Microsoft Step-by-Step Interactive Training bookmark buffer overflow

2007-05-04T00:00:00
ID SAINT:3D26BDB245AF9184C7A25DCC9A0D631D
Type saint
Reporter SAINT Corporation
Modified 2007-05-04T00:00:00

Description

Added: 05/04/2007
CVE: CVE-2006-3448
BID: 22484
OSVDB: 31883

Background

Microsoft Step-by-Step Interactive Training is the engine used by various training programs.

Problem

A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially crafted bookmark link file is opened.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-005.

References

<http://www.kb.cert.org/vuls/id/466873>

Limitations

Exploit works on Microsoft Office 2000 Step-by-Step Interactive Training with MS05-031 patch on Windows 2000 and Windows XP.

A user must open the exploit file in order for the exploit to succeed.

Platforms

Windows