cvelistv5 - CVE-2006-1313

CVE-2006-1313 (GCVE-0-2006-1313)

Vulnerability from cvelistv5 – Published: 2006-06-13 19:00 – Updated: 2024-08-07 17:03

Summary

Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://securitytracker.com/id?1016283	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/2321	vdb-entryx_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	third-party-advisoryx_refsource_CERT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.kb.cert.org/vuls/id/390044	third-party-advisoryx_refsource_CERT-VN
	http://www.osvdb.org/26434	vdb-entryx_refsource_OSVDB
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/18359	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/20620	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:03:29.012Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:1785",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
          },
          {
            "name": "oval:org.mitre.oval:def:1644",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
          },
          {
            "name": "1016283",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016283"
          },
          {
            "name": "ms-jscript-code-execution(26805)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
          },
          {
            "name": "ADV-2006-2321",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2321"
          },
          {
            "name": "TA06-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1067",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
          },
          {
            "name": "VU#390044",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/390044"
          },
          {
            "name": "26434",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26434"
          },
          {
            "name": "MS06-023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
          },
          {
            "name": "18359",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18359"
          },
          {
            "name": "oval:org.mitre.oval:def:2003",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
          },
          {
            "name": "20620",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20620"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:1785",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
        },
        {
          "name": "oval:org.mitre.oval:def:1644",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
        },
        {
          "name": "1016283",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016283"
        },
        {
          "name": "ms-jscript-code-execution(26805)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
        },
        {
          "name": "ADV-2006-2321",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2321"
        },
        {
          "name": "TA06-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:1067",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
        },
        {
          "name": "VU#390044",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/390044"
        },
        {
          "name": "26434",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26434"
        },
        {
          "name": "MS06-023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
        },
        {
          "name": "18359",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18359"
        },
        {
          "name": "oval:org.mitre.oval:def:2003",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
        },
        {
          "name": "20620",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20620"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-1313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:1785",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
            },
            {
              "name": "oval:org.mitre.oval:def:1644",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
            },
            {
              "name": "1016283",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016283"
            },
            {
              "name": "ms-jscript-code-execution(26805)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
            },
            {
              "name": "ADV-2006-2321",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2321"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1067",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
            },
            {
              "name": "VU#390044",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/390044"
            },
            {
              "name": "26434",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26434"
            },
            {
              "name": "MS06-023",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
            },
            {
              "name": "18359",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18359"
            },
            {
              "name": "oval:org.mitre.oval:def:2003",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
            },
            {
              "name": "20620",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20620"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-1313",
    "datePublished": "2006-06-13T19:00:00",
    "dateReserved": "2006-03-20T00:00:00",
    "dateUpdated": "2024-08-07T17:03:29.012Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"294EBA01-147B-4DA0-937E-ACBB655EDE53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E8B7346-F2AA-434C-A048-7463EC1BB117\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE1A6107-DE00-4A1C-87FC-9E4015165B5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"480D8321-EB2F-4626-A16B-F3C2B771EDB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3538DA2-B040-426D-9ADC-7C5BE9C2D4E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F633513-6E9A-4F2D-964A-6AFDE5307AD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4ED8947F-2490-41CA-A7B3-2C93D69C3F8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B127407D-AE50-4AFE-A780-D85B5AF44A2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6E3EB90-92C9-4B69-B58C-087D382DC579\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3AF27C8-C2FA-477D-8332-B96277530B4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB1CE6C6-6E6E-4C4E-A7B1-DC6651864298\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"34ACB544-87DD-4D9A-99F0-A10F48C1EE05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"4E9E190B-A109-4177-A5B5-7BD32573762E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B5F54BB-A80E-42F2-A700-82C1240E23D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B518E945-5FDE-4A37-878D-6946653C91F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3B703C-79B2-4FA2-9E12-713AB977A880\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA733AD2-D948-46A0-A063-D29081A56F1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"799DA395-C7F8-477C-8BC7-5B4B88FB7503\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"91D6D065-A28D-49DA-B7F4-38421FF86498\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*\", \"matchCriteriaId\": \"BC176BB0-1655-4BEA-A841-C4158167CC9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*\", \"matchCriteriaId\": \"403945FA-8676-4D98-B903-48452B46F48F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*\", \"matchCriteriaId\": \"4BF263CB-4239-4DB0-867C-9069ED02CAD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*\", \"matchCriteriaId\": \"49693FA0-BF34-438B-AFF2-75ACC8A6D2E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*\", \"matchCriteriaId\": \"6A05337E-18A5-4939-85A0-69583D9B5AD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*\", \"matchCriteriaId\": \"E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*\", \"matchCriteriaId\": \"7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*\", \"matchCriteriaId\": \"FB2BE2DE-7B06-47ED-A674-15D45448F357\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \\\"release objects early\\\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.\"}]",
      "id": "CVE-2006-1313",
      "lastModified": "2024-11-21T00:08:33.683",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-06-13T19:06:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/20620\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016283\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/390044\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/26434\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/18359\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2321\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26805\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/20620\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016283\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/390044\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/26434\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18359\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2321\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/26805\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1313\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-06-13T19:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \\\"release objects early\\\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"294EBA01-147B-4DA0-937E-ACBB655EDE53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8B7346-F2AA-434C-A048-7463EC1BB117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE1A6107-DE00-4A1C-87FC-9E4015165B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"480D8321-EB2F-4626-A16B-F3C2B771EDB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3538DA2-B040-426D-9ADC-7C5BE9C2D4E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F633513-6E9A-4F2D-964A-6AFDE5307AD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED8947F-2490-41CA-A7B3-2C93D69C3F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B127407D-AE50-4AFE-A780-D85B5AF44A2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6E3EB90-92C9-4B69-B58C-087D382DC579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3AF27C8-C2FA-477D-8332-B96277530B4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB1CE6C6-6E6E-4C4E-A7B1-DC6651864298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"34ACB544-87DD-4D9A-99F0-A10F48C1EE05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"4E9E190B-A109-4177-A5B5-7BD32573762E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B5F54BB-A80E-42F2-A700-82C1240E23D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B518E945-5FDE-4A37-878D-6946653C91F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3B703C-79B2-4FA2-9E12-713AB977A880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA733AD2-D948-46A0-A063-D29081A56F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799DA395-C7F8-477C-8BC7-5B4B88FB7503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"91D6D065-A28D-49DA-B7F4-38421FF86498\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*\",\"matchCriteriaId\":\"BC176BB0-1655-4BEA-A841-C4158167CC9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*\",\"matchCriteriaId\":\"403945FA-8676-4D98-B903-48452B46F48F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*\",\"matchCriteriaId\":\"4BF263CB-4239-4DB0-867C-9069ED02CAD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*\",\"matchCriteriaId\":\"49693FA0-BF34-438B-AFF2-75ACC8A6D2E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*\",\"matchCriteriaId\":\"6A05337E-18A5-4939-85A0-69583D9B5AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*\",\"matchCriteriaId\":\"E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*\",\"matchCriteriaId\":\"7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*\",\"matchCriteriaId\":\"FB2BE2DE-7B06-47ED-A674-15D45448F357\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20620\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016283\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/390044\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26434\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/18359\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2321\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26805\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/20620\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/390044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18359\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26805\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-X5CF-H7C6-P7F8

