Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft TSAC ActiveX Control Cross Site Scripting Vulnerability

Microsoft TSAC ActiveX Control Cross Site Scripting Vulnerability

by Nikola Strahija on October 15th, 2002 Microsoft offers Terminal Services client functionality over the web through the Terminal Services Advanced Client ActiveX control. It is an optional component that is installed by end-users.


An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site.

Remote: Yes
Exploit: No

Solution: Reportedly, this issue can be fixed by applying the Microsoft patch from security bulletin MS02-046. SecurityFocus has not verified that this is the case.

Microsoft TSAC ActiveX Control :

Microsoft Upgrade tswebsetup.exe
http://www.microsoft.com/windowsxp/pro/downloads/rdwebconn.asp


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »