Microsoft Agent Content Spoofing Vulnerability (MS05-032)

MODERATE: Microsoft Agent Content Spoofing Vulnerability (MS05-032)
Affected:
Windows 98/ME/SE/2000 SP3 and SP4/XP SP1 and SP2/2003 including SP1

Description: Microsoft Agent is a software technology that provides an
enhanced user interface for applications and web pages with interactive
animated characters. A malicious webpage can use the Microsoft Agent ActiveX
control to hide security warnings such as the file download prompts, which
may lead to installing malicious code on the client systems. Note that the
ActiveX control need not be pre-installed on the systems to exploit this
flaw; the attacker's page can lead to its installation.

Status: Apply the update referenced in Microsoft Security Bulletin MS05-032.

Council Site Actions: Several reporting council sites plan to deploy this
patch during their next regularly scheduled system update process.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS05-032.mspx
Microsoft Agent ActiveX Documentation
http://www.microsoft.com/msagent/dev/docs/default.asp
http://www.microsoft.com/msagent/dev/docs/autodownload.asp
SecurityFocus BID
http://www.securityfocus.om/bid/13948