Lucene search

SAINT CorporationSAINT:3D26BDB245AF9184C7A25DCC9A0D631D

HistoryMay 04, 2007 - 12:00 a.m.

Microsoft Step-by-Step Interactive Training bookmark buffer overflow

2007-05-0400:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.915 High

EPSS

Percentile

98.9%

JSON

Added: 05/04/2007
CVE: CVE-2006-3448
BID: 22484
OSVDB: 31883

Background

Microsoft Step-by-Step Interactive Training is the engine used by various training programs.

Problem

A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially crafted bookmark link file is opened.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-005.

References

<http://www.kb.cert.org/vuls/id/466873>

Limitations

Exploit works on Microsoft Office 2000 Step-by-Step Interactive Training with MS05-031 patch on Windows 2000 and Windows XP.

A user must open the exploit file in order for the exploit to succeed.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.915 High

EPSS

Percentile

98.9%

JSON

Related for SAINT:3D26BDB245AF9184C7A25DCC9A0D631D