CVE-2005-1212

Current Description

Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.

Referenced by CVEs:

CVE-2006-3448

Basic Data

Published	June 14, 2005
Last Modified	April 30, 2019
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	PARTIAL
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	7.5
Severity	HIGH
Exploitability Score	10.0
Impact Score	6.4
Obtain All Privilege	false
Obtain User Privilege	true
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Microsoft	Windows 2000	*	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000	*	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000	*	sp2	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000	*	sp3	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000	*	sp4	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000	*	sp4	*	fr	*	*	*	*
2.3	OS	Microsoft	Windows 2000 Terminal Services	*	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000 Terminal Services	*	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000 Terminal Services	*	sp2	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2000 Terminal Services	*	sp3	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	64-bit	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	datacenter_64-bit	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	datacenter_64-bit	sp1_beta_1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	enterprise	*	64-bit	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	enterprise	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	enterprise	sp1_beta_1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	enterprise_64-bit	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	enterprise_64-bit	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	enterprise_64-bit	sp1_beta_1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	r2	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	r2	*	64-bit	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	r2	*	datacenter_64-bit	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	r2	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	r2	sp1_beta_1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	standard	*	64-bit	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	standard	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	standard	sp1_beta_1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	standard_64-bit	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	web	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	web	sp1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 2003 Server	web	sp1_beta_1	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 98	*	gold	*	*	*	*	*	*
2.3	OS	Microsoft	Windows 98se	*	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows Me	*	*	*	*	*	*	*	*
2.3	OS	Microsoft	Windows Me	*	*	second_edition	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	*	64-bit	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	*	embedded	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	*	home	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	*	media_center	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	gold	*	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	gold	professional	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp1	64-bit	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp1	embedded	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp1	home	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp1	media_center	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp1	tablet_pc	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp2	home	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp2	media_center	*	*	*	*	*
2.3	OS	Microsoft	Windows Xp	*	sp2	tablet_pc	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Microsoft	Windows Xp	*
Microsoft	Windows 98	*
Microsoft	Windows 2000	*
Microsoft	Windows 2003 Server	64-bit, datacenter_64-bit, enterprise, enterprise_64-bit, r2, standard, standard_64-bit, web
Microsoft	Windows 2000 Terminal Services	*
Microsoft	Windows 98se	*
Microsoft	Windows Me	*

References

Name	Source	URL	Tags
20050614 Microsoft Windows Interactive Training Buffer Overflow Vulnerability	http://idefense.com/application/poi/display?id=262&type=vulnerabilities&flashstatus=true	IDEFENSE	Patch Vendor Advisory
15669	http://secunia.com/advisories/15669/	SECUNIA	Patch Vendor Advisory
1014194	http://securitytracker.com/id?1014194	SECTRACK
13944	http://www.securityfocus.com/bid/13944	BID
MS05-031	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-031	MS
oval:org.mitre.oval:def:1224	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1224	OVAL