Windows : Microsoft Bulletins : Buffer Overflow in Windows Troubleshooter ActiveX Control (826232, MS03-042)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.11887

Kategorie: Windows : Microsoft Bulletins

Titel: Buffer Overflow in Windows Troubleshooter ActiveX Control (826232, MS03-042)

Zusammenfassung: A security vulnerability exists in the Microsoft Local; Troubleshooter ActiveX control in Windows 2000.

Beschreibung: Summary:
A security vulnerability exists in the Microsoft Local
Troubleshooter ActiveX control in Windows 2000.

Vulnerability Insight:
The vulnerability exists because the ActiveX control
(Tshoot.ocx) contains a buffer overflow.

To exploit this vulnerability, the attacker would have to create a specially formed HTML based
e-mail and send it to the user.

Alternatively an attacker would have to host a malicious Web site that contained a Web page
designed to exploit this vulnerability.

Vulnerability Impact:
This flaw could allow an attacker to run code of their choice on
a user's system.

Affected Software/OS:
Microsoft Windows 2000.

Solution:
The vendor has released updates. Please see the references for
more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2003-0662
BugTraq ID: 8833
http://www.securityfocus.com/bid/8833
http://www.cert.org/advisories/CA-2003-27.html
CERT/CC vulnerability note: VU#989932
http://www.kb.cert.org/vuls/id/989932
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012205.html
Microsoft Security Bulletin: MS03-042
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-042
http://marc.info/?l=ntbugtraq&m=106632192709608&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A237
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0015.html
XForce ISS Database: win2k-local-troubleshooter-bo(13423)
https://exchange.xforce.ibmcloud.com/vulnerabilities/13423

Copyright Copyright (C) 2003 Jeff Adams

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.11887
Kategorie:	Windows : Microsoft Bulletins
Titel:	Buffer Overflow in Windows Troubleshooter ActiveX Control (826232, MS03-042)
Zusammenfassung:	A security vulnerability exists in the Microsoft Local; Troubleshooter ActiveX control in Windows 2000.
Beschreibung:	Summary: A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in Windows 2000. Vulnerability Insight: The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow. To exploit this vulnerability, the attacker would have to create a specially formed HTML based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability. Vulnerability Impact: This flaw could allow an attacker to run code of their choice on a user's system. Affected Software/OS: Microsoft Windows 2000. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0662 BugTraq ID: 8833 http://www.securityfocus.com/bid/8833 http://www.cert.org/advisories/CA-2003-27.html CERT/CC vulnerability note: VU#989932 http://www.kb.cert.org/vuls/id/989932 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012205.html Microsoft Security Bulletin: MS03-042 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-042 http://marc.info/?l=ntbugtraq&m=106632192709608&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A237 http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0015.html XForce ISS Database: win2k-local-troubleshooter-bo(13423) https://exchange.xforce.ibmcloud.com/vulnerabilities/13423
Copyright	Copyright (C) 2003 Jeff Adams