Signature Detail
Short Name |
HTTP:STC:SBS-TRAIN |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Step-by-Step Interactive Training Buffer Overflow |
Release Date |
2007/02/13 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Step-by-Step Interactive Training Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Step-By-Step Interactive Training. An attacker can create malicious Web pages containing dangerous CBO files with a long Syllabus reference, which if visited, can gain control of a victim's system.
Extended Description
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
Affected Products
- HP Storage Management Appliance 2.1
- Microsoft Step-By-Step Interactive Training
References
- BugTraq: 22484
- CVE: CVE-2006-3448