CVE-2003-0662 : Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Wind

Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.

Published 2003-11-17 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2003-0662

Microsoft » Windows 2000 » Update SP1
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-0662

EPSS FAQ

61.80%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-0662

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2003-0662

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2003-0662

http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0015.html

Exploit;Patch;Vendor Advisory
http://www.kb.cert.org/vuls/id/989932

VU#989932 - Microsoft contains a buffer overflow in the Local Troubleshooter ActiveX control (Tshoot.ocx)
Patch;Third Party Advisory;US Government Resource

CVEs referencing this url
http://www.securityfocus.com/bid/8833

Exploit;Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13423
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-042

Microsoft Security Bulletin MS03-042 - Critical | Microsoft Learn
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A237
http://www.cert.org/advisories/CA-2003-27.html

2003 CERT Advisories
US Government Resource

CVEs referencing this url
http://marc.info/?l=ntbugtraq&m=106632192709608&w=2

'Microsoft Local Troubleshooter ActiveX control buffer overflow' - MARC
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012205.html

Jump to

Vulnerability Details : CVE-2003-0662

Products affected by CVE-2003-0662

Exploit prediction scoring system (EPSS) score for CVE-2003-0662

CVSS scores for CVE-2003-0662

CWE ids for CVE-2003-0662

References for CVE-2003-0662