Public exploits available
On this page
remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs.
An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Technical details (analysis)
Microsoft Agent is a component that uses interactive animated characters to guide users and can make using and learning to use a computer easier. A specially crafted URL could corrupt system memory in such a way that an attacker could execute arbitrary code when supplied to Microsoft Agent control. In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 and Microsoft Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition
Release Date: 2007-04-10T00:00:00
Known false positives
No known false positives at this time.
Temporarily prevent the Agent ActiveX control from running in Internet Explorer.
Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
Set Internet and Local intranet security zone settings to â€œHighâ€ to prompt before running ActiveX Controls and Active Scripting in these zones