=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN381
_____________________________________________________________________

DATE                      : 15/06/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 98, Windows Me, Windows 2000, Windows XP,
                                Windows Server 2003.

======================================================================

  http://www.microsoft.com/technet/security/bulletin/MS05-032.mspx

MS05-032 - Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

   - Affected Software:
     - Windows 2000 Service Pack 3
     - Windows 2000 Service Pack 4
     - Windows XP Service Pack 1
     - Windows XP Service Pack 2
     - Windows XP 64-Bit Edition Service Pack 1 (Itanium)
     - Windows XP 64-Bit Edition Version 2003 (Itanium)
     - Windows XP Professional x64 Edition
     - Windows Server 2003
     - Windows Server 2003 for Itanium-based Systems
     - Windows Server 2003 with SP1 for Itanium-based Systems
     - Windows Server 2003 x64 Edition

     - Review the FAQ section of bulletin MS05-032 for information
       about these operating systems:
         - Windows 98
         - Windows 98 Second Edition (SE)
         - Windows Millennium Edition (ME)

     - Impact: Spoofing
     - Version Number: 1.0


- From the Microsoft Security Bulletin MS05-032:

Vulnerability Details

Microsoft Agent Vulnerability - CAN-2005-1214

This is a spoofing vulnerability that exists in the affected products and
that could enable an attacker to spoof trusted Internet content. Users could
believe that they are accessing trusted Internet content. However, they are
accessing malicious Internet content such as a malicious Web site. An
attacker would first have to persuade a user to visit the attacker's site to
attempt to exploit this vulnerability.

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================