CVE-2006-3448

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version

Description: The issue is related to a buffer overflow in the Step-by-Step Interactive Training component of Microsoft Windows. This allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files, such as those with .cbo, .cbl, or .cbm extensions.

Recommendations: For Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.