View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

Microsoft Agent URL Parsing remote code execution vulnerability

Date Discovered:
10 Apr 2007

Date Published:
11 Apr 2007

Last Updated:
18 Dec 2008

Threat Assessment

Overall Risk:  Medium
Popularity : High
Impact:  High
Simplicity:  Low

Characteristics

Vulnerability ID:  35206
Discovered By:  JJ Reyes and Carsten Eiram

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  A remote attacker can execute arbitrary code.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

Microsoft Agent contains a vulnerability that can allow a remote attacker to execute arbitrary code. The vulnerability is due to improper parsing of specially crafted URL by Microsoft Agent control. An attacker can entice users to visit a malicious website to execute arbitrary code.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition SP1 IA64 64 EN, Microsoft Windows XP Professional 64-Bit Edition x64 64 EN, Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN

Please download the required patches from the vendor site -

http://www.microsoft.com/technet/security/bulletin/ms07-020.mspx



-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT
Apply: Windows2000-KB938827-x86
If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 DE

Download:
http://download.microsoft.com/download/f/8/7/f875468f-ca77-4b43-9c57-9f74f18dd9ae/Windows2000-KB938827-x86-DEU.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 IT

Download:
http://download.microsoft.com/download/7/1/6/716c5079-3b11-4624-a3a6-2b0604982b54/Windows2000-KB938827-x86-ITA.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 ES

Download:
http://download.microsoft.com/download/7/3/a/73a5f357-03f3-4efd-ae66-867c5d145927/Windows2000-KB938827-x86-ESN.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 EN

Download:
http://download.microsoft.com/download/c/1/2/c12a5836-34ca-404b-87ef-dd870cbdf092/Windows2000-KB938827-x86-ENU.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 FR

Download:
http://download.microsoft.com/download/8/8/e/88e22a25-6011-40c4-83cb-e2e2dcaca435/Windows2000-KB938827-x86-FRA.EXE


-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition SP1 IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT, Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional 64-Bit Edition x64 64 EN, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT, Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN

Steps for disabling the Activex control from running in Internet Explorer. Copy\Paste the instructions on to a notepad and save it with the extension .REG.

Load it to the registry by double clicking on the saved reg file.





Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}]

"Compatibility Flags"=dword:00000400



-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition SP1 IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT, Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional 64-Bit Edition x64 64 EN, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT, Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN

As a workaround solution,



To raise the browsing security level in Microsoft Internet Explorer, follow these steps:

1.On the Internet Explorer Tools menu, click Internet Options.

2.In the Internet Options dialog box, click the Security tab, and then click the Internet icon.

3.Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.



Note- If no slider is visible, click Default Level, and then move the slider to High.

-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition SP1 IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT, Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional 64-Bit Edition x64 64 EN, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT, Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN

We recommend that you add only sites that you trust to the Trusted sites zone,

click Tools -> internet options -> security tab -> select a Web content zone to specify its current security settings -> click Trusted Sites -> click Sites -> Add this Web site to the zone box -> click add.

If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.



Disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry.

-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition x64 64 EN, Microsoft Windows Server 2003 SP2 Enterprise Edition x64 64 EN, Microsoft Windows Server 2003 SP2 Standard Edition x64 64 EN, Microsoft Windows Server 2003 Standard Edition x64 64 EN, Microsoft Windows XP Professional 64-Bit Edition x64 64 EN, Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN
Apply: WindowsServer2003.WindowsXP-KB932168-x64
If you have: Microsoft Windows Server 2003 Enterprise Edition x64 64 EN, Microsoft Windows Server 2003 SP2 Enterprise Edition x64 64 EN, Microsoft Windows Server 2003 SP2 Standard Edition x64 64 EN, Microsoft Windows Server 2003 Standard Edition x64 64 EN, Microsoft Windows XP Professional 64-Bit Edition x64 64 EN, Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN

Download:
http://download.microsoft.com/download/7/2/c/72c94a3f-01d2-4937-a8a4-ee2af251a408/WindowsServer2003.WindowsXP-KB932168-x64-ENU.exe


