Microsoft Agent URL Handling Memory Corruption Vulnerability

Posted on Tuesday, September 11, 2007 @ 18:09:23 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA26753

VERIFY ADVISORY: http://secunia.com/advisories/26753/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Server - http://secunia.com/product/20/
Microsoft Windows 2000 Professional - http://secunia.com/product/1/
Microsoft Windows 2000 Datacenter Server - http://secunia.com/product/1177/
Microsoft Windows 2000 Advanced Server - http://secunia.com/product/21/

DESCRIPTION: A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the Microsoft Agent component when handling URLs and can be exploited to cause memory corruption via a specially crafted URL. Successful exploitation may allow execution of arbitrary code on a user's system when e.g. visiting a malicious website.

SOLUTION: Apply patches - Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=7cd248ed-d154-4dce-89ef-ceefd2700965

PROVIDED AND/OR DISCOVERED BY:
The vendor credits the following:
* Assurent Secure Technologies
* Yamata Li, Palo Alto Networks.
* An anonymous researcher via iDefense.

ORIGINAL ADVISORY: MS07-051 (KB938827): http://www.microsoft.com/technet/security/Bulletin/MS07-051.mspx
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 352,534,218
  • Today: 17,169
Server InfoServer Info
  • Apr 19, 2018
  • 04:38 am PDT
 
 

Daily Inspiration