Microsoft Step-by-Step Interactive Training Bookmark

2007-02-13T14:33:51
ID OSVDB:31883
Type osvdb
Reporter Brett Moore(brett.moore@security-assessment.com)
Modified 2007-02-13T14:33:51

Description

Vulnerability Description

A local overflow exists in Step-by-Step Interactive Traing. The program fails to validate the Syllabus string when opening .cbo files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A local overflow exists in Step-by-Step Interactive Traing. The program fails to validate the Syllabus string when opening .cbo files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1017632 Secunia Advisory ID:24121 Microsoft Security Bulletin: MS07-005 Microsoft Knowledge Base Article: 923723 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0221.html ISS X-Force ID: 30596 FrSIRT Advisory: ADV-2007-0574 CVE-2006-3448 CERT VU: 466873 Bugtraq ID: 22484