Signature Detail

HTTP: Microsoft Agent Unsafe ActiveX Control

This signature detects attempts to use unsafe ActiveX control in the Microsoft Agent library. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

Affected Products

• Hp storage_management_appliance 2.1
• Hp storage_management_appliance I
• Hp storage_management_appliance II
• Hp storage_management_appliance III
• Microsoft windows_2000_advanced_server SP1
• Microsoft windows_2000_advanced_server SP2
• Microsoft windows_2000_advanced_server SP3
• Microsoft windows_2000_advanced_server SP4
• Microsoft windows_2000_advanced_server
• Microsoft windows_2000_datacenter_server SP1
• Microsoft windows_2000_datacenter_server SP2
• Microsoft windows_2000_datacenter_server SP3
• Microsoft windows_2000_datacenter_server SP4
• Microsoft windows_2000_datacenter_server
• Microsoft windows_2000_professional SP1
• Microsoft windows_2000_professional SP2
• Microsoft windows_2000_professional SP3
• Microsoft windows_2000_professional SP4
• Microsoft windows_2000_professional
• Microsoft windows_2000_server SP1
• Microsoft windows_2000_server SP2
• Microsoft windows_2000_server SP3
• Microsoft windows_2000_server SP4

References

• BugTraq: 25566
• CVE: CVE-2007-3040
• CVE: CVE-2006-3445
• CVE: CVE-2007-1205