Signature Detail

POP3: Outlook Preview Pane Local Troubleshooter Query Overflow

This signature detects attempts to exploit a known vulnerability against an ActiveX control in Microsoft Outlook. The Local Troubleshooter ActiveX control has inadequate bounds for checking for its Query function; this exploit bypasses normal Outlook/IE ActiveX security controls. Attackers can create a malicious Web site that contains a call to this ActiveX control; this call contains an overly long string that overflows the control buffer, enabling the attacker to gain control of the target system with user privileges.

Extended Description

A vulnerability has been discovered in the Microsoft TroubleShooter ActiveX control. Because of this, it may be possible for a remote attacker to execute arbitrary with the privileges of a local user.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server

References

• BugTraq: 8833
• CVE: CVE-2003-0662
• URL: http://www.microsoft.com/technet/security/Bulletin/MS03-042.mspx