-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT
Apply: Windows2000-kb932168-x86
If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 IT

Download:
http://download.microsoft.com/download/c/9/6/c96a1c6c-7165-4709-9793-7e164fb0bf6a/Windows2000-KB932168-x86-ITA.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 ES

Download:
http://download.microsoft.com/download/7/6/e/76ead594-0f98-4b66-90b2-a69081915df2/Windows2000-KB932168-x86-ESN.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 EN

Download:
http://download.microsoft.com/download/f/c/c/fccc6bf5-75eb-4dbb-abdd-d9915e2ba7c3/Windows2000-KB932168-x86-ENU.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 FR

Download:
http://download.microsoft.com/download/1/a/5/1a5a7700-5892-4d72-ac99-c19c1861bb41/Windows2000-KB932168-x86-FRA.EXE

If you have: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 DE

Download:
http://download.microsoft.com/download/b/7/9/b797145a-6865-4fe0-8f36-790ac16d6159/Windows2000-KB932168-x86-DEU.EXE


-------------------------------------------------------------------------------
For: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE, Microsoft Windows 2000 Advanced Server SP4 x86 32 EN, Microsoft Windows 2000 Advanced Server SP4 x86 32 ES, Microsoft Windows 2000 Advanced Server SP4 x86 32 FR, Microsoft Windows 2000 Advanced Server SP4 x86 32 IT, Microsoft Windows 2000 Professional SP4 x86 32 DE, Microsoft Windows 2000 Professional SP4 x86 32 EN, Microsoft Windows 2000 Professional SP4 x86 32 ES, Microsoft Windows 2000 Professional SP4 x86 32 FR, Microsoft Windows 2000 Professional SP4 x86 32 IT, Microsoft Windows 2000 Server SP4 x86 32 DE, Microsoft Windows 2000 Server SP4 x86 32 EN, Microsoft Windows 2000 Server SP4 x86 32 ES, Microsoft Windows 2000 Server SP4 x86 32 FR, Microsoft Windows 2000 Server SP4 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition SP1 IA64 64 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT, Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional 64-Bit Edition x64 64 EN, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT, Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN

Please perform the following steps as a workaround:



1. In Internet Explorer, click Internet Options on the Tools menu.



2. Click the Security tab.



3. Click Internet, and then click Custom Level.



4. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK.



5. Click Local intranet, and then click Custom Level.



6. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK.



7. Click OK two times to return to Internet Explorer.



-------------------------------------------------------------------------------
For: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 IT
Apply: Windowsserver2003-kb932168-x86
If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Enterprise Edition x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Standard Edition x86 32 EN, Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN, Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN, Microsoft Windows Server 2003 Web Edition x86 32 EN

Download:
http://download.microsoft.com/download/b/c/6/bc60a191-d168-4569-8382-9c3e2efea2ec/WindowsServer2003-KB932168-x86-ENU.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Enterprise Edition x86 32 FR, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Standard Edition x86 32 FR, Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR, Microsoft Windows Server 2003 Web Edition x86 32 FR

Download:
http://download.microsoft.com/download/f/8/3/f83b2424-1473-420e-9364-f0cece1d61d2/WindowsServer2003-KB932168-x86-FRA.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Enterprise Edition x86 32 IT, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Standard Edition x86 32 IT, Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT, Microsoft Windows Server 2003 Web Edition x86 32 IT

Download:
http://download.microsoft.com/download/e/9/7/e97c3752-a0fb-4eae-bca9-e1dea2bffa4f/WindowsServer2003-KB932168-x86-ITA.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Enterprise Edition x86 32 ES, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Standard Edition x86 32 ES, Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES, Microsoft Windows Server 2003 Web Edition x86 32 ES

Download:
http://download.microsoft.com/download/2/8/c/28c64559-57cb-4874-9a2e-0447d95fc93c/WindowsServer2003-KB932168-x86-ESN.exe

If you have: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Enterprise Edition x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE, Microsoft Windows Server 2003 Standard Edition x86 32 DE, Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE, Microsoft Windows Server 2003 Web Edition x86 32 DE

