Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:SBS-TRAINING-OF2 |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
APP |
Keywords |
Step-by-Step Interactive Training Overflow 2 |
Release Date |
2005/06/13 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Step-by-Step Interactive Training Overflow 2
This signature detects attempts to exploit a known vulnerability in Step-by-Step Interactive Training, which does not handle bookmark link files correctly. Attackers can create a malicious bookmark link file, that, when accessed by a user to visit a listed Web site or opened as an attachment within an e-mail, enables the attacker to execute code and/or completely control a target host.
Extended Description
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
Affected Products
- Microsoft windows_2000 (:advanced_server)
- Microsoft windows_2000 (:datacenter_server)
- Microsoft windows_2000 (:professional)
- Microsoft windows_2000 (:server)
- Microsoft windows_2000 (sp1)
- Microsoft windows_2000 (sp1:advanced_server)
- Microsoft windows_2000 (sp1:datacenter_server)
- Microsoft windows_2000 (sp1:professional)
- Microsoft windows_2000 (sp1:server)
- Microsoft windows_2000 (sp2)
- Microsoft windows_2000 (sp2:advanced_server)
- Microsoft windows_2000 (sp2:datacenter_server)
- Microsoft windows_2000 (sp2:professional)
- Microsoft windows_2000 (sp2:server)
- Microsoft windows_2000 (sp3)
- Microsoft windows_2000 (sp3:advanced_server)
- Microsoft windows_2000 (sp3:datacenter_server)
- Microsoft windows_2000 (sp3:professional)
- Microsoft windows_2000 (sp3:server)
- Microsoft windows_2000 (sp4:)
- Microsoft windows_2000 (sp4)
- Microsoft windows_2000 (sp4:advanced_server)
- Microsoft windows_2000 (sp4:datacenter_server)
- Microsoft windows_2000 (sp4::fr)
- Microsoft windows_2000 (sp4:professional)
- Microsoft windows_2000 (sp4:server)
- Microsoft windows_2000_terminal_services (sp1)
- Microsoft windows_2000_terminal_services (sp2)
- Microsoft windows_2000_terminal_services (sp3)
- Microsoft windows_2003_server 64-bit
- Microsoft windows_2003_server datacenter_64-bit (sp1)
- Microsoft windows_2003_server datacenter_64-bit (sp1_beta_1)
- Microsoft windows_2003_server enterprise
- Microsoft windows_2003_server enterprise (:64-bit)
- Microsoft windows_2003_server enterprise_64-bit (sp1)
- Microsoft windows_2003_server enterprise_64-bit (sp1_beta_1)
- Microsoft windows_2003_server enterprise (sp1)
- Microsoft windows_2003_server enterprise (sp1_beta_1)
- Microsoft windows_2003_server r2
- Microsoft windows_2003_server r2 (:64-bit)
- Microsoft windows_2003_server r2 (:datacenter_64-bit)
- Microsoft windows_2003_server r2 (sp1)
- Microsoft windows_2003_server r2 (sp1_beta_1)
- Microsoft windows_2003_server standard
- Microsoft windows_2003_server standard (:64-bit)
- Microsoft windows_2003_server standard_64-bit
- Microsoft windows_2003_server standard (sp1)
- Microsoft windows_2003_server standard (sp1_beta_1)
- Microsoft windows_2003_server web (sp1)
- Microsoft windows_2003_server web (sp1_beta_1)
- Microsoft windows_98 (gold)
- Microsoft windows_98se
- Microsoft windows_me (:second_edition)
- Microsoft windows_xp (:64-bit)
- Microsoft windows_xp (:embedded)
- Microsoft windows_xp (gold)
- Microsoft windows_xp (gold:professional)
- Microsoft windows_xp (:home)
- Microsoft windows_xp (:media_center)
- Microsoft windows_xp (sp1)
- Microsoft windows_xp (sp1:64-bit)
- Microsoft windows_xp (sp1:embedded)
- Microsoft windows_xp (sp1:home)
- Microsoft windows_xp (sp1:media_center)
- Microsoft windows_xp (sp1:tablet_pc)
- Microsoft windows_xp (sp2)
- Microsoft windows_xp (sp2:home)
- Microsoft windows_xp (sp2:media_center)
- Microsoft windows_xp (sp2:tablet_pc)
References
- BugTraq: 13944
- CVE: CVE-2005-1212