Vulnerabilities > CVE-2005-1212 - Buffer Overflow vulnerability in Microsoft Step-By-Step Interactive Training Bookmark Link
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
Vulnerable Configurations
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-031.NASL |
description | The remote host is running a version of Microsoft Step-by-Step Interactive Training that contains a flaw that could lead to remote code execution. To exploit this flaw, an attacker would need to trick a user on the remote host into opening a malformed file with the affected application. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18492 |
published | 2005-06-14 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18492 |
title | MS05-031: Vulnerability in Step-by-Step Interactive Training (898458) |
code |
|
Oval
accepted | 2006-09-27T12:28:32.053-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
description | Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:1224 | ||||||||
status | accepted | ||||||||
submitted | 2005-08-08T12:00:00.000-04:00 | ||||||||
title | Step-by-Step Interactive Training Buffer Overflow | ||||||||
version | 26 |
References
- http://idefense.com/application/poi/display?id=262&type=vulnerabilities&flashstatus=true
- http://secunia.com/advisories/15669/
- http://securitytracker.com/id?1014194
- http://www.securityfocus.com/bid/13944
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-031
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1224