- home
- reviews
- news
- downloads
- cnet tv
HOLIDAY HELP DESK: Broadcasting live at 1:00 p.m., PT
- log in
- join CNET
- welcome,
- my profile
- log out

Microsoft Security Bulletin MS03-042 826232

Quick specs
Price: Update $1.00 to buy
Operating system: Windows 2000/SP 2/3/4
Date added: October 15, 2003
Total Downloads: 12
Downloads last week: 3
See full specifications

Add to my list Add to my Watch List

Download Now

Tested spyware free

Average user rating: Be the first to rate this product!

Publisher's description

From Microsoft :

A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user?s system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000.

To exploit this vulnerability, the attacker would have to create a specially formed HTML?based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.

In the worst case, this vulnerability could allow an attacker to load malicious code onto a user's system and then to execute the code. The code would run in the context of the user. Therefore, the code is limited to any action that the legitimate user could take on the system. Any limitations on the user's account would also limit the actions of any arbitrary code that the attacker could execute.

The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met:

You have applied the patch included with Microsoft Security bulletin MS03-040
You are using Internet Explorer 6 or later
You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.

Xcelsius Engage 2008

Create dashboards from any data source with point-and-click ease.

Download Now

More popular Programming Software downloads

471 downloads 1. Intel Parallel Studio
464 downloads 2. CD-LabelPrint
464 downloads 3. Microsoft Visual Studio 2008 Service Pack 1
159 downloads 4. RRT - Remove Restrictions Tool
145 downloads 5. Microsoft Small Basic
See all Programming Software downloads

Blackberry Starter Kit

If your BlackBerry is missing these essential apps, you're missing out.

Download Now

User reviews

Write your own review Be the first one to review Microsoft Security Bulletin MS03-042 826232 and share your experience with the CNET community!

Submit your review

Microsoft Security Bulletin MS03-042 826232

ORLog in with your Facebook account

1. Rate this product:: (Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.): 0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.): 0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.): 0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.): 0 of 5000 characters; Submit

See more CNET content tagged:: ActiveX Control,; Microsoft Outlook,; attacker,; code,; vulnerability

Optimize HPC.
Intel® Visual Fortran Compiler Professional 11.0 for Windows.
Download Now Learn More
Accelerate performance.
Intel® C++ Compiler Professional 11.0 for Windows.
Download Now Learn More
Optimized threading.
Intel® Parallel Studio: Breakthrough for Windows developers.
Download Now Learn More