PT-2007-4332 · Microsoft · Agent+1
Yamata Li
·
Published
2007-09-11
·
Updated
2018-10-16
·
CVE-2007-3040
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Microsoft Agent version 2.0.0.3425
Description:
A stack-based buffer overflow issue exists in the way Microsoft Agent handles certain specially crafted URLs, allowing remote attackers to execute arbitrary code. This issue is triggered via a crafted URL to the Agent (Agent.Control) ActiveX control, leading to an overflow within the Agent Service (agentsrv.exe) process. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.
Recommendations:
For Microsoft Agent version 2.0.0.3425, consider restricting access to the Agent Service (agentsrv.exe) process until a patch is available. As a temporary workaround, avoid using the Agent (Agent.Control) ActiveX control with crafted URLs.
Exploit
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Agent
Windows