<< Back
CVE Number Vulnerability Product Severity Date
MS07-005 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) Step-by-Step Interactive Critical 14-02-2007

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists in Step-by-Step Interactive Training because of the way that Step-by-Step Interactive Training handles bookmark link files.
Detailed Information on the risk:
An attacker could exploit the vulnerability by constructing a specially crafted bookmark link file that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.Further information on this exploit is available at : MS07-005

Affected Software

Step-by-Step Interactive Training when installed on Microsoft Windows 2000 Service Pack 4
Step-by-Step Interactive Training when installed on Microsoft Windows XP Service Pack 2
Step-by-Step Interactive Training when installed on Microsoft Windows XP Professional x64 Edition
Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 and Microsoft Windows Server2003 Service Pack 1
Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Step-by-Step Interactive Training when installed on Microsoft Windows Server 2003 x64 Edition