Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Agent memory corruption
updated since 14.11.2006
Published:30.01.2007
Source:
SecurityVulns ID:6826
Type:client
Threat Level:
7/10
Description:Memory corruption on parsing .ACF files.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Microsoft XML Core Services 6.0
 MICROSOFT : Microsoft XML Core Services 4.0
CVE:CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.)
Original documentdocumentCoseinc, COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched) (30.01.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) (14.11.2006)
Files:Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod