Buffer Overflow in Windows Troubleshooter ActiveX Control

A vulnerability in Windows 2000 can result in the remote execution of arbitrary code on the vulnerable system under the security context of the logged-on user.

Ken Pfeil

October 16, 2003

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported October 15, 2003, by Microsoft.

VERSIONS AFFECTED

·        Windows 2000

DESCRIPTION

A vulnerability in Windows 2000 can result in the remote execution of arbitrary code on the vulnerable system under the security context of the logged-on user. This vulnerability is a result of a buffer overflow in the Troubleshooter ActiveX control (Tshoot.ocx). Because this control is marked "safe for scripting," an attacker can convince a user to use this control to view a specially crafted HTML page. The control is installed as a default part of the OS.

VENDOR RESPONSE

Microsoft has released security bulletin MS03-042, "Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)," which addresses this vulnerability, and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT

Discovered by Greg Jones ofKPMG UK andCesar Cerrudo.

About the Author

Ken Pfeil

Ken Pfeil

See more from Ken Pfeil
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a gavel at the center of a maze
Regulatory Compliance
Guide To Navigating the Legal Perils After a Cyber IncidentGuide To Navigating the Legal Perils After a Cyber Incident
byIan Horowitz
Sep 20, 2024
7 Min Read
4 different colored figures standing on different sized piles of coins
IT Management
6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists6 Decades After Civil Rights Act, Racial Pay Gap in IT Persists
byJoe Milan
Sep 19, 2024
9 Min Read
skills dial
IT Operations
ERP Skills Outpace AI in 2024 as Demand for IT Strategy SoarsERP Skills Outpace AI in 2024 as Demand for IT Strategy Soars
byNathan Eddy
Sep 23, 2024
7 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

screenshots of PowerShell code fly off of a laptop screen
PowerShell
PowerShell Screen Captures: How To Automate Screenshots in Your ScriptsPowerShell Screen Captures: How To Automate Screenshots in Your Scripts
tablet with "cloud computing" on the screen on top of financial documents and calculator
Cloud Computing
Guide to Cloud Computing ETFsGuide to Cloud Computing ETFs
A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

list of domains within the umbrella category of IT security
IT Security
What Is IT Security? Essentials of IT Security ExplainedWhat Is IT Security? Essentials of IT Security Explained
ITPro Today's tech careers quick reference guide cover
Career Management
Tech Careers: Quick Reference Guide to IT Job TitlesTech Careers: Quick Reference Guide to IT Job Titles