SecurityTracker.com Archives - Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > Microsoft JScript

Vendors: Microsoft

Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1016283

SecurityTracker URL: http://securitytracker.com/id?1016283

CVE Reference: CVE-2006-1313 (Links to External Site)

Date: Jun 13 2006

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: Microsoft Security Bulletin

Version(s): 5.1, 5.5, 5.6

Description: A vulnerability was reported in Microsoft JScript. A remote user can cause arbitrary code to be executed on the target user's system.

Microsoft JScript may release objects early, resulting in memory corruption errors. A remote user can create a specially crafted JScript that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user. This can be exploited via web pages and HTML-based e-mail.

Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Microsoft JScript 5.1 on Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2 3E79ABD-B1FE-4734-B3D3-FB53D286C06F

Microsoft JScript 5.6 and 5.5 when installed on Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?Fam ilyId=16DD21A1-C4EE-4ECA-8B80-7BD1DFEFB4F8

Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D28C02BE-CAC3-4579-9B93-939FD5D3CDE6

Microsoft JScript 5.6 on Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2EE3DD28-7167-4A2C-941D-A236F8CC5C4B

Microsof t JScript 5.6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8963AE25-2230 -47FE-AECE-49D7457D96D4

Microsoft JScript 5.6 on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7764C7DC-A7E4-4B91-95C2-EF7D4DCE0A00

Microsoft JScript 5.6 on Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BCF7AB2E-EE1C-45F9-8B1C-4B1CEF683082

A restart may be required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-023.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms06-023.mspx (Links to External Site)

Cause: State error

Underlying OS: Windows (98), Windows (2000), Windows (2003), Windows (XP)

Message History: None.

Source Message Contents

Date: Tue, 13 Jun 2006 11:10:56 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms06-023.mspx

 
 
http://www.microsoft.com/technet/security/bulletin/ms06-023.mspx

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2006, SecurityGlobal.net LLC