HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-116
Microsoft Agent Memory Corruption Vulnerability

Original Issue Date: November 15, 2006

Severity Rating: High

Systems Affected

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  • Microsoft Windows Server 2003 x64 Edition

Overview

A vulnerability has been reported in Microsoft Windows due to a memory corruption error in the Microsoft Agent when handling specially crafted ".ACF" files.

Description

A vulnerability has been reported in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a memory corruption error in the Microsoft Agent when handling specially crafted ".ACF" files.
An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Workarounds

  • Temporarily prevent the Microsoft Agent ActiveX control from running in Internet Explorer.
  • Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
  • Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-068

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-068.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/4506

Secunia
http://secunia.com/advisories/22878

Securityfocus
http://www.securityfocus.com/bid/21034

Internet Security Systems
http://xforce.iss.net/xforce/xfdb/29945

CVE-Name
CVE-2006-3445

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003