Detections
Analytics

MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

high Nessus Plugin ID 24329

Synopsis

Arbitrary code can be executed on the remote host through the training software.

Description

The remote host is running a version of Microsoft Step-by-Step Interactive Training that contains a flaw that could lead to remote code execution.

To exploit this flaw, an attacker would need to trick a user on the remote host into opening a malformed file with the affected application.

Solution

Microsoft has released a patch.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-005

Plugin Details

Severity: High

ID: 24329

File Name: smb_nt_ms07-005.nasl

Version: 1.27

Type: local

Agent: windows

Published: 2/13/2007

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:microsoft:step-by-step_interactive_training

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 2/13/2007

Vulnerability Publication Date: 2/13/2007

Reference Information

CVE: CVE-2006-3448

BID: 22484

CERT: 466873

MSFT: MS07-005

MSKB: 923723