Microsoft Agent URI Processing Remote Code Execution Vulnerability
BID:23337
Info
Microsoft Agent URI Processing Remote Code Execution Vulnerability
| Bugtraq ID: | 23337 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1205 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2007 12:00AM |
| Updated: | Nov 15 2007 12:37AM |
| Credit: | This issue was discovered by JJ Reyes and Carsten Eiram of Secunia. |
| Vulnerable: |
Nortel Networks Centrex IP Client Manager 8.0 Nortel Networks Centrex IP Client Manager 7.0 Nortel Networks Centrex IP Client Manager 9.0 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP2 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Terminal Services SP4 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Advanced Server SP4 HP Storage Management Appliance 2.1 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server 0 Avaya Customer Interaction Express (CIE) User Interface 1.0 Avaya Customer Interaction Express (CIE) Server 1.0 |
| Not Vulnerable: |
Microsoft Internet Explorer 7.0 |
Discussion
Microsoft Agent URI Processing Remote Code Execution Vulnerability
The Microsoft Agent ActiveX control is prone to remote code execution.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
Note that users who are running Windows Internet Explorer 7 are not affected by this vulnerability.
The Microsoft Agent ActiveX control is prone to remote code execution.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
Note that users who are running Windows Internet Explorer 7 are not affected by this vulnerability.
Exploit / POC
Microsoft Agent URI Processing Remote Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Microsoft Agent URI Processing Remote Code Execution Vulnerability
Solution:
Microsoft has released security advisory MS07-020 to address this issue in supported versions of affected applications. Please see the referenced advisory for more information.
HP Storage Management Appliance is affected by the issue. Please see the referenced HP advisory for more information.
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows Server 2003 Itanium SP1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Itanium 0
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows 2000 Terminal Services SP4
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows XP Home SP2
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows XP Professional SP2
Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows 2000 Professional SP4
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Solution:
Microsoft has released security advisory MS07-020 to address this issue in supported versions of affected applications. Please see the referenced advisory for more information.
HP Storage Management Appliance is affected by the issue. Please see the referenced HP advisory for more information.
Microsoft Windows Server 2003 Datacenter Edition SP1
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows Server 2003 Datacenter x64 Edition
-
Microsoft Security Update for Windows Server 2003 x64 Edition (KB932168)
WindowsServer2003.WindowsXP-KB932168-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=50469b54-b6ff -46ed-b2bc-3b00b0984e1e&displaylang=en
Microsoft Windows XP Media Center Edition SP2
-
Microsoft Update for Windows XP (KB932168)
WindowsXP-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=e16ededa-6e8c -40d6-a3c0-d61362411acc&displaylang=en
Microsoft Windows Server 2003 Itanium SP1
-
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB932168)
WindowsServer2003-KB932168-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=883660ca-e976 -460f-8e50-c19d1b02b42f&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows Server 2003 Itanium 0
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en -
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB932168)
WindowsServer2003-KB932168-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=883660ca-e976 -460f-8e50-c19d1b02b42f&displaylang=en
Microsoft Windows 2000 Advanced Server SP4
-
Microsoft Security Update for Windows 2000 (KB932168)
Windows2000-KB932168-x86-ENU.EXE
http://www.microsoft.com/downloads/details.aspx?familyid=49dc470b-64e2 -47ec-be90-622b407c7751&displaylang=en
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
-
Microsoft Security Update for Windows Server 2003 x64 Edition (KB932168)
WindowsServer2003.WindowsXP-KB932168-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=50469b54-b6ff -46ed-b2bc-3b00b0984e1e&displaylang=en
Microsoft Windows 2000 Terminal Services SP4
-
Microsoft Security Update for Windows 2000 (KB932168)
Windows2000-KB932168-x86-ENU.EXE
http://www.microsoft.com/downloads/details.aspx?familyid=49dc470b-64e2 -47ec-be90-622b407c7751&displaylang=en
Microsoft Windows Server 2003 Standard Edition SP2
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows XP Home SP2
-
Microsoft Update for Windows XP (KB932168)
WindowsXP-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=e16ededa-6e8c -40d6-a3c0-d61362411acc&displaylang=en
Microsoft Windows 2000 Datacenter Server SP4
-
Microsoft Security Update for Windows 2000 (KB932168)
Windows2000-KB932168-x86-ENU.EXE
http://www.microsoft.com/downloads/details.aspx?familyid=49dc470b-64e2 -47ec-be90-622b407c7751&displaylang=en
Microsoft Windows XP Tablet PC Edition SP2
-
Microsoft Update for Windows XP (KB932168)
WindowsXP-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=e16ededa-6e8c -40d6-a3c0-d61362411acc&displaylang=en
Microsoft Windows Server 2003 Itanium SP2
-
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB932168)
WindowsServer2003-KB932168-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=883660ca-e976 -460f-8e50-c19d1b02b42f&displaylang=en
Microsoft Windows Server 2003 Web Edition
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows XP Professional x64 Edition
-
Microsoft Security Update for Windows XP x64 Edition (KB932168)
WindowsServer2003.WindowsXP-KB932168-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=23909036-898f -41af-a3de-4a899a15d25d&displaylang=en
Microsoft Windows Server 2003 Web Edition SP1
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows Server 2003 Web Edition SP2
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows XP Professional x64 Edition SP2
-
Microsoft Security Update for Windows XP x64 Edition (KB932168)
WindowsServer2003.WindowsXP-KB932168-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=23909036-898f -41af-a3de-4a899a15d25d&displaylang=en -
Microsoft Update for Windows XP (KB932168)
WindowsXP-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=e16ededa-6e8c -40d6-a3c0-d61362411acc&displaylang=en
Microsoft Windows Server 2003 Standard Edition SP1
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows Server 2003 Standard Edition
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
Microsoft Windows XP Professional SP2
-
Microsoft Update for Windows XP (KB932168)
WindowsXP-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=e16ededa-6e8c -40d6-a3c0-d61362411acc&displaylang=en
Microsoft Windows 2000 Server SP4
-
Microsoft Security Update for Windows 2000 (KB932168)
Windows2000-KB932168-x86-ENU.EXE
http://www.microsoft.com/downloads/details.aspx?familyid=49dc470b-64e2 -47ec-be90-622b407c7751&displaylang=en
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en -
Microsoft Security Update for Windows Server 2003 x64 Edition (KB932168)
WindowsServer2003.WindowsXP-KB932168-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=50469b54-b6ff -46ed-b2bc-3b00b0984e1e&displaylang=en
Microsoft Windows 2000 Professional SP4
-
Microsoft Security Update for Windows 2000 (KB932168)
Windows2000-KB932168-x86-ENU.EXE
http://www.microsoft.com/downloads/details.aspx?familyid=49dc470b-64e2 -47ec-be90-622b407c7751&displaylang=en
Microsoft Windows Server 2003 Enterprise x64 Edition
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en -
Microsoft Security Update for Windows Server 2003 x64 Edition (KB932168)
WindowsServer2003.WindowsXP-KB932168-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=50469b54-b6ff -46ed-b2bc-3b00b0984e1e&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
-
Microsoft Security Update for Windows Server 2003 (KB932168)
WindowsServer2003-KB932168-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=281f10d2-d754 -44cd-8318-9ce94b8d01b4&displaylang=en
References
Microsoft Agent URI Processing Remote Code Execution Vulnerability
References:
References:
- Microsoft Agent Homepage (Microsoft)
- Microsoft Knowledge Base Article 240797 (Microsoft)
- [security bulletin] HPSBST02208 SSRT071365 rev.1 - Storage Management Appliance ([email protected])
- Secunia Research: Microsoft Agent URL Parsing Memory Corruption Vulnerability (Secunia Research
) - [ SECURITY ADVISORY ] Centrex IP Client Manager (CICM) response to Microsoft Apr (Nortel)
- ASA-2007-157 MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code E (Avaya)
- Microsoft Security Bulletin MS07-020 (Microsoft)
- Nortel Response to Microsoft Security Bulletin MS07-020 (Nortel Networks)
- Vulnerability Note VU#728057 Microsoft Windows Agent fails to properly process c (US-CERT)