XP
* Microsoft Windows Server 2003
Technical Description:
A security vulnerability exists in the Microsoft Local Troubleshooter
ActiveX control. The vulnerability exists because the ActiveX control
(Tshoot.ocx) contains a buffer overflow that could allow an attacker to
run code of their choice on a user's system. Because this control is
marked "safe for scripting", an attacker could exploit this
vulnerability by convincing a user to view a specially crafted HTML page
that references this ActiveX control. The Microsoft Local Troubleshooter
ActiveX control is installed as a default part of the operating system
on Windows 2000. To exploit this vulnerability, the attacker would have
to create a specially formed HTML-based e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site that
contained a Web page designed to exploit this vulnerability. In the
worst case, this vulnerability could allow an attacker to load malicious
code onto a user's system and then to execute the code. The code would
run in the context of the user. Therefore, the code is limited to any
action that the legitimate user could take on the system. Any
limitations on the user's account would also limit the actions of any
arbitrary code that the attacker could execute. The risk of attack from
the HTML email vector can be significantly reduced if the following
conditions are met:
* You have applied the patch included with Microsoft Security bulletin
MS03-040
* You are using Internet Explorer 6 or later
* You are using the Microsoft Outlook Email Security Update or
Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or
higher in their default configuration.
This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, *** covering, and bureaucracy are threatening to derail any
chance of making progress.
-----
