Buffer Overflow Vulnerability in Microsoft Step-by-Step Interactive Training
CVE-2005-1212

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows 2000 Terminal Services; Windows Xp; Windows 2000
Vendor: CVE Published:; 14 June 2005

Summary

A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training (onrun32.exe) exposes the application to remote code execution attacks. When a user opens a bookmark link file with an excessively long User field, it may cause the application to overwrite memory space, allowing an attacker to execute arbitrary code on the user’s system. This vulnerability highlights the importance of securing software applications against such buffer overflow exploits, particularly when processing user inputs from potentially unsafe sources.

References

http://www.securityfocus.com/bid/13944

vdb-entryx_refsource_BID

http://idefense.com/application/poi/display?id=262&type=v...

third-party-advisoryx_refsource_IDEFENSE

http://secunia.com/advisories/15669/

third-party-advisoryx_refsource_SECUNIA

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 14, 2005
Vulnerability Reserved
Apr 22, 2005