ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA24121] Microsoft Step-by-Step Interactive Training Bookmark Link File Buffer Overflow

> 
> TITLE:
> Microsoft Step-by-Step Interactive Training Bookmark Link File Buffer
> Overflow
> 
> SECUNIA ADVISORY ID:
> SA24121
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24121/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Interactive Training 3.x
> http://secunia.com/product/6508/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Step-by-Step
> Interactive Training, which can be exploited by malicious people to
> compromise a vulnerable system.
> 
> The vulnerability is caused due to a boundary error in the handling
> of Step-by-Step Interactive Training bookmark link files  (.cbo,
> .cbl, .cbm). This can be exploited to cause a buffer overflow via
> e.g. a specially crafted web page.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows 2000 Service Pack 4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=128c5
> 7af-663a-4476-92f5-aab394cfc91a
> 
> Microsoft Windows XP Service Pack 2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=128c5
> 7af-663a-4476-92f5-aab394cfc91a
> 
> Microsoft Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=e268f
> fd5-295c-45f7-afd1-60007e791f8c
> 
> Microsoft Windows Server 2003 (with or without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=128c5
> 7af-663a-4476-92f5-aab394cfc91a
> 
> Microsoft Windows Server 2003 for Itanium-based Systems (with or
> without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=5eeed
> d28-47a5-4b30-a913-c1150330ecbe
> 
> Microsoft Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=27601
> 20e-96b2-42b2-b5df-6322c9385729
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Brett Moore of Security-Assessment.com
> 
> ORIGINAL ADVISORY:
> MS07-005 (KB923723):
> http://www.microsoft.com/technet/security/Bulletin/MS07-005.mspx
>

 



Copyright © Lexa Software, 1996-2009.