ID CVE-2007-1205
Summary Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2012-09-10T04:00:45.839-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Shane Shaffer
    organization G2, Inc.
  • name Chandan S
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
description Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
family windows
id oval:org.mitre.oval:def:2034
status accepted
submitted 2007-04-10T16:31:02
title Microsoft Agent URL Parsing Vulnerability
version 37
refmap via4
bid 23337
bugtraq 20070410 Secunia Research: Microsoft Agent URL Parsing Memory CorruptionVulnerability
cert TA07-100A
cert-vn VU#728057
hp
  • HPSBST02208
  • SSRT071365
misc http://secunia.com/secunia_research/2006-74/advisory/
ms MS07-020
sectrack 1017896
secunia 22896
vupen ADV-2007-1324
Last major update 16-10-2018 - 16:37
Published 10-04-2007 - 21:19
Back to Top