Exploit Out for Critical Microsoft Agent Flaw

An exploit that attacks a critical Microsoft Agent vulnerability was published less than 24 hours after Microsoft released a relevant security advisory in its Sept. 11 Patch Tuesday set of releases. The security advisory for Microsoft Agent, MS07-051, was the only critical release out of four security advisories. It addresses a vulnerability whereby the Microsoft Agent—a set of software services for developers to enhance the user interface of Web-based applications—can get hoodwinked by a malicious URL and can then be used to take over a targeted system without ever appearing to the user.

Microsoft Agent (agentsvr.exe) is prone to the stack-based buffer-overflow vulnerability because it fails to adequately bound check user-supplied data. The issue occurs when the "agentdpv.dll" ActiveX control processes maliciously craft URLs, resulting in memory corruption. If the exploit succeeds, the attacker gains system control. If it fails, a denial-of-service occurs.

View: The full story
News source: eWeek

Previous Story
Sony unveils new Blu-ray recorders
Next Story
Salesforce.com unveils user interface as a service