BID:1899

Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability

Info

Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability

Bugtraq ID:	1899
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Nov 02 2000 12:00AM
Updated:	Nov 02 2000 12:00AM
Credit:	Discovered by USSR Labs <[email protected]> and publicized in a Microsoft Security Bulletin (MS00-085) on November 2, 2000.
Vulnerable:	Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server + Avaya DefinityOne Media Servers + Avaya IP600 Media Servers + Avaya S3400 Message Application Server 0 + Avaya S8100 Media Servers 0 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server

Not Vulnerable:	Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Advanced Server SP2

Exploit / POC

Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability

USSR has provided two example pages, at:
http://www.ussrback.com/microsoft/msmactivex.html
http://www.ussrback.com/microsoft/msmactivex2.html

Solution / Fix

Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability

Solution:
Microsoft has released the following patch which eliminates the vulnerability:

Microsoft Windows 2000 Professional

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

Microsoft Windows 2000 Advanced Server SP1

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

Microsoft Windows 2000 Datacenter Server

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

Microsoft Windows 2000 Datacenter Server SP1

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

Microsoft Windows 2000 Server SP1

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

Microsoft Windows 2000 Advanced Server

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

Microsoft Windows 2000 Professional SP1

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

Microsoft Windows 2000 Server

Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532