Vulnerability from github – Published: 2022-05-01 06:48 – Updated: 2022-05-01 06:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1313"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-13T19:06:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.",
  "id": "GHSA-x5cf-h7c6-p7f8",
  "modified": "2022-05-01T06:48:04Z",
  "published": "2022-05-01T06:48:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1313"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20620"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016283"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/390044"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26434"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18359"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2321"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-241

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité dans Microsoft JScript permet à un utilisateur mal intentionné de réaliser un déni de service ou d'exécuter du code arbitraire à distance sur la plate-forme vulnérable au moyen d'un script JScript malicieusement construit. L'exploitation de cette vulnérabilité peut se faire au moyen d'un message électronique ou un site Internet malicieux.

Contournement provisoire

Désactiver le Active Scripting. Pour cela, dans l'onglet Sécurité des options Microsoft Internet Explorer, cliquer sur le bouton Personnaliser le niveau..., puis dans la section Script et Active Scripting, cocher Désactiver ;
modifier la liste des contrôles d'accès (ACL) à la bibliothèque partagée jscript.dll. Pour cela, taper la commande echo y|cacls %windir%/system32/jscript.dll /d everyone puis relancer le navigateur ;
utiliser un navigateur alternatif ;
ne naviguer que sur des sites Internet de confiance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les plates-formes suivantes sont affectées par la vulnérabilité :

Microsoft Windows 2000 SP4 ;
Microsoft Windows XP SP1, SP2 et x64 Edition ;
Microsoft Windows XP x64 Edition ;
Microsoft Windows 2003 Server sans et avec SP1 ;
Microsoft Windows 2003 Server sans et avec SP1 pour processeurs Itanium ;
Microsoft Windows 2003 Server x64 Edition ;
Microsoft Windows 98, 98SE et Me ;

Les composants suivants sont affectés par la vulnérabilité :

