Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
BID:22484
Info
Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
| Bugtraq ID: | 22484 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-3448 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 13 2007 12:00AM |
| Updated: | Nov 25 2008 09:52PM |
| Credit: | Brett Moore of Security-Assessment.com is credited with the discovery of this vulnerability. |
| Vulnerable: |
Microsoft Step-By-Step Interactive Training 0 HP Storage Management Appliance 2.1 |
| Not Vulnerable: | |
Discussion
Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
Exploit / POC
Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
Solution:
Microsoft has released a security advisory addressing this issue. Please see the references for more information.
Microsoft Step-By-Step Interactive Training 0
Solution:
Microsoft has released a security advisory addressing this issue. Please see the references for more information.
Microsoft Step-By-Step Interactive Training 0
-
Microsoft Security Update for Windows (KB923723)
Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1.
http://www.microsoft.com/downloads/details.aspx?familyid=128c57af-663a -4476-92f5-aab394cfc91a&displaylang=en -
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB923723)
Windows Server 2003 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=5eeedd28-47a5 -4b30-a913-c1150330ecbe&displaylang=en -
Microsoft Security Update for Windows Server 2003 x64 Edition (KB923723)
Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=2760120e-96b2 -42b2-b5df-6322c9385729&displaylang=en -
Microsoft Security Update for Windows XP x64 Edition (KB923723)
Windows XP x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=e268ffd5-295c -45f7-afd1-60007e791f8c&displaylang=en
References
Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
References:
References: