Vulnerabilities > CVE-2005-1214 - Unspecified vulnerability in Microsoft products

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
microsoft
nessus

Summary

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-032.NASL
descriptionThe remote version of Windows contains a flaw in the Microsoft Agent service that could allow an attacker to spoof the content of a website. To exploit this flaw, an attacker would need to set up a rogue website and lure a victim on the remote host into visiting it.
last seen2020-06-01
modified2020-06-02
plugin id18485
published2005-06-14
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18485
titleMS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing (890046)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(18485);
 script_version("1.37");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-1214");
 script_bugtraq_id(13948);
 script_xref(name:"MSFT", value:"MS05-032");
 script_xref(name:"MSKB", value:"890046");

 script_name(english:"MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing (890046)");
 script_summary(english:"Determines the presence of update 890046");

 script_set_attribute(attribute:"synopsis", value:"It is possible to spoof the content of a website.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows contains a flaw in the Microsoft Agent
service that could allow an attacker to spoof the content of a website.

To exploit this flaw, an attacker would need to set up a rogue website
and lure a victim on the remote host into visiting it.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-032");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/14");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/06/14");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/14");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-032';
kb = '890046';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'3,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Agentdpv.dll", version:"2.0.0.3423", dir:"\msagent", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"Agentdpv.dll", version:"5.2.3790.1241", dir:"\msagent", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Agentdpv.dll", version:"2.0.0.3423", dir:"\msagent", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Agentdpv.dll", version:"2.0.0.3423", dir:"\msagent", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Agentdpv.dll", version:"2.0.0.3423", dir:"\msagent", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2011-05-16T04:00:30.901-04:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameDragos Prisaca
      organizationSecure Elements, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
    familywindows
    idoval:org.mitre.oval:def:1194
    statusaccepted
    submitted2005-06-22T12:00:00.000-04:00
    titleMicrosoft Agent Security Prompt Spoofing Vulnerability (Windows XP)
    version34
  • accepted2011-05-16T04:03:20.482-04:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
    familywindows
    idoval:org.mitre.oval:def:682
    statusaccepted
    submitted2005-06-22T12:00:00.000-04:00
    titleMicrosoft Agent Security Prompt Spoofing Vulnerability (Windows 2000)
    version31
  • accepted2011-05-16T04:03:35.415-04:00
    classvulnerability
    contributors
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameHarvey Rubinovitz
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
    familywindows
    idoval:org.mitre.oval:def:906
    statusaccepted
    submitted2005-06-22T12:00:00.000-04:00
    titleMicrosoft Agent Security Prompt Spoofing Vulnerability (Server 2003)
    version30