Vulnerabilites related to microsoft - learning_essentials
cve-2006-1311
Vulnerability from cvelistv5
Published
2007-02-13 20:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/0582 | vdb-entry, x_refsource_VUPEN | |
| http://www.osvdb.org/31886 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1017640 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/368132 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1017641 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/21876 | vdb-entry, x_refsource_BID | |
| http://www.us-cert.gov/cas/techalerts/TA07-044A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013 | vendor-advisory, x_refsource_MS | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30592 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/24152 | third-party-advisory, x_refsource_SECUNIA | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T17:03:29.100Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2007-0582", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0582", }, { name: "31886", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/31886", }, { name: "1017640", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1017640", }, { name: "VU#368132", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/368132", }, { name: "1017641", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1017641", }, { name: "21876", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/21876", }, { name: "TA07-044A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-044A.html", }, { name: "MS07-013", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013", }, { name: "ms-richedit-code-execution(30592)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30592", }, { name: "24152", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24152", }, { name: "oval:org.mitre.oval:def:1090", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-02-13T00:00:00", descriptions: [ { lang: "en", value: "The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "ADV-2007-0582", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0582", }, { name: "31886", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/31886", }, { name: "1017640", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1017640", }, { name: "VU#368132", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/368132", }, { name: "1017641", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1017641", }, { name: "21876", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/21876", }, { name: "TA07-044A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-044A.html", }, { name: "MS07-013", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013", }, { name: "ms-richedit-code-execution(30592)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30592", }, { name: "24152", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24152", }, { name: "oval:org.mitre.oval:def:1090", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2006-1311", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2007-0582", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/0582", }, { name: "31886", refsource: "OSVDB", url: "http://www.osvdb.org/31886", }, { name: "1017640", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1017640", }, { name: "VU#368132", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/368132", }, { name: "1017641", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1017641", }, { name: "21876", refsource: "BID", url: "http://www.securityfocus.com/bid/21876", }, { name: "TA07-044A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA07-044A.html", }, { name: "MS07-013", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013", }, { name: "ms-richedit-code-execution(30592)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30592", }, { name: "24152", refsource: "SECUNIA", url: "http://secunia.com/advisories/24152", }, { name: "oval:org.mitre.oval:def:1090", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2006-1311", datePublished: "2007-02-13T20:00:00", dateReserved: "2006-03-20T00:00:00", dateUpdated: "2024-08-07T17:03:29.100Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2007-02-13 20:28
Modified
2024-11-21 00:08
Severity ?
Summary
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | learning_essentials | 1.0 | |
| microsoft | learning_essentials | 1.1 | |
| microsoft | learning_essentials | 1.5 | |
| microsoft | office | * | |
| microsoft | office | 2000 | |
| microsoft | office | 2003 | |
| microsoft | office | xp | |
| microsoft | windows_2000 | * | |
| microsoft | windows_2003_server | sp1 | |
| microsoft | windows_xp | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:learning_essentials:1.0:*:*:*:*:*:*:*", matchCriteriaId: "556AEEE8-2801-4B4A-AEC1-22BF8FFC7489", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:learning_essentials:1.1:*:*:*:*:*:*:*", matchCriteriaId: "1DE325B7-0EDA-4807-9EA1-BCB4EAD5850D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:learning_essentials:1.5:*:*:*:*:*:*:*", matchCriteriaId: "43C727FE-979A-4B67-B995-F5298C570A83", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", matchCriteriaId: "49AD45BF-8A91-4C87-AF15-D38D8468A4C5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", matchCriteriaId: "4891122F-AD7F-45E6-98C6-833227916F6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", matchCriteriaId: "07D3F3E4-93FB-481A-94D9-075E726697C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", matchCriteriaId: "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", matchCriteriaId: "330B6798-5380-44AD-9B52-DF5955FA832C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", matchCriteriaId: "644E2E89-F3E3-4383-B460-424D724EE62F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", matchCriteriaId: "FB2BE2DE-7B06-47ED-A674-15D45448F357", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.", }, { lang: "es", value: "El componente RichEdit en Microsoft Windows 2000 SP4, XP SP2, y 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, y Office 2004 para Mac; y Learning Essentials para Microsoft Office 1.0, 1.1, y 1.5 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un objeto OLE mal formado en un fichero RTF, lo cual provoca una corrupción de memoria.", }, ], id: "CVE-2006-1311", lastModified: "2024-11-21T00:08:33.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-02-13T20:28:00.000", references: [ { source: "secure@microsoft.com", url: "http://secunia.com/advisories/24152", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/368132", }, { source: "secure@microsoft.com", url: "http://www.osvdb.org/31886", }, { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/21876", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id?1017640", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id?1017641", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-044A.html", }, { source: "secure@microsoft.com", url: "http://www.vupen.com/english/advisories/2007/0582", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013", }, { source: "secure@microsoft.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30592", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/24152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/368132", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/31886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/21876", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1017640", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1017641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA07-044A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/0582", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/30592", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }