Vulnerability Name:
CVE-2007-1205 (CCN-33265)
Assigned:
2007-04-10
Published:
2007-04-10
Updated:
2018-10-16
Summary:
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
CVSS v3 Severity:
9.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
7.6 High
(CCN CVSS v2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
)
5.6 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
High
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2007-1205
Source: CCN
Type: SA22896
Microsoft Agent URL Parsing Memory Corruption Vulnerability
Source: SECUNIA
Type: UNKNOWN
22896
Source: CCN
Type: Secunia Research 10/04/2007
Microsoft Agent URL Parsing Memory Corruption Vulnerability
Source: MISC
Type: UNKNOWN
http://secunia.com/secunia_research/2006-74/advisory/
Source: CCN
Type: SECTRACK ID: 1017896
Microsoft Agent URL Parsing Bug Lets Remote Users Execute Arbitrary Code
Source: CCN
Type: ASA-2007-157
MS07-020 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
Source: CCN
Type: US-CERT VU#728057
Microsoft Windows Agent fails to properly process crafted URLs
Source: CERT-VN
Type: US Government Resource
VU#728057
Source: CCN
Type: Microsoft Security Bulletin MS07-020
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
Source: BUGTRAQ
Type: UNKNOWN
20070410 Secunia Research: Microsoft Agent URL Parsing Memory CorruptionVulnerability
Source: HP
Type: UNKNOWN
HPSBST02208
Source: BID
Type: UNKNOWN
23337
Source: CCN
Type: BID-23337
Microsoft Agent URI Processing Remote Code Execution Vulnerability
Source: SECTRACK
Type: UNKNOWN
1017896
Source: CERT
Type: US Government Resource
TA07-100A
Source: VUPEN
Type: UNKNOWN
ADV-2007-1324
Source: MS
Type: UNKNOWN
MS07-020
Source: XF
Type: UNKNOWN
ms-agent-activex-code-execution(33265)
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2034
Vulnerable Configuration:
Configuration 1
:
cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:-:sp1:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
OR
cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
OR
cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
OR
cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
OR
cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.mitre.oval:def:2034
V
Microsoft Agent URL Parsing Vulnerability
2012-09-10
BACK
microsoft
windows 2000 * sp4
microsoft
windows 2003 server gold
microsoft
windows 2003 server gold
microsoft
windows 2003 server sp1
microsoft
windows 2003 server sp1
microsoft
windows 2003 server sp1
microsoft
windows 2003 server sp2
microsoft
windows 2003 server sp2
microsoft
windows 2003 server sp2
microsoft
windows xp * gold
microsoft
windows xp * sp2
microsoft
windows xp * sp2
microsoft
windows 2000 - sp4
microsoft
windows 2003 server - sp1
microsoft
windows xp sp2
microsoft
windows 2003 server -
microsoft
windows 2003_server sp1
microsoft
windows 2003_server sp1_itanium
microsoft
windows server_2003 sp2
microsoft
windows server_2003 sp2
microsoft
windows server_2003 sp2
microsoft
windows xp sp2
microsoft
windows 2003 *
Denotes that component is vulnerable