Reported August 22, 2002, by Microsoft.
· Any system using Microsoft's Terminal Services Advanced Client (TSAC) ActiveX control
A buffer overrun condition exists in Microsoft's TSAC ActiveX control that can let an attacker execute arbitrary code remotely on the vulnerable system. This vulnerability results from an unchecked buffer in the control’s code that processes one of the input parameters. By calling the control on a client system and overrunning the buffer, an attacker can run code under the currently logged-on user's security context. The attacker can mount an attack by either hosting a Web page that exploits the vulnerability against any user who visits the Web page or by sending HTML mail to another user.
The vendor, Microsoft, has released Security Bulletin MS02-046 (Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution) to address these vulnerabilities and recommends that affected users download and apply the appropriate patch mentioned in the bulletin.
Discovered by Ollie Whitehouse of @Stake.