A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user’s system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000.

Affected software:
Windows 2000

:arrow: View: Microsoft Security Bulletin MS03-042 (http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-042.asp)