Check Point Advisories

Preemptive Protection against Microsoft Agent Remote Code Execution Vulnerability (MS07-051)

Check Point Reference: CPAI-2007-110
Date Published: 12 Sep 2007
Severity: Critical
Last Updated: Monday 01 January, 2007
Source: Microsoft Security Bulletin MS07-051
Industry Reference:CVE-2007-3040
Protection Provided by:
Who is Vulnerable? Microsoft Agent 2.0.0.3425 and prior on Microsoft Windows 2000 SP4
Vulnerability Description A remote code execution vulnerability exists in Microsoft Agent. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier. A remote attacker can exploit this issue to execute arbitrary code on the affected system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS07-051
Vulnerability DetailsThe vulnerability is due to a memory corruption error in the Microsoft Agent that fails to properly handle specially crafted URLs. This flaw can be exploited by a remote attacker to execute arbitrary commands on a vulnerable system. By convincing a user to view a malicious web site, an attacker can trigger the memory corruption flaw and take complete control of an affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK