| Check Point Reference: |
CPAI-2007-043 |
| Date Published: |
12 Apr 2007 |
| Severity: |
Critical
|
| Last Updated: |
Monday 30 April, 2007 |
| Source: |
Microsoft Security Bulletin MS07-020 |
| Industry Reference: | CVE-2007-1205 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows 2000 SP4
Microsoft Windows XP SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Server 2003 SP2
Microsoft Windows Server 2003 x64 Edition SP1
Microsoft Windows Server 2003 x64 Edition SP2
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium) |
| Vulnerability Description |
A remote code execution vulnerability exists in Microsoft Agent. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier and more natural. A remote attacker can exploit this issue to execute arbitrary code on the affected system. |
| Update/Patch Avaliable | Apply patches:
Microsoft Security Bulletin MS07-020 |
| Vulnerability Details | The vulnerability is due to a memory corruption error in Microsoft Agent ActiveX Control that fails to properly handle specially crafted URLs. This flaw can be exploited by a remote attacker to execute arbitrary commands on a vulnerable system. By convincing a user to view a malicious web site, an attacker can trigger the memory corruption flaw and take complete control of an affected system. |
Feedback