Microsoft JScript 5.1 sous Microsoft Windows 2000 SP4 ;
Microsoft JScript 5.5 sous Microsoft Windows 2000 SP4 ;
Microsoft JScript 5.6 sous Microsoft Windows XP SP1 et SP2 ;
Microsoft JScript 5.6 sous Microsoft Windows XP x64 Edition ;
Microsoft JScript 5.6 sous Microsoft Windows 2003 sans et avec SP1 ;
Microsoft JScript 5.6 sous Microsoft Windows 2003 sans et avec SP1 pour processeurs Itanium ;
Microsoft JScript 5.6 sous Microsoft Windows 2003 x64 Edition ;
Microsoft JScript 5.6 sous Microsoft Windows 98, 98SE et Me.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-023 du 13 juin 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes plates-formes suivantes sont  affect\u00e9es par la vuln\u00e9rabilit\u00e9 :  \u003cUL\u003e    \u003cLI\u003eMicrosoft Windows 2000 SP4 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows XP SP1, SP2 et x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows XP x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 2003 Server sans et avec SP1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 2003 Server sans et avec SP1 pour    processeurs Itanium ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 2003 Server x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 98, 98SE et Me ;\u003c/LI\u003e  \u003c/UL\u003eLes composants suivants sont affect\u00e9s par la vuln\u00e9rabilit\u00e9 :  \u003cUL\u003e    \u003cLI\u003eMicrosoft JScript 5.1 sous Microsoft Windows 2000 SP4    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.5 sous Microsoft Windows 2000 SP4    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows XP SP1 et SP2    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows XP x64 Edition    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 2003 sans et    avec SP1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 2003 sans et    avec SP1 pour processeurs Itanium ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 2003 x64    Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 98, 98SE et    Me.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans Microsoft JScript permet \u00e0 un utilisateur mal\nintentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance sur la plate-forme vuln\u00e9rable au moyen d\u0027un script\nJScript malicieusement construit. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\npeut se faire au moyen d\u0027un message \u00e9lectronique ou un site Internet\nmalicieux.\n\n## Contournement provisoire\n\n-   D\u00e9sactiver le Active Scripting. Pour cela, dans l\u0027onglet S\u00e9curit\u00e9\n    des options Microsoft Internet Explorer, cliquer sur le bouton\n    Personnaliser le niveau..., puis dans la section Script et Active\n    Scripting, cocher D\u00e9sactiver ;\n-   modifier la liste des contr\u00f4les d\u0027acc\u00e8s (ACL) \u00e0 la biblioth\u00e8que\n    partag\u00e9e jscript.dll. Pour cela, taper la commande echo y\\|cacls\n    %windir%/system32/jscript.dll /d everyone puis relancer le\n    navigateur ;\n-   utiliser un navigateur alternatif ;\n-   ne naviguer que sur des sites Internet de confiance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1313"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-241",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft JScript",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-023 du 13 juin 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx"
    }
  ]
}

CERTA-2006-AVI-241

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Contournement provisoire

Désactiver le Active Scripting. Pour cela, dans l'onglet Sécurité des options Microsoft Internet Explorer, cliquer sur le bouton Personnaliser le niveau..., puis dans la section Script et Active Scripting, cocher Désactiver ;
modifier la liste des contrôles d'accès (ACL) à la bibliothèque partagée jscript.dll. Pour cela, taper la commande echo y|cacls %windir%/system32/jscript.dll /d everyone puis relancer le navigateur ;
utiliser un navigateur alternatif ;
ne naviguer que sur des sites Internet de confiance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les plates-formes suivantes sont affectées par la vulnérabilité :

Microsoft Windows 2000 SP4 ;
Microsoft Windows XP SP1, SP2 et x64 Edition ;
Microsoft Windows XP x64 Edition ;
Microsoft Windows 2003 Server sans et avec SP1 ;
Microsoft Windows 2003 Server sans et avec SP1 pour processeurs Itanium ;
Microsoft Windows 2003 Server x64 Edition ;
Microsoft Windows 98, 98SE et Me ;

Les composants suivants sont affectés par la vulnérabilité :

