MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

High Nessus Plugin ID 24329


Arbitrary code can be executed on the remote host through the training software.


The remote host is running a version of Microsoft Step-by-Step Interactive Training that contains a flaw that could lead to remote code execution.

To exploit this flaw, an attacker would need to trick a user on the remote host into opening a malformed file with the affected application.


Microsoft has released a patch.

See Also

Plugin Details

Severity: High

ID: 24329

File Name: smb_nt_ms07-005.nasl

Version: $Revision: 1.25 $

Type: local

Agent: windows

Published: 2007/02/13

Modified: 2017/08/10

Dependencies: 13855, 57033

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:step-by-step_interactive_training

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2007/02/13

Vulnerability Publication Date: 2007/02/13

Reference Information

CVE: CVE-2006-3448

BID: 22484

OSVDB: 31883

MSFT: MS07-005

MSKB: 923723

CERT: 466873