SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Step-by-Step Interactive Training Vendors:   Microsoft
Microsoft Step-by-Step Interactive Training Bookmark Link File Validation Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1014194
SecurityTracker URL:  http://securitytracker.com/id/1014194
CVE Reference:   CVE-2005-1212   (Links to External Site)
Updated:  Aug 12 2008
Original Entry Date:  Jun 14 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft Step-by-Step Interactive Training. A remote user can execute arbitrary code on the target system.

A remote user can create a specially crafted bookmark link file that, when loaded by the target user, will cause arbitrary code to be executed on the target user's system. The code will execute with the privileges of the target user.

This vulnerability can be exploited via a web page or e-mail message.

The vendor indicates that some user interaction is required to exploit this vulnerability.

The vendor credits iDEFENSE with reporting this vulnerability.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system with the privileges of the target user.
Solution:   The vendor has issued the following fixes:

Step-by-Step Interactive Training:

http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8

Step-by-Step Interactive Training when it is running on Itanium-based systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8

Step-by-Step Interactive Training when it is running on x64-based systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=591265a7-e7f4-409f-992b-84d954824ba8

A restart is not required.

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS05-031.mspx (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC