A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a userâ??s system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000.
To exploit this vulnerability, the attacker would have to create a specially formed HTMLâ??based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.
In the worst case, this vulnerability could allow an attacker to load malicious code onto a user's system and then to execute the code. The code would run in the context of the user. Therefore, the code is limited to any action that the legitimate user could take on the system. Any limitations on the user's account would also limit the actions of any arbitrary code that the attacker could execute.
The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met:
- You have applied the patch included with Microsoft Security bulletin MS03-040
- You are using Internet Explorer 6 or later
- You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.