9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.78 High
EPSS
Percentile
98.2%
Added: 09/11/2007
CVE: CVE-2007-3040
BID: 25566
OSVDB: 36934
Microsoft Agent is a component of the Windows operating system designed to make using a computer easier through enriched user interaction.
A vulnerability in Microsoft Agent allows command execution when a user loads a web page which calls the Microsoft Agent ActiveX control with a specially crafted URL.
Apply the patch referenced in Microsoft Security Bulletin 07-051.
<http://www.microsoft.com/technet/security/bulletin/ms07-051.mspx>
Exploit works on Windows 2000 SP4 and requires a user to load the exploit page in Internet Explorer.
Windows 2000