COSEINC Alert - A security researcher of COSEINC Vulnerability Research Lab has discovered that Microsoft Agent has a heap overflow vulnerability. This vulnerability is triggered when Microsoft Agent parses the malformed character file in its uncompressed state in memory, by having an overly large value in a length field. This will lead to an integer overflow during the allocation of buffer. Subsequently, when data is copied to the buffer, the heap overflow will occur. The result is possible remote code execution.
c519c6cb74cd3592aa3be74223bb70e4e71cc29f845b8e57a3232f52fef3b460