An exploit that attacks a critical Microsoft Agent vulnerability was published less than 24 hours after Microsoft released a relevant security advisory in its Sept. 11 Patch Tuesday set of releases. The security advisory for Microsoft Agent, MS07-051, was the only critical release out of four security advisories. It addresses a vulnerability whereby the Microsoft Agent—a set of software services for developers to enhance the user interface of Web-based applications—can get hoodwinked by a malicious URL and can then be used to take over a targeted system without ever appearing to the user.
Microsoft Agent (agentsvr.exe) is prone to the stack-based buffer-overflow vulnerability because it fails to adequately bound check user-supplied data. The issue occurs when the "agentdpv.dll" ActiveX control processes maliciously craft URLs, resulting in memory corruption. If the exploit succeeds, the attacker gains system control. If it fails, a denial-of-service occurs.