raptor
Oct 26 2003, 09:36 PM
Another vulnerability unpatched for remote attack...
no exploit found yet... (by me at least...)
| CODE |
Microsoft Windows 2000 Buffer Overflow in Windows Troubleshooter ActiveX Control
Secunia Advisory: SA10011
Release Date: 2003-10-15
Last Update: 2003-10-17
Critical: Highly critical
Impact: System access
Where: From remote
OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
CVE reference: CAN-2003-0661
Description:
Microsoft has issued patches to fix a vulnerability in the Windows Trouble Shooter ActiveX Control. This can be exploited by malicious HTML documents like web sites and emails to compromise a user's system.
The vulnerability is caused due to a boundary error in the Windows Trouble Shooter ActiveX Control's "RunQuery2" method. This can be exploited to cause a buffer overflow by supplying an overly long string to the first parameter. The ActiveX control is marked "safe for scripting" allowing any web site to reference it.
Successful exploitation allows execution of arbitrary code on a user's system.
The Windows Trouble Shooter ActiveX Control is installed by default on Windows 2000 systems.
Solution:
Microsoft has issued patches:
The patches are available from WindowsUpdate or from:
Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloa...-D75BA5128EF9&displaylang=en
Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloa...-A2608EC56163&displaylang=en
Reported by / credits:
Greg Jones, KPMG UK
Cesar Cerrudo
Changelog:
2003-10-17: Added details in "Description" section.
Original Advisory:
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS03-042.asp
Other References:
http://support.microsoft.com/default.aspx?kbid=826232
|
