CVE-2006-3445

Name of the Vulnerable Software and Affected Versions Microsoft Agent versions on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1

Description The issue arises from an integer overflow in the ReadWideString function within agentdpv.dll, allowing remote attackers to execute arbitrary code via a large length value in an .ACF file. This results in a heap-based buffer overflow. An attacker could exploit this by constructing a specially crafted Web page, potentially allowing remote code execution if a user views the page, and could take complete control of the affected system.

Recommendations For Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.