Follow:

Exploit:Win/MSIE.Agent.RCE!CVE-2007-3040

Severity rating
Critical

Class/Type
Exploit

Discovered date
2007-09-11T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Low



On this page




Description

A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.



Technical details (analysis)

Microsoft Agent is a component of the Microsoft Windows operating system that uses interactive animated characters to guide users and can make using and learning to use a computer easier. Supplying a specially crafted URL to the Microsoft Agent ActiveX control could corrupt system memory so that an attacker could execute arbitrary code.



Affected software

Microsoft Windows 2000 Service Pack 4



Non-affected software

Windows XP Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista
Windows Vista x64 Edition



References




Solutions




NIS signature

Name: Exploit:Win/MSIE.Agent.RCE!CVE-2007-3040
Release Date: 2007-09-11T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Temporarily prevent the Agent ActiveX control from running in Internet Explorer
Unregister AgentSvr.exe
Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones