Buffer Overrun in Terminal Services Web Control New

A buffer overrun vulnerability exists in the Terminal Services Advanced Client (TSAC) web control which could allow an attacker to run code in the security context of the currently logged on user.

Issue

The Terminal Services Advanced Client (TSAC) web control is an ActiveX control that can be used to run Terminal Services sessions within Internet Explorer. The downloadable ActiveX control provides nearly the same functionality as the full Terminal Services Client, but is designed to deliver this functionality over the Web.

The TSAC control does not come installed as part of any Windows client system. Instead, clients obtain the control from web servers that offer terminal services. The configuration process that enables an IIS server to provide terminal services involves installing on the server a cabinet file containing the control. The server then delivers the cabinet file to any client system that needs it, and the client installs the control via the cabinet file.

A security vulnerability results because the control contains an unchecked buffer in the code that processes one of the input parameters. By calling the control on a client system and overrunning the buffer, an attacker could gain the ability to run code in the security context of the currently logged on user. This would enable the attacker to take any desired action on the user’s system. The attacker could mount an attack by either hosting a web page that exploits the vulnerability against any user who visits it, or by sending an HTML mail to another user.

Affected Products

• Microsoft Terminal Services Advanced Client (TSAC) ActiveX control

Download

Patch: http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: August 22, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<