Download:
http://download.microsoft.com/download/9/e/e/9ee5e6b9-8895-40cf-bb56-119bedc421cc/WindowsServer2003-KB932168-x86-DEU.exe


-------------------------------------------------------------------------------
For: Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 IT
Apply: Windowsxp-kb932168-x86
If you have: Microsoft Windows XP Home Edition SP2 x86 32 ES, Microsoft Windows XP Professional SP2 x86 32 ES

Download:
http://download.microsoft.com/download/a/b/6/ab67290b-a35f-4cdf-9283-1586b391ec98/WindowsXP-KB932168-x86-ESN.exe

If you have: Microsoft Windows XP Home Edition SP2 x86 32 FR, Microsoft Windows XP Professional SP2 x86 32 FR

Download:
http://download.microsoft.com/download/0/c/f/0cfbaa89-7ddb-48fc-8d8c-40551b6c8eb1/WindowsXP-KB932168-x86-FRA.exe

If you have: Microsoft Windows XP Home Edition SP2 x86 32 EN, Microsoft Windows XP Professional SP2 x86 32 EN

Download:
http://download.microsoft.com/download/1/2/d/12df2548-8691-465e-9b3d-83f3666aabb1/WindowsXP-KB932168-x86-ENU.exe

If you have: Microsoft Windows XP Home Edition SP2 x86 32 IT, Microsoft Windows XP Professional SP2 x86 32 IT

Download:
http://download.microsoft.com/download/9/7/c/97c2c08f-21d0-4689-b020-c9fa79b6039f/WindowsXP-KB932168-x86-ITA.exe

If you have: Microsoft Windows XP Home Edition SP2 x86 32 DE, Microsoft Windows XP Professional SP2 x86 32 DE

Download:
http://download.microsoft.com/download/c/e/d/cedf44c2-9dac-43ae-9472-86450e2b1ead/WindowsXP-KB932168-x86-DEU.exe

Back to top

Affected Technologies

Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Advanced Server SP4 x86 32 IT
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Professional SP4 x86 32 IT
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 DE
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 EN
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 ES
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 FR
Microsoft: Microsoft Windows 2000 Server SP4 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition IA64 64 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition 64-Bit Edition SP1 IA64 64 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Enterprise Edition SP2 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x64 64 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 DE
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 ES
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 FR
Microsoft: Microsoft Windows Server 2003 Enterprise Edition x86 32 IT
Microsoft: Microsoft Windows Server 2003 SP2 Enterprise Edition x64 64 EN
Microsoft: Microsoft Windows Server 2003 SP2 Standard Edition x64 64 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Standard Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Standard Edition SP2 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Standard Edition SP2 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition x64 64 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 DE
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 ES
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 FR
Microsoft: Microsoft Windows Server 2003 Standard Edition x86 32 IT
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 DE
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 ES
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 FR
Microsoft: Microsoft Windows Server 2003 Web Edition SP1 x86 32 IT
Microsoft: Microsoft Windows Server 2003 Web Edition SP2 x86 32 EN
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 DE
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 EN
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 ES
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 FR
Microsoft: Microsoft Windows Server 2003 Web Edition x86 32 IT
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 DE
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 EN
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 ES
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 FR
Microsoft: Microsoft Windows XP Home Edition SP2 x86 32 IT
Microsoft: Microsoft Windows XP Professional 64-Bit Edition x64 64 EN
Microsoft: Microsoft Windows XP Professional SP2 x86 32 DE
Microsoft: Microsoft Windows XP Professional SP2 x86 32 EN
Microsoft: Microsoft Windows XP Professional SP2 x86 32 ES
Microsoft: Microsoft Windows XP Professional SP2 x86 32 FR
Microsoft: Microsoft Windows XP Professional SP2 x86 32 IT
Microsoft: Microsoft Windows XP SP2 Professional 64-Bit Edition x64 64 EN

Back to top

References

Microsoft: ms07-020
Mitre CVE: CVE-2007-1205

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare