Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
BID:1899
Info
Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 1899 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 02 2000 12:00AM |
| Updated: | Nov 02 2000 12:00AM |
| Credit: | Discovered by USSR Labs <[email protected]> and publicized in a Microsoft Security Bulletin (MS00-085) on November 2, 2000. |
| Vulnerable: |
Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server |
| Not Vulnerable: |
Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Advanced Server SP2 |
Exploit / POC
Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
USSR has provided two example pages, at:
http://www.ussrback.com/microsoft/msmactivex.html
http://www.ussrback.com/microsoft/msmactivex2.html
USSR has provided two example pages, at:
http://www.ussrback.com/microsoft/msmactivex.html
http://www.ussrback.com/microsoft/msmactivex2.html
Solution / Fix
Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
Solution:
Microsoft has released the following patch which eliminates the vulnerability:
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Server
Solution:
Microsoft has released the following patch which eliminates the vulnerability:
Microsoft Windows 2000 Professional
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Microsoft Windows 2000 Datacenter Server
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Microsoft Windows 2000 Server SP1
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Microsoft Windows 2000 Advanced Server
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Microsoft Windows 2000 Professional SP1
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532
Microsoft Windows 2000 Server
-
Microsoft Q278511
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532