Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents
|
|
SecurityTracker Alert ID: 1014197
|
|
SecurityTracker URL: http://securitytracker.com/id?1014197
|
|
CVE Reference: CAN-2005-1214
(Links to External Site)
|
Updated: Aug 11 2005
|
Original Entry Date: Jun 14 2005
|
Impact: Modification of system information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Microsoft Security Advisory
|
Version(s): 98, 2000 SP4, XP SP2, 2003 SP1; and prior service packs
|
Description: A vulnerability was reported in Microsoft Agent, affecting Windows-based operating systems. A remote user can spoof security dialog boxes.
A certain Microsoft Agent character allows dialogs to be spoofed. A remote user can create specially crafted HTML that will exploit
Microsoft Agent to cause security prompts to be disguised. As a result, the target user may unintentionally permit the installation
of arbitrary software.
Microsoft credits Michael Krax with reporting this vulnerability.
|
Impact: A remote user can spoof security dialog boxes, which may cause a target user to unintentionally permit installation of arbitrary software.
|
Solution: The vendor has issued the following fixes. The fixes for x64-based systems, Microsoft Windows Server 2003 for Itanium-based Systems,
and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems were updated by Microsoft on August 8, 2005.
Microsoft Windows
2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7DEE96-F693-4C50-896D-2365873245A9
Microso
ft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F2247275-25F9-4937-97CD-9334135D6D79
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium):
http://www.microsoft.com/downloads/details.aspx?FamilyId=33E0A62D-395B-402C-A0A4-82E892E9B7AE
Microsof
t Windows XP 64-Bit Edition Version 2003 (Itanium):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9BA306DC-9C31-432B-91E0-B057C9C1EEAE
Microsoft
Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8C73D017-CF4F-49A3-9752-764F165F5B83
Microsoft
Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5B38AF7A-3054-4EFD-9007-E4EB3B57179E
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:
http://www.microsoft.com/downloads/detail
s.aspx?FamilyId=EDFF8603-6352-4410-9258-54DF418CCA99
Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AFF0FE48-AF
E0-4E7A-9FB0-6CB7E8332D49
A restart is required.
|
Vendor URL: www.microsoft.com/technet/security/Bulletin/MS05-032.mspx (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Me), Windows (98), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 14 Jun 2005 14:19:35 -0400
Subject: http://www.microsoft.com/technet/security/Bulletin/MS05-032.mspx
|
http://www.microsoft.com/technet/security/Bulletin/MS05-032.mspx
|
|
