Microsoft Step-by-Step Interactive Training bookmark buffer overflow

Added: 05/04/2007
CVE: CVE-2006-3448
BID: 22484
OSVDB: 31883

Background

Microsoft Step-by-Step Interactive Training is the engine used by various training programs.

Problem

A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially crafted bookmark link file is opened.

Resolution

Apply the update referenced in Microsoft Security Bulletin 07-005.

References

http://www.kb.cert.org/vuls/id/466873

Limitations

Exploit works on Microsoft Office 2000 Step-by-Step Interactive Training with MS05-031 patch on Windows 2000 and Windows XP.

A user must open the exploit file in order for the exploit to succeed.

Platforms

Windows

Back to exploit index