|
|
|
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=592
|
|
Vulnerable Systems:
* iDefense has confirmed the existence of this vulnerability in the Agent service included in Windows 2000.
Immune Systems:
* Microsoft reports that newer versions of the Agent service are not vulnerable.
The vulnerability exists within the Agent Service (agentsvr.exe). Due to improper handling of specially crafted URLs, an attack can cause stack based buffer overflow.
Exploitation of this vulnerability results in arbitrary code execution with the privileges of the logged in user. To exploit this vulnerability, an attacker would have to use social engineering techniques to convince a user to visit a malicious website. No further interaction is needed.
With default settings, Microsoft Outlook and Outlook Express can not be used to directly exploit this vulnerability. By default, Outlook and Outlook Express both run in Restricted mode which prevents Active Content from being loaded. However, an attacker could send an e-mail with a link to a malicious website. By following this link a user is susceptible to exploitation through the browser.
Workaround:
Setting the kill bit for the following CLSID will prevent the control from loading in the browser:
{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}
This will not fix the vulnerability, but it will prevent it from being exploited through the web browser.
Vendor Status:
Microsoft has addressed this vulnerability within MS07-051. For more information, consult their bulletin at the following URL.
http://www.microsoft.com/technet/security/Bulletin/MS07-051.mspx
CVE Information:
CVE-2007-3040
Disclosure Timeline:
* 07/09/2007 Initial vendor notification
* 07/09/2007 Initial vendor response
* 09/11/2007 Coordinated public disclosure
|
|
|
|