ID CVE-2006-1311
Summary The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:learning_essentials:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:learning_essentials:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:learning_essentials:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:learning_essentials:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:learning_essentials:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:learning_essentials:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2012-05-28T04:00:05.356-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Clifford Farrugia
    organization GFI Software
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Office 2000 is installed
    oval oval:org.mitre.oval:def:93
  • comment Microsoft Office XP is installed
    oval oval:org.mitre.oval:def:663
  • comment Microsoft Office 2003 is installed
    oval oval:org.mitre.oval:def:233
  • comment Microsoft Project 2000 SR1 is installed
    oval oval:org.mitre.oval:def:518
  • comment Microsoft Project 2002 SP1 is installed
    oval oval:org.mitre.oval:def:707
  • comment Microsoft Office Visio 2002 SP2 is installed
    oval oval:org.mitre.oval:def:692
  • comment Microsoft Word Viewer is installed
    oval oval:org.mitre.oval:def:737
  • comment Microsoft Excel Viewer 2003 is installed
    oval oval:org.mitre.oval:def:439
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
description The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
family windows
id oval:org.mitre.oval:def:1090
status accepted
submitted 2007-02-14T09:49:32
title Microsoft RichEdit Vulnerability
version 79
refmap via4
bid 21876
cert TA07-044A
cert-vn VU#368132
osvdb 31886
sectrack
  • 1017640
  • 1017641
secunia 24152
vupen ADV-2007-0582
xf ms-richedit-code-execution(30592)
Last major update 12-10-2018 - 21:39
Published 13-02-2007 - 20:28
Last modified 12-10-2018 - 21:39
Back to Top