|
Microsoft Agent Trusted Internet Content Spoofing Vulnerability
|
|
Secunia Advisory:
|
SA15689
|
|
|
Release Date:
|
2005-06-14
|
|
Last Update:
|
2005-08-10
|
|
Popularity:
|
12,723 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Spoofing
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millenium
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-1214
|
|
Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to spoof certain information and potentially trick a user into installing a malicious program.
The vulnerability is caused due to an error in Microsoft Agent making it possible to spoof trusted Internet content (e.g. hide various security prompts by a Microsoft Agent character). This can be exploited to trick a user into believing that they are looking at trusted content when actually visiting a malicious web site.
Successful exploitation requires that a user visits a malicious web site.
Solution:
Apply patches.
Microsoft Windows 2000 (requires SP3 or SP4):
http://www.microsoft.com/downloads/de...=6A7DEE96-F693-4C50-896D-2365873245A9
Microsoft Windows XP (requires SP1 or SP2):
http://www.microsoft.com/downloads/de...=F2247275-25F9-4937-97CD-9334135D6D79
Microsoft Windows XP 64-Bit Edition for Itanium (requires SP1):
http://www.microsoft.com/downloads/de...=33E0A62D-395B-402C-A0A4-82E892E9B7AE
Microsoft Windows XP 64-Bit Edition Version 2003 for Itanium:
http://www.microsoft.com/downloads/de...=9BA306DC-9C31-432B-91E0-B057C9C1EEAE
Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/de...=8C73D017-CF4F-49A3-9752-764F165F5B83
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/de...=5B38AF7A-3054-4EFD-9007-E4EB3B57179E
Microsoft Windows Server 2003 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=EDFF8603-6352-4410-9258-54DF418CCA99
Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/de...=AFF0FE48-AFE0-4E7A-9FB0-6CB7E8332D49
Microsoft Windows 98, Windows 98 SE, and Windows ME:
Microsoft will not release security updates for these versions of Windows.
Provided and/or discovered by:
The vendor credits Michael Krax.
Changelog:
2005-06-15: Added link to US-CERT vulnerability note.
2005-08-10: Vendor issues revised patches for Windows XP Professional x64 Edition, Windows Server 2003 for Itanium-based systems, and Windows Server 2003 x64 Edition.
Original Advisory:
MS05-032 (KB890046):
http://www.microsoft.com/technet/security/bulletin/ms05-032.mspx
Other References:
US-CERT VU#718542:
http://www.kb.cert.org/vuls/id/718542
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
