A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a userís system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000.

Affected software:
Windows 2000

View: Microsoft Security Bulletin MS03-042