CVE-2006-3448
CVSS9.3
发布时间 :2007-02-13 15:28:00
修订时间 :2011-06-13 00:00:00
NMCOS    

[原文]Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.


[CNNVD]Microsoft Windows分步交互式训练缓冲区溢出漏洞(CNNVD-200702-251)

        Microsoft Windows 2000 SP4,XP SP2何专业版以及Server 2003 SP1的分步交互式的训练中存在缓冲区溢出。远程攻击者可以借助特制的bookmark链接文件(cbo, cbl, or .cbm),执行任意代码。该漏洞不同于CVE-2005-1212。

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:162Interactive Training Vulnerability
oval:gov.nist.fdcc.patch:def:267MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
oval:gov.nist.USGCB.patch:def:267MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3448
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3448
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200702-251
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA07-044A.html
(UNKNOWN)  CERT  TA07-044A
http://www.kb.cert.org/vuls/id/466873
(UNKNOWN)  CERT-VN  VU#466873
http://www.microsoft.com/technet/security/Bulletin/MS07-005.mspx
(VENDOR_ADVISORY)  MS  MS07-005
http://xforce.iss.net/xforce/xfdb/30596
(UNKNOWN)  XF  ms-stepbystep-bookmark-bo(30596)
http://www.vupen.com/english/advisories/2007/0574
(VENDOR_ADVISORY)  VUPEN  ADV-2007-0574
http://www.securitytracker.com/id?1017632
(UNKNOWN)  SECTRACK  1017632
http://www.securityfocus.com/bid/22484
(UNKNOWN)  BID  22484
http://www.securityfocus.com/archive/1/archive/1/460009/100/0/threaded
(UNKNOWN)  BUGTRAQ  20070213 MS Interactive Training .cbo Overflow
http://www.osvdb.org/31883
(UNKNOWN)  OSVDB  31883
http://secunia.com/advisories/24121
(VENDOR_ADVISORY)  SECUNIA  24121

- 漏洞信息

Microsoft Windows分步交互式训练缓冲区溢出漏洞
高危 缓冲区溢出
2007-02-13 00:00:00 2007-08-03 00:00:00
远程  
        Microsoft Windows 2000 SP4,XP SP2何专业版以及Server 2003 SP1的分步交互式的训练中存在缓冲区溢出。远程攻击者可以借助特制的bookmark链接文件(cbo, cbl, or .cbm),执行任意代码。该漏洞不同于CVE-2005-1212。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Microsoft Step-By-Step Interactive Training 0
        Microsoft Security Update for Windows (KB923723)
        Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1.
        http://www.microsoft.com/downloads/details.aspx?familyid=128c57af-663a -4476-92f5-aab394cfc91a&displaylang=en
        Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB923723)
        Windows Server 2003 for Itanium-based Systems
        http://www.microsoft.com/downloads/details.aspx?familyid=5eeedd28-47a5 -4b30-a913-c1150330ecbe&displaylang=en
        Microsoft Security Update for Windows Server 2003 x64 Edition (KB923723)
        Windows Server 2003 x64 Edition
        http://www.microsoft.com/downloads/details.aspx?familyid=2760120e-96b2 -42b2-b5df-6322c9385729&displaylang=en
        Microsoft Security Update for Windows XP x64 Edition (KB923723)
        Windows XP x64 Edition
        http://www.microsoft.com/downloads/details.aspx?familyid=e268ffd5-295c -45f7-afd1-60007e791f8c&displaylang=en
        

- 漏洞信息

31883
Microsoft Step-by-Step Interactive Training Bookmark
Local Access Required Input Manipulation
Loss of Integrity Patch / RCS
Exploit Commercial Vendor Verified

- 漏洞描述

A local overflow exists in Step-by-Step Interactive Traing. The program fails to validate the Syllabus string when opening .cbo files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2007-02-13 2006-05-01
Unknow 2007-02-13

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
Boundary Condition Error 22484
Yes No
2007-02-13 12:00:00 2008-11-25 09:52:00
Brett Moore of Security-Assessment.com is credited with the discovery of this vulnerability.

- 受影响的程序版本

Microsoft Step-By-Step Interactive Training 0
HP Storage Management Appliance 2.1
+ HP Storage Management Appliance III
+ HP Storage Management Appliance II
+ HP Storage Management Appliance I

- 漏洞讨论

Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Microsoft has released a security advisory addressing this issue. Please see the references for more information.


Microsoft Step-By-Step Interactive Training 0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站