Signature Detail

HTTP: Internet Explorer: Local Troubleshooter Query Overflow

This signature detects attempts to exploit a known vulnerability against an ActiveX control in Microsoft Outlook. The Local Troubleshooter ActiveX control has inadequate bounds for checking for its Query function; this exploit bypasses normal Outlook/IE ActiveX security controls. Attackers can create a malicious Web site that contains a call to this ActiveX control; this call contains an overly long string that overflows the control buffer, enabling the attacker to gain control of the target system with user privileges.

Extended Description

Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.

Affected Products

• Microsoft windows_2000 (:advanced_server)
• Microsoft windows_2000 (:datacenter_server)
• Microsoft windows_2000 (:professional)
• Microsoft windows_2000 (:server)
• Microsoft windows_2000 (sp1)
• Microsoft windows_2000 (sp1:advanced_server)
• Microsoft windows_2000 (sp1:datacenter_server)
• Microsoft windows_2000 (sp1:professional)
• Microsoft windows_2000 (sp1:server)
• Microsoft windows_2000 (sp2)
• Microsoft windows_2000 (sp2:advanced_server)
• Microsoft windows_2000 (sp2:datacenter_server)
• Microsoft windows_2000 (sp2:professional)
• Microsoft windows_2000 (sp2:server)
• Microsoft windows_2000 (sp3)
• Microsoft windows_2000 (sp3:advanced_server)
• Microsoft windows_2000 (sp3:datacenter_server)
• Microsoft windows_2000 (sp3:professional)
• Microsoft windows_2000 (sp3:server)
• Microsoft windows_2000 (sp4)
• Microsoft windows_2000 (sp4:advanced_server)
• Microsoft windows_2000 (sp4:datacenter_server)
• Microsoft windows_2000 (sp4:professional)
• Microsoft windows_2000 (sp4:server)

References

• BugTraq: 8833
• CVE: CVE-2003-0662
• URL: http://www.microsoft.com/technet/security/Bulletin/MS03-042.mspx