Follow:

Expl:Win/Agent.AgentCharactersLoad.RCE!2007-1205

Severity rating
Critical

Class/Type
Exploit

Discovered date
2007-04-10T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Medium



On this page




Description

remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.



Technical details (analysis)

Microsoft Agent is a component that uses interactive animated characters to guide users and can make using and learning to use a computer easier. A specially crafted URL could corrupt system memory in such a way that an attacker could execute arbitrary code when supplied to Microsoft Agent control. In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.



Affected software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 and Microsoft Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems



Non-affected software

Windows Vista
Windows Vista x64 Edition



References




Solutions




NIS signature

Name: Expl:Win/Agent.AgentCharactersLoad.RCE!2007-1205
Release Date: 2007-04-10T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Temporarily prevent the Agent ActiveX control from running in Internet Explorer.
Unregister AgentSvr.exe
Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones