search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Agent vulnerable to trusted site spoofing

Vulnerability Note VU#718542

Original Release Date: 2005-06-14 | Last Revised: 2005-08-02

Overview

Microsoft Agent contains a vulnerability that could allow a remote attacker to spoof trusted Internet content.

Description

Microsoft Agent is a software extension that enhances user interaction through the use of interactive personalities in the form of animated characters. Applications and web pages can be programmed to invoke Microsoft Agent to make navigation and other tasks easier and more natural for the user.

A flaw in Microsoft Agent allows security prompts to be disguised by a Microsoft Agent character. As a result, users could be led to believe that they are accessing trusted Internet content when, in fact, they are accessing malicious Internet content. The user could subsequently be convinced to unintentionally allow the installation of malicious software. A remote attacker with the ability to craft a malicious web page and persuade or trick a user into visiting it could exploit this vulnerability.

Impact

An attacker could spoof trusted Internet content, resulting in the installation of malicious code on the victim system.

Solution

Apply a patch

Microsoft has published Microsoft Security Bulletin MS05-032 in response to this issue. Users are encouraged to review the bulletin and apply the patches it refers to.

Workarounds


In addition to the patches referenced above, Microsoft Security Bulletin MS05-032 also contains workaround information to mitigate this issue. Users, particularly those who are unable to apply the patches, should consider implementing these workarounds as appropriate.

Vendor Information

718542
 

Microsoft Corporation Affected

Updated:  June 14, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft has published Microsoft Security Bulletin MS05-032 in response to this issue. Users are encouraged to review the bulletin and apply the patches it refers to.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Microsoft for reporting this vulnerability. Microsoft, in turn, credits Michael Krax with discovering and reporting this issue to them.

This document was written by Chad Dougherty based on information provided by Microsoft.

Other Information

CVE IDs: CVE-2005-1214
Severity Metric: 9.00
Date Public: 2005-06-14
Date First Published: 2005-06-14
Date Last Updated: 2005-08-02 18:50 UTC
Document Revision: 11

Sponsored by CISA.