9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.915 High
EPSS
Percentile
98.9%
Added: 05/04/2007
CVE: CVE-2006-3448
BID: 22484
OSVDB: 31883
Microsoft Step-by-Step Interactive Training is the engine used by various training programs.
A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially crafted bookmark link file is opened.
Apply the update referenced in Microsoft Security Bulletin 07-005.
<http://www.kb.cert.org/vuls/id/466873>
Exploit works on Microsoft Office 2000 Step-by-Step Interactive Training with MS05-031 patch on Windows 2000 and Windows XP.
A user must open the exploit file in order for the exploit to succeed.
Windows