MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

High Nessus Plugin ID 24329

Synopsis

Arbitrary code can be executed on the remote host through the training software.

Description

The remote host is running a version of Microsoft Step-by-Step Interactive Training that contains a flaw that could lead to remote code execution.

To exploit this flaw, an attacker would need to trick a user on the remote host into opening a malformed file with the affected application.

Solution

Microsoft has released a patch.

See Also

https://technet.microsoft.com/library/security/MS07-005

Plugin Details

Severity: High

ID: 24329

File Name: smb_nt_ms07-005.nasl

Version: $Revision: 1.25 $

Type: local

Agent: windows

Published: 2007/02/13

Modified: 2017/08/10

Dependencies: 57033, 13855

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:step-by-step_interactive_training

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2007/02/13

Vulnerability Publication Date: 2007/02/13

Reference Information

CVE: CVE-2006-3448

BID: 22484

MSFT: MS07-005

MSKB: 923723

CERT: 466873