CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-46
Microsoft Windows JScript Memory Corruption Vulnerability

Original Issue Date: June 14, 2006

Severity Rating: High

Systems Affected

• Microsoft JScript 5.1, 5.6 and 5.5 on Microsoft Windows 2000 Service Pack 4
• Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft JScript 5.6 on Microsoft Windows XP Professional x64 Edition
• Microsoft JScript 5.6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft JScript 5.6 on Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft JScript 5.6 on Microsoft Windows Server 2003 x64 Edition
• Microsoft JScript 5.6 on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

Overview

A vulnerability has been reported in Microsoft JScript which could be exploited by remote attackers to execute arbitrary commands.

Description

This vulnerability is caused due to memory corruption error when releasing objects by using Jscript commands. This could be exploited by an attacker by creating maliciously crafted Jscript and hosting the same on a website and enticing a user to visit the same or sending as an email attachment.

Solution

Apply patches as mentioned in Microsoft Security Bulleting MS06-023

Vendor Information

Microsoft :
http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx

References

Microsoft :
http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx

FrSirt:
http://www.frsirt.com/english/advisories/2006/2321

Security Focus:
http://www.securityfocus.com/bid/18359

Secunia:
http://secunia.com/advisories/20620/

US-CERT:
http://www.kb.cert.org/vuls/id/390044

NVD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1313

CVE Name
CVE-2006-1313

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer