CVE-2007-3040

Name of the Vulnerable Software and Affected Versions: Microsoft Agent version 2.0.0.3425

Description: A stack-based buffer overflow issue exists in the way Microsoft Agent handles certain specially crafted URLs, allowing remote attackers to execute arbitrary code. This issue is triggered via a crafted URL to the Agent (Agent.Control) ActiveX control, leading to an overflow within the Agent Service (agentsrv.exe) process. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations: For Microsoft Agent version 2.0.0.3425, consider restricting access to the Agent Service (agentsrv.exe) process until a patch is available. As a temporary workaround, avoid using the Agent (Agent.Control) ActiveX control with crafted URLs.