Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3448

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-3448
Last Modified 13 Jun 2011 12:00:00
Published 13 Feb 2007 03:28:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3448

Summary

Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.

Vulnerable Systems

Application

  • Microsoft Step-by-step Interactive Training


References

CERT - TA07-044A

CERT-VN - VU#466873

MS - MS07-005

XF - ms-stepbystep-bookmark-bo(30596)

VUPEN - ADV-2007-0574

SECTRACK - 1017632

BID - 22484

BUGTRAQ - 20070213 MS Interactive Training .cbo Overflow

OSVDB - 31883

SECUNIA - 24121


Last Updated: 27 May 2016 10:43:01