Vulnerability Name:

CVE-2005-1214 (CCN-20831)

Assigned:2005-06-14
Published:2005-06-14
Updated:2019-04-30
Summary:Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 30 2007 - 01:56:59 CST
COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched)

Source: MITRE
Type: CNA
CVE-2005-1214

Source: CCN
Type: SA15689
Microsoft Agent Trusted Internet Content Spoofing Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
15689

Source: CCN
Type: US-CERT VU#718542
Microsoft Agent vulnerable to trusted site spoofing

Source: CCN
Type: Microsoft Security Bulletin MS05-032
Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

Source: BID
Type: UNKNOWN
13948

Source: CCN
Type: BID-13948
Microsoft Agent Trusted Content Spoofing Vulnerability

Source: MS
Type: UNKNOWN
MS05-032

Source: XF
Type: UNKNOWN
win-agent-character-spoof(20831)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1194

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:682

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:906

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:second_edition:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:682
    V
    Microsoft Agent Security Prompt Spoofing Vulnerability (Windows 2000)
    2011-05-16
    oval:org.mitre.oval:def:906
    V
    Microsoft Agent Security Prompt Spoofing Vulnerability (Server 2003)
    2011-05-16
    oval:org.mitre.oval:def:1194
    V
    Microsoft Agent Security Prompt Spoofing Vulnerability (Windows XP)
    2011-05-16
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2000 * sp4
    microsoft windows 2000 terminal services *
    microsoft windows 2000 terminal services * sp1
    microsoft windows 2000 terminal services * sp2
    microsoft windows 2000 terminal services * sp3
    microsoft windows 2003 server 64-bit
    microsoft windows 2003 server datacenter_64-bit sp1
    microsoft windows 2003 server datacenter_64-bit sp1_beta_1
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise sp1
    microsoft windows 2003 server enterprise sp1_beta_1
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server enterprise_64-bit sp1
    microsoft windows 2003 server enterprise_64-bit sp1_beta_1
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2 sp1
    microsoft windows 2003 server r2 sp1_beta_1
    microsoft windows 2003 server standard
    microsoft windows 2003 server standard sp1
    microsoft windows 2003 server standard sp1_beta_1
    microsoft windows 2003 server standard_64-bit
    microsoft windows 2003 server web
    microsoft windows 2003 server web sp1
    microsoft windows 2003 server web sp1_beta_1
    microsoft windows 98 * gold
    microsoft windows 98se *
    microsoft windows me *
    microsoft windows me *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows 98 *
    microsoft windows 98se *
    microsoft windows me *
    microsoft windows 2000 - sp3
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows 2003 server *
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows xp - sp1