J-Security Center

Title: Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability

Severity: HIGH

Description:

An unchecked buffer exists in the System Monitor ActiveX Control included with Microsoft Windows 2000 (sysmon.ocx, classid:C4D2D8E0-D1DD-11CE-940F-008029004347). Depending on the data entered when invoking the ActiveX control, a malicious user could either launch a denial of service attack or execute arbitrary code on a remote system. This can be exploited remotely via either a web browser or html-complaint email, provided that ACtiveX is enabled in the browser or mail client.

The problem is in the LogFileName parameter supplied to the control. If the length of the data entered as this value is longer than 2000 characters, memory containing executable code will be overwritten with the remotely-supplied data. This data will then be executed on the target system at the current user's privilege level.

Affected Products:

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Datacenter Server SP1
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Server SP1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.