SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft Agent Vendors:   Microsoft
Microsoft Agent Lets Remote Users Spoof Security Dialog Box Contents
SecurityTracker Alert ID:  1014197
SecurityTracker URL:  http://securitytracker.com/id/1014197
CVE Reference:   CVE-2005-1214   (Links to External Site)
Updated:  Aug 11 2005
Original Entry Date:  Jun 14 2005
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 98, 2000 SP4, XP SP2, 2003 SP1; and prior service packs
Description:   A vulnerability was reported in Microsoft Agent, affecting Windows-based operating systems. A remote user can spoof security dialog boxes.

A certain Microsoft Agent character allows dialogs to be spoofed. A remote user can create specially crafted HTML that will exploit Microsoft Agent to cause security prompts to be disguised. As a result, the target user may unintentionally permit the installation of arbitrary software.

Microsoft credits Michael Krax with reporting this vulnerability.

Impact:   A remote user can spoof security dialog boxes, which may cause a target user to unintentionally permit installation of arbitrary software.
Solution:   The vendor has issued the following fixes. The fixes for x64-based systems, Microsoft Windows Server 2003 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems were updated by Microsoft on August 8, 2005.

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7DEE96-F693-4C50-896D-2365873245A9

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F2247275-25F9-4937-97CD-9334135D6D79

Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium):

http://www.microsoft.com/downloads/details.aspx?FamilyId=33E0A62D-395B-402C-A0A4-82E892E9B7AE

Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium):

http://www.microsoft.com/downloads/details.aspx?FamilyId=9BA306DC-9C31-432B-91E0-B057C9C1EEAE

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8C73D017-CF4F-49A3-9752-764F165F5B83

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5B38AF7A-3054-4EFD-9007-E4EB3B57179E

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=EDFF8603-6352-4410-9258-54DF418CCA99

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=AFF0FE48-AFE0-4E7A-9FB0-6CB7E8332D49

A restart is required.

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS05-032.mspx (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC