MS06-068: Vulnerability in Microsoft Agent Could Remote Code Execution (920213)
High Nessus Plugin ID 23645
SynopsisIt is possible to execute arbitrary code on the remote host through the agent service.
DescriptionThe remote version of Windows contains a flaw in the Microsoft Agent service that could allow an attacker to execute arbitrary code on the remote host.
To exploit this flaw, an attacker would need to set up a rogue website and lure a victim on the remote host into visiting it or have him load a malformed .ACF file.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.