SecurityTeam US - Microsoft Windows Step-by-Step Interactive Training Vulnerability


	Contribute : Advanced Search : Web Resources : Polls : File Repository

Poll
What would you like to see on SecurityTeamUS? More News Product Reviews HowTo's Custom RPM/Packages/Tools Other (Please leave comment) Results 96 votes \| 0 comments

Topics
Home Apache Apple Application Software Cisco Systems Database Servers Internet Explorer Linux Macromedia Microsoft Mozilla/Firefox Phishing/ID Theft Real Networks Security News Sun Microsystems Web Appliances/Devices Web Scripts Wi-Fi

Virus Alerts
17 Apr 2011 Troj/Mdrop-DKE 17 Apr 2011 Troj/Sasfis-O 17 Apr 2011 Troj/Keygen-FU 17 Apr 2011 Troj/Zbot-AOY 17 Apr 2011 Troj/Zbot-AOW 17 Apr 2011 W32/Womble-E 17 Apr 2011 Troj/VB-FGD 17 Apr 2011 Troj/FakeAV-DFF 17 Apr 2011 Troj/SWFLdr-W 17 Apr 2011 W32/RorpiaMem-A

Events
There are no upcoming events

Welcome to SecurityTeam US
Monday, February 06 2012 @ 12:17 PM EST

Microsoft Windows Step-by-Step Interactive Training Vulnerability

Wednesday, June 15 2005 @ 07:32 AM EDT

iDEFENSE Labs has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the Step-by-Step Interactive Training component when handling bookmark link files. This can be exploited to cause a stack-based buffer overflow via a specially crafted bookmark link file containing an overly long string in the "User" field.

Successful exploitation requires that the user e.g. visits a malicious web site or opens a malicious attachment.

OPERATING SYSTEM:
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Millenium
Microsoft Windows 98 Second Edition
Microsoft Windows 98
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server

SOLUTION:
Apply patches.

Step-by-Step Interactive Training:
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8

Step-by-Step Interactive Training (running on Itanium-based system):
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8

Step-by-Step Interactive Training (running on x64-based system):
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8

PROVIDED AND/OR DISCOVERED BY:
iDEFENSE Labs

ORIGINAL ADVISORY:
MS05-031 (KB898458):
http://www.microsoft.com/technet/security/bulletin/ms05-031.mspx

iDEFENSE:
http://idefense.com/application/poi/display?id=262&type=vulnerabilities

VERIFY ADVISORY:
http://secunia.com/advisories/15669/

Secunia Security Advisories

What's Related
http://www.microsoft.co... http://www.microsoft.co... http://www.microsoft.co... http://www.microsoft.co... http://idefense.com/app... http://secunia.com/advi... More from Microsoft

Story Options
Mail Story to a Friend Printable Story Format

Microsoft Windows Step-by-Step Interactive Training Vulnerability | 0 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Dedicated Servers
Created this page in 0.97 seconds