F-Secure
Tools
Microsoft Agent ActiveX Control URL Handling Buffer Overflow Vulnerability
| Report ID: | SA26753 |
| Source: | Secunia |
| Date of Discovery: | 11.09.2007 |
| Criticality: | Moderate |
| Affects: | Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server |
| Compromise From: | From remote |
| Compromise Type: | System access |
Summary
A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system.
Detailed Description
A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the Microsoft Agent ActiveX control (agentdpv.dll) when handling specially crafted URLs passed as argument to a certain unspecified method. This can be exploited to cause a stack-based buffer overflow when a user e.g. visits a malicious website.
Successful exploitation allows execution of arbitrary code.
The vulnerability is caused due to a boundary error in the Microsoft Agent ActiveX control (agentdpv.dll) when handling specially crafted URLs passed as argument to a certain unspecified method. This can be exploited to cause a stack-based buffer overflow when a user e.g. visits a malicious website.
Successful exploitation allows execution of arbitrary code.
Solution
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7cd248ed-d154-4dce-89ef-ceefd2700965
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7cd248ed-d154-4dce-89ef-ceefd2700965
CVE Reference
CVE-2007-3040