ID CVE-2006-1313
Summary Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 6.8 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2012-12-31T04:00:05.397-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nate Przybyszewski
      organization The MITRE Corporation
    • name Chandan S
      organization SecPod Technologies
    description Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    family windows
    id oval:org.mitre.oval:def:1067
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Microsoft JScript Memory Corruption Vulnerability
    version 67
  • accepted 2007-03-21T16:16:57.859-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Nate Przybyszewski
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    family windows
    id oval:org.mitre.oval:def:1644
    status deprecated
    submitted 2006-06-14T09:55:00.000-04:00
    title DEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K)
    version 67
  • accepted 2007-03-21T16:17:03.450-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Nate Przybyszewski
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    family windows
    id oval:org.mitre.oval:def:1785
    status deprecated
    submitted 2006-06-14T09:55:00.000-04:00
    title DEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K w/ JScript 5.6)
    version 67
  • accepted 2006-10-24T09:15:47.362-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Nate Przybyszewski
      organization The MITRE Corporation
    description Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    family windows
    id oval:org.mitre.oval:def:2003
    status deprecated
    submitted 2006-06-14T09:55:00.000-04:00
    title DEPRECATED: Microsoft JScript Memory Corruption Vulnerability (WinXP)
    version 64
refmap via4
bid 18359
cert TA06-164A
cert-vn VU#390044
ms MS06-023
osvdb 26434
sectrack 1016283
secunia 20620
vupen ADV-2006-2321
xf ms-jscript-code-execution(26805)
Last major update 30-04-2019 - 14:27
Published 13-06-2006 - 19:06
Back to Top