CVE-2002-1795 in TSAC Activex Control
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 09/01/2025
The CVE-2002-1795 vulnerability represents a critical cross-site scripting flaw discovered in Microsoft Terminal Services Advanced Client ActiveX control, specifically within the connect.asp component. This vulnerability resides in the TSAC ActiveX control which was designed to facilitate remote desktop connections through web-based interfaces, making it a prime target for attackers seeking to exploit web application security weaknesses. The vulnerability's classification as a client-side XSS flaw means that malicious actors could potentially compromise user sessions by injecting malicious scripts into web pages that would execute in the context of other users' browsers. This particular vulnerability affects versions of Microsoft Terminal Services that utilize the ActiveX control for web-based terminal access, creating a significant risk for organizations relying on remote desktop solutions that incorporate this technology.
The technical nature of this vulnerability stems from inadequate input validation and output encoding within the connect.asp script that processes user-supplied data. When users interact with the TSAC ActiveX control through web interfaces, the application fails to properly sanitize or escape user-provided parameters before incorporating them into dynamic web content. This allows attackers to inject malicious JavaScript code or HTML elements that persist in the application's response and execute in the browser context of other users. The attack vector is particularly concerning because it operates through the ActiveX control mechanism which is inherently trusted by web browsers, enabling attackers to execute code with the privileges of the victim's browser session. The vulnerability's impact is amplified by the fact that ActiveX controls were widely deployed in corporate environments and often configured with elevated privileges, providing attackers with potential access to sensitive network resources.
From an operational perspective, this vulnerability poses severe risks to enterprise security infrastructure as it enables attackers to perform session hijacking, steal authentication credentials, and potentially gain unauthorized access to internal network resources. The attack scenario typically involves an attacker crafting malicious input that gets processed by the vulnerable connect.asp script and subsequently rendered in a victim's browser session. This could lead to unauthorized access to terminal services, data exfiltration, or the execution of arbitrary commands on behalf of authenticated users. The vulnerability's impact extends beyond simple script injection as it represents a fundamental breakdown in web application security principles, particularly concerning the proper handling of user input and the implementation of secure coding practices. Organizations with remote access solutions utilizing this ActiveX control were particularly vulnerable, as the attack could be executed without requiring authentication to the target system itself, making it an attractive vector for reconnaissance and initial access.
Mitigation strategies for CVE-2002-1795 should focus on immediate patching of affected systems, disabling the vulnerable ActiveX control where possible, and implementing proper input validation mechanisms. Microsoft released security updates to address this vulnerability, and organizations should prioritize applying these patches to prevent exploitation. Network segmentation and browser security configurations can provide additional layers of protection, including disabling ActiveX controls in web browsers or implementing strict content security policies that prevent script execution from untrusted sources. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in web applications, and its exploitation patterns correspond to ATT&CK techniques related to client-side attacks and credential access. Organizations should also consider implementing web application firewalls and monitoring for suspicious script injection patterns in their network traffic. The incident underscores the importance of secure coding practices and proper input validation in web applications, particularly those that process user-supplied data for dynamic content generation, as it demonstrates how seemingly benign components can become attack vectors when proper security controls are not implemented.