WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec

Microsoft Terminal Services Advanced Client buffer overflow allows malicious code execution

Risk
High

Date Discovered
08-28-2002

Description
The ActiveX component of Microsoft Terminal Services Advanced Client (TSAC) contains a parameter with a buffer overflow vulnerability that allows arbitrary code execution. The vulnerability can be exploited from a Web page or through the use of HTML email.

Microsoft offers TSAC functionality over the Web through the TSAC ActiveX control, which is an optional component installed by end-users.

An attacker can exploit this vulnerability by crafting a malicious HTML file and installing it on a Web site, or by sending it as an HTML email message or email message attachment. When a user opens the Web page link or email, the ActiveX control executes the malicious HTML code with the privileges of the logged-on user.

This vulnerability can be exploited only if the TSAC control has been installed on the user's system by an IIS server hosting the control. The control poses no server threat because the control is encapsulated in a cabinet file and cannot be executed. Additionally, the vulnerability cannot be exploited on systems where Outlook 98 or Outlook 2000 are used with the Outlook Email Security Update, or where Outlook Express 6 or Outlook 2002 are used with default configurations.

Platforms Affected
Windows

Components Affected
Microsoft Terminal Services Advanced Client ActiveX Control

Recommendations
Microsoft Internet Explorer 5.01 SP2 and SP3 for Windows 2000, 5.5 SP1 and SP2, 6.0
Patch: Microsoft Patch Q323759

Ensure you download and install the correct patch for your specific operating system or application.

Microsoft Remote Desktop Connection ActiveX Control 
Patch: Remote Desktop Connection Web Connection Software Download

Web masters whose sites offer terminal services should install this patch.

The downloadable Remote Desktop Web Connection ActiveX control provides most of the same functionality as the full Remote Desktop Connection software, but the Remote Desktop Web Connection delivers this functionality over the Web. The Web package Setup program installs the downloadable ActiveX control and sample Web page on a server running IIS 4.0 or later.

References
Source: CVE CAN-2002-0726
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0726

Source: Microsoft MS02-046
URL: http://microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-046.asp

Source: @stake 082802-1
URL: http://www.atstake.com/research/advisories/2002/index.html#082802-1

Source: Security Focus.com 5554
URL: http://www.securityfocus.com/bid/5554

Copyright (c) 2009 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2010 Symantec Corporation