| VID |
26062 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix(KB826232) for the 'Buffer Overflow in Windows Troubleshooter ActiveX Control' has not been applied. A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability results because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system.
To exploit this vulnerability, the attacker would have to create a specially formed HTML-based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability. In the worst case, this vulnerability could allow an attacker to load malicious code onto a user's system and then to execute the code.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-042.asp
* Platforms Affected:
Windows 2000 SP4 and earlier |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-042 at http://www.microsoft.com/technet/security/bulletin/ms03-042.asp
1. Open the following page to download the patch:
For Microsoft Windows 2000, Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=48D16574-9B17-463B-A5D2-D75BA5128EF9
For Microsoft Windows 2000, Service Pack 3, Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FC1FD84B-B3A4-43F5-804B-A2608EC56163
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
5. Restart your system to complete the installation.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com .
Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0661 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
