Microsoft Agent URL Parsing Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	04/10/2007
Severity:	High
Operating Systems Affected:	Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 SP2

Synopsis

A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/Bulletin/MS07-020.mspx

Threat Analysis

Microsoft Agent is a component that uses interactive animated characters to guide users and can make using and learning to use a computer easier.

A specially crafted URL could corrupt system memory in such a way that an attacker could execute arbitrary code when supplied to Microsoft Agent control.This vulnerability requires that a user is logged on and visits a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1205

Write-up by: Nataraj Vasam