Microsoft Agent exploitable

Microsoft has recently released a relevant security advisory. It took only 24hours until an exploit that attacks a critical Microsoft Agent vulnerability was released.

There were four of security advisories released altogether and MS07-051 was the only critical release. According to eweek.com it addresses a vulnerability whereby the Microsoft Agent – a set of software services for developers to enhance the user interface of Web-based applications – can get hoodwinked by a malicious URL and can then be used to take over a targeted system without ever appearing to the user. 

Microsoft Agent is prone to the stack-based buffer-overflow; consequently memory corruption is the main problem. That is so because Microsoft Agent can not reasonably bound check user-supplied data and the “agentdpv.dll” ActiveX control starts to process maliciously crafted URLs.

The result of successful exploitation is attackers’ control over your system and private information. Although commonly failure doesn’t result in victims systems, in this case a denial-of-service occurs.

Although Symantec has an exploit code, it is only available for its Immunity Partners Program members.

The only way to keep your computer safe from exploitation is keeping out of sites that have questionable integrity and not opening emails that are received from unknown sources.
 

2-viruses authors Articles