|
Exploit Out for Critical Microsoft Agent Flaw
An exploit that attacks a critical Microsoft Agent vulnerability was published less than 24 hours after Microsoft released a relevant security advisory in its Sept. 11 Patch Tuesday set of releases. The security advisory for Microsoft Agent, MS07-051, was the only critical release out of four security advisories. It addresses a vulnerability whereby the Microsoft Agent-a set of software services for developers to enhance the user interface of Web-based applications-can get hoodwinked by a malicious URL and can then be used to take over a targeted system without ever appearing to the user.
Microsoft Agent (agentsvr.exe) is prone to the stack-based buffer-overflow vulnerability because it fails to adequately bound check user-supplied data. The issue occurs when the "agentdpv.dll" ActiveX control processes maliciously craft URLs, resulting in memory corruption. If the exploit succeeds, the attacker gains system control. If it fails, a denial-of-service occurs.  View: The full story News source: eWeek Read full story... More... |
| All times are GMT +1. The time now is 07:02 PM. |
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.