iDEFENSE Labs has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the Step-by-Step Interactive Training component when handling bookmark link files. This can be exploited to cause a stack-based buffer overflow via a specially crafted bookmark link file containing an overly long string in the "User" field.
Successful exploitation requires that the user e.g. visits a malicious web site or opens a malicious attachment.
OPERATING SYSTEM:
Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Millenium
Microsoft Windows 98 Second Edition
Microsoft Windows 98
Microsoft Windows 2000 Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server
SOLUTION:
Apply patches.
Step-by-Step Interactive Training:
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8
Step-by-Step Interactive Training (running on Itanium-based system):
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8
Step-by-Step Interactive Training (running on x64-based system):
http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8
PROVIDED AND/OR DISCOVERED BY:
iDEFENSE Labs
ORIGINAL ADVISORY:
MS05-031 (KB898458):
http://www.microsoft.com/technet/security/bulletin/ms05-031.mspx
iDEFENSE:
http://idefense.com/application/poi/display?id=262&type=vulnerabilities
VERIFY ADVISORY:
http://secunia.com/advisories/15669/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050615073225627