SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Microsoft Terminal Services Advanced Client (TSAC) Vendors:   Microsoft
Microsoft Terminal Services Advanced Client (TSAC) ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1005120
SecurityTracker URL:  http://securitytracker.com/id/1005120
CVE Reference:   CVE-2002-0726   (Links to External Site)
Date:  Aug 22 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Any version of Windows
Description:   A buffer overflow was reported in the Terminal Services Advanced Client (TSAC) ActiveX control for Microsoft Windows operating systems. A remote user can cause the control to execute arbitrary code.

The ActiveX control is reportedly used to run Terminal Services sessions within Internet Explorer (IE) and is distributed by web sites that offer terminal services (it is not installed by default as part of Windows). It is reported that there is an unchecked buffer in the code that processes one of the input parameters.

A remote user could create HTML that, when loaded by the target user, would call the vulnerable ActiveX control and execute arbitrary code on the target user's system. The code would run in the security context of the target user. The code could take any desired action on the user s system, acting as the target user.

Microsoft has assigned a Severity Rating of Low for Internet and Intranet Servers and Moderate for Client Systems.

Microsoft credits Microsoft Ollie Whitehouse of @Stake for reporting this flaw.

Impact:   A remote user can execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   Microsoft has issued several patches.

Web masters whose sites offer terminal services should install the patch at:

http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp

Customers should install the latest IE cumulative patch (this is described in Microsoft Security Bulletin MS02-047, which is addressed in a separate security alert).

Microsoft reports that the TSAC Web Package can be hosted on systems running Windows NT 4.0, Terminal Server Edition, Windows 2000, and Windows XP.

Microsoft plans to include the updated TSAC ActiveX control in Windows XP SP1.

Microsoft plans to issue Knowledge Base article Q327521 regarding this issue, to be available shortly on the Microsoft Online Support web site:

http://support.microsoft.com/?scid=fh;en-us;kbhowto

Please review the Microsoft Bulletin MS02-046 (available at the Vendor URL) for some important information regarding patch installation.

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS02-046.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  MS02-046


http://www.microsoft.com/technet/security/bulletin/MS02-046.asp

OS:  Windows (Any)

Microsoft Terminal Services Advanced Client (TSAC) ActiveX Control
Buffer Overflow Lets Remote Users Execute Arbitrary Code

A buffer overflow was reported in the Terminal Services Advanced Client
(TSAC) ActiveX control for Microsoft Windows operating systems.  A
remote user can cause the control to execute arbitrary code.

The ActiveX control is reportedly used to run Terminal Services sessions
within Internet Explorer (IE) and is distributed by web sites that offer
terminal services (it is not installed by default as part of Windows). 
It is reported that there is an unchecked buffer in the code that
processes one of the input parameters.

A remote user could create HTML that, when loaded by the target user,
would call the vulnerable ActiveX control and execute arbitrary code on
the target user's system.  The code would run in the security context of
the target user.  The code could take any desired action on the user's
system, acting as the target user.

Microsoft has assigned a Severity Rating of Low for Internet and
Intranet Servers and Moderate for Client Systems.



Microsoft has issued several patches.

Web masters whose sites offer terminal services should install the patch
at:

http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp 

Customers should install the latest IE cumulative patch (this is
described in Microsoft Security Bulletin MS02-047, which is addressed in
a separate security alert). 

Microsoft reports that the TSAC Web Package can be hosted on systems
running Windows NT 4.0, Terminal Server Edition, Windows 2000, and
Windows XP.

Microsoft plans to include the updated TSAC ActiveX control in Windows
XP SP1. 

Microsoft plans to issue Knowledge Base article Q327521 regarding this
issue, to be available shortly on the Microsoft Online Support web site:

Please review the Microsoft Bulletin MS02-046 (available at the Vendor
URL) for some important information regarding patch installation.


Bulleting Number:  MS02-046

Bug Number/Patch Number:  Q327521

CVE Number:  CAN-2002-0726


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC