MS06-068: Microsoft Agent
CVE-2006-3445
This update fixes a buffer overflow in Microsoft Agent that could allow remote code execution.
Microsoft Agent is a component of the OS that allows (to quote Microsoft) "an enriched form of user interaction that can make using and learning to use a computer easier and more natural." This includes things like the paperclip that pops up at various times while using Microsoft Office applications. This feature can apparently be invoked via ActiveX in Internet Explorer Microsoft states that they are not aware of active exploitation of this vulnerability at this time.
Due to the possibility of remote exploitation, this should be considered critical for user machines, less urgent for servers.
From Microsoft's bulletin, the Microsoft Agent ActiveX controls can be disabled by setting the following kill bits in the registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}]
http://www.microsoft.com/technet/security/bulletin/ms06-068.mspx
This update fixes a buffer overflow in Microsoft Agent that could allow remote code execution.
Microsoft Agent is a component of the OS that allows (to quote Microsoft) "an enriched form of user interaction that can make using and learning to use a computer easier and more natural." This includes things like the paperclip that pops up at various times while using Microsoft Office applications. This feature can apparently be invoked via ActiveX in Internet Explorer Microsoft states that they are not aware of active exploitation of this vulnerability at this time.
Due to the possibility of remote exploitation, this should be considered critical for user machines, less urgent for servers.
Workarounds
From Microsoft's bulletin, the Microsoft Agent ActiveX controls can be disabled by setting the following kill bits in the registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D45FD31D-5C6E-11D1-9EC1-00C04FD7081F}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D45FD31E-5C6E-11D1-9EC1-00C04FD7081F}]
"Compatibility Flags"=dword:00000400
http://www.microsoft.com/technet/security/bulletin/ms06-068.mspx
Keywords:
0 comment(s)
My next class:
| LINUX Incident Response and Threat Hunting | Coral Gables | Nov 17th - Nov 22nd 2025 |
×
![modal content]()
Diary Archives
Comments