=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN361
_____________________________________________________________________

DATE                      : 00/02/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000 SP4.

======================================================================
http://www.microsoft.com/technet/security/bulletin/ms07-051.mspx
______________________________________________________________________

MS07-051 - Vulnerability in Microsoft Agent Could Allow Remote Code
Execution (938827)

Affected Software:
    -Microsoft Windows 2000 Service Pack 4

Non-Affected Software:
    -Windows XP Service Pack 2
    -Windows XP Professional x64 Edition and
     Windows XP Professional x64 Edition Service Pack 2
    -Windows Server 2003 Service Pack 1 and Server 2003 Service Pack 2
    -Windows Server 2003 x64 Edition Service Pack 1 and
     Windows Server 2003 x64 Edition Service Pack 2
    -Windows Server 2003 with SP1 for Itanium-based Systems, and
     Windows Server 2003 with SP2 for Itanium-based Systems
    -Windows Vista
    -Windows Vista x64 Edition
	
Vulnerability Details:

Agent Remote Code Execution Vulnerability - CVE-2007-3040

    A remote code execution vulnerability exists in Microsoft Agent in 
the way
    that it handles certain specially crafted URLs. The vulnerability 
could allow
    an attacker to remotely execute code on the affected system.

    This vulnerability requires that a user is logged on and visits a 
Web site
    for any malicious action to occur. Any systems where Internet 
Explorer is
    used frequently, such as workstations or terminal servers, are at 
the most
    risk from this vulnerability.


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================