CVE-2007-1205 - Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and

CVE-2007-1205

Summary

Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*

CVSS

Base:	9.3 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2012-09-10T04:00:45.839-04:00

class

vulnerability

contributors

name Sudhir Gandhe
organization Secure Elements, Inc.
name Josh Turpin
organization Symantec Corporation
name Shane Shaffer
organization G2, Inc.
name Chandan S
organization SecPod Technologies

definition_extensions

comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
comment Microsoft Windows Server 2003 (x86) Gold is installed
oval oval:org.mitre.oval:def:165
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Windows Server 2003 (ia64) Gold is installed
oval oval:org.mitre.oval:def:396
comment Microsoft Windows XP (x86) SP2 is installed
oval oval:org.mitre.oval:def:754
comment Microsoft Windows Server 2003 SP2 (x86) is installed
oval oval:org.mitre.oval:def:1935
comment Microsoft Windows Server 2003 SP2 (x64) is installed
oval oval:org.mitre.oval:def:2161
comment Microsoft Windows Server 2003 (ia64) SP2 is installed
oval oval:org.mitre.oval:def:1442
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565
comment Microsoft Windows XP SP1 (64-bit) is installed
oval oval:org.mitre.oval:def:480
comment Microsoft Windows XP x64 Edition SP2 is installed
oval oval:org.mitre.oval:def:4193

description

family

windows

oval:org.mitre.oval:def:2034

status

accepted

submitted

2007-04-10T16:31:02

title

Microsoft Agent URL Parsing Vulnerability

version

refmap via4

bid	23337
bugtraq	20070410 Secunia Research: Microsoft Agent URL Parsing Memory CorruptionVulnerability
cert	TA07-100A
cert-vn	VU#728057
hp	HPSBST02208 SSRT071365
misc	http://secunia.com/secunia_research/2006-74/advisory/
sectrack	1017896
secunia	22896
vupen	ADV-2007-1324

Last major update

16-10-2018 - 16:37

Published

10-04-2007 - 21:19

Last modified

16-10-2018 - 16:37