Info

Disclosure

Aug 28, 2002

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A Local overflow exists in Microsoft Terminal Services Advanced Client. The ActiveX Control fails to check for long server names resulting in a buffer overflow. With a specially crafted request, an attacker can cause code execution in the context of the user who has the Advanced Client on their system resulting in a loss of confidentiality and integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public

Solution

Upgrade to Windows XP Service Pack 1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Downloading the updated Terminal Services Advanced Client from Microsoft and install it on the web server hosting the terminal services session.

Products

Microsoft Corporation

Terminal Services Advanced Client

All Versions

References

CVE ID: 2002-0726 (see also: NVD)
CERT VU: 276321
Bugtraq ID: 5554
ISS X-Force ID: 9934
Keyword: ActiveX Component ID 1FB464C8-09BB-4017-A2F5-EB742F04392F Overflow Server Name Terminal Services Advanced Client
Other Advisory URL: http://www.atstake.com/research/advisories/2002/a082802-1.txt
Vendor URL: http://www.microsoft.com
Vendor Specific Solution URL: http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp
Microsoft Security Bulletin: MS02-046
Microsoft Knowledge Base Article: Q327521

Credit

Ollie Whitehouse - ollie_whitehousesymantec.com - Symantec Corp.

Direct URL: http://osvdb.org/5124