Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
MS02-046: Buffer overrun in TSAC ActiveX control might allow code execution
Article ID: 327521 - View products that this article applies to.
This article was previously published under Q327521
The Terminal Services Advanced Client (TSAC) Web control is an ActiveX control you can use to run Terminal Services sessions in Internet Explorer. The downloadable ActiveX control provides almost the same functionality as the full Terminal Services Client, but is designed to deliver this functionality over the Web.
The TSAC control does not come installed as part of any Windows client. Instead, clients obtain the control from Web servers that offer terminal services. The configuration process that makes it possible for an Internet Information Services (IIS) server to provide terminal services involves installing a .cab file that contains the control on the server. The server then delivers the .cab file to any client computer that needs it, and the client installs the control from the .cab file.
A security vulnerability results because the control contains an unchecked buffer in the code that processes one of the input parameters. By calling the control on a client and overrunning the buffer, an attacker can gain the ability to run code in the security context of the currently-logged-on user. This makes it possible for the attacker to control the user's computer. The attacker can mount an attack by either hosting a Web page that exploits the vulnerability against any user who visits it, or by sending an HTML e-mail message to another user.
To resolve this problem, obtain the latest service pack for Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322389/EN-US/ )How to Obtain the Latest Windows XP Service Pack
Download InformationFor administrators of Web sites that provide terminal services to obtain the updated TSAC ActiveX control, visit the following Microsoft Web site:
Users must install the August 22, 2002 cumulative patch for Internet Explorer. For additional information about how to do so, click the article number below to view the article in the Microsoft Knowledge Base:
Collapse this imageExpand this image
323759Release Date: August 22, 2002
(http://support.microsoft.com/kb/323759/EN-US/ )MS02-047: August 22, 2002, Cumulative Patch for Internet Explorer
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/EN-US/ )How to Obtain Microsoft Support Files from Online Services
Installation InformationThis patch replaces the functionality of the previous Connect.asp file with a new Microsoft Dynamic HTML-based (DHTML-based) Default.htm file, but the patch does not remove the previous Connect.asp file. Administrators who have modified this page can port the modifications to the new Default.htm page and then delete the Connect.asp and Mstsax.cab files.
You do not have to restart your server after you apply the updated TSAC ActiveX control.
Users who are members of the "Regular Users" group cannot install ActiveX controls. The administrator must repeat the method that was used previously to install the ActiveX control on the user's computer. For additional information about how to do so, click the article numbers below to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/241163/EN-US/ )How to Publish ActiveX Controls in Windows 2000 Using IntelliMirror
(http://support.microsoft.com/kb/280579/EN-US/ )HOWTO: Install ActiveX Controls in Internet Explorer Using the Active Directory
File InformationThe English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
The English version of the Msrcp.cab file has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ----------------------------------------------------- 16-Apr-2002 18:32 2,022 Bluebarh.gif 16-Apr-2002 18:32 2,085 Bluebarv.gif 10-Aug-2002 07:23 21,723 Default.htm 10-Aug-2002 13:31 310,400 Msrdp.cab 01-Jul-2002 21:38 11,595 Readme.htm 16-Apr-2002 18:32 9,644 Win2000l.gif 16-Apr-2002 18:32 1,958 Win2000r.gif
Date Time Version Size File name ----------------------------------------------------- 10-Aug-2002 07:23 1,561 Msrdp.inf 10-Aug-2002 04:16 5.1.2600.1095 600,064 Msrdp.ocx
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Terminal Services Advanced Client (TSAC) web control. This problem was first corrected in Windows XP Service Pack 1.
After you install this update, permissions for the HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing and HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing\HardwareID keys are modified so that the Users group has read-only access. This change may cause connection problems with older RDP or Citrix clients. To resolve this problem, install an updated client or give the Users group Set Value and Create Subkey permissions on the HardwareID key by using Registry Editor (Regedt32.exe).
For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS02-046.mspxTo prevent potential exploits in older versions of the Terminal Services Web client, Internet Explorer now blocks these OCX controls:
Article ID: 327521 - Last Review: December 1, 2007 - Revision: 5.3