Microsoft JScript 5.1 sous Microsoft Windows 2000 SP4 ;
Microsoft JScript 5.5 sous Microsoft Windows 2000 SP4 ;
Microsoft JScript 5.6 sous Microsoft Windows XP SP1 et SP2 ;
Microsoft JScript 5.6 sous Microsoft Windows XP x64 Edition ;
Microsoft JScript 5.6 sous Microsoft Windows 2003 sans et avec SP1 ;
Microsoft JScript 5.6 sous Microsoft Windows 2003 sans et avec SP1 pour processeurs Itanium ;
Microsoft JScript 5.6 sous Microsoft Windows 2003 x64 Edition ;
Microsoft JScript 5.6 sous Microsoft Windows 98, 98SE et Me.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-023 du 13 juin 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes plates-formes suivantes sont  affect\u00e9es par la vuln\u00e9rabilit\u00e9 :  \u003cUL\u003e    \u003cLI\u003eMicrosoft Windows 2000 SP4 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows XP SP1, SP2 et x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows XP x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 2003 Server sans et avec SP1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 2003 Server sans et avec SP1 pour    processeurs Itanium ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 2003 Server x64 Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Windows 98, 98SE et Me ;\u003c/LI\u003e  \u003c/UL\u003eLes composants suivants sont affect\u00e9s par la vuln\u00e9rabilit\u00e9 :  \u003cUL\u003e    \u003cLI\u003eMicrosoft JScript 5.1 sous Microsoft Windows 2000 SP4    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.5 sous Microsoft Windows 2000 SP4    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows XP SP1 et SP2    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows XP x64 Edition    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 2003 sans et    avec SP1 ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 2003 sans et    avec SP1 pour processeurs Itanium ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 2003 x64    Edition ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft JScript 5.6 sous Microsoft Windows 98, 98SE et    Me.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans Microsoft JScript permet \u00e0 un utilisateur mal\nintentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance sur la plate-forme vuln\u00e9rable au moyen d\u0027un script\nJScript malicieusement construit. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\npeut se faire au moyen d\u0027un message \u00e9lectronique ou un site Internet\nmalicieux.\n\n## Contournement provisoire\n\n-   D\u00e9sactiver le Active Scripting. Pour cela, dans l\u0027onglet S\u00e9curit\u00e9\n    des options Microsoft Internet Explorer, cliquer sur le bouton\n    Personnaliser le niveau..., puis dans la section Script et Active\n    Scripting, cocher D\u00e9sactiver ;\n-   modifier la liste des contr\u00f4les d\u0027acc\u00e8s (ACL) \u00e0 la biblioth\u00e8que\n    partag\u00e9e jscript.dll. Pour cela, taper la commande echo y\\|cacls\n    %windir%/system32/jscript.dll /d everyone puis relancer le\n    navigateur ;\n-   utiliser un navigateur alternatif ;\n-   ne naviguer que sur des sites Internet de confiance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1313"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-241",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft JScript",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-023 du 13 juin 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx"
    }
  ]
}

FKIE_CVE-2006-1313

Vulnerability from fkie_nvd - Published: 2006-06-13 19:06 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/20620	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1016283
secure@microsoft.com	http://www.kb.cert.org/vuls/id/390044	US Government Resource
secure@microsoft.com	http://www.osvdb.org/26434
secure@microsoft.com	http://www.securityfocus.com/bid/18359	Patch
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/2321
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/26805
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20620	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016283
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/390044	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26434
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18359	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2321
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26805
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2003_server	datacenter_edition
microsoft	windows_2003_server	datacenter_edition
microsoft	windows_2003_server	datacenter_edition_64-bit
microsoft	windows_2003_server	datacenter_edition_64-bit
microsoft	windows_2003_server	enterprise_64-bit
microsoft	windows_2003_server	enterprise_edition
microsoft	windows_2003_server	enterprise_edition_64-bit
microsoft	windows_2003_server	enterprise_edition_64-bit
microsoft	windows_2003_server	r2
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	standard
microsoft	windows_2003_server	standard
microsoft	windows_2003_server	standard_64-bit
microsoft	windows_2003_server	web
microsoft	windows_2003_server	web
microsoft	windows_98	*
microsoft	windows_98se	*
microsoft	windows_me	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*",
              "matchCriteriaId": "480D8321-EB2F-4626-A16B-F3C2B771EDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E3538DA2-B040-426D-9ADC-7C5BE9C2D4E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F633513-6E9A-4F2D-964A-6AFDE5307AD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4ED8947F-2490-41CA-A7B3-2C93D69C3F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E6E3EB90-92C9-4B69-B58C-087D382DC579",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3AF27C8-C2FA-477D-8332-B96277530B4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BB1CE6C6-6E6E-4C4E-A7B1-DC6651864298",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
              "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "4E9E190B-A109-4177-A5B5-7BD32573762E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*",
              "matchCriteriaId": "709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4B5F54BB-A80E-42F2-A700-82C1240E23D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
              "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
              "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
              "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
              "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
              "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
              "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
              "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
              "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
              "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code."
    }
  ],
  "id": "CVE-2006-1313",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-13T19:06:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20620"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1016283"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/390044"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/26434"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18359"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2006/2321"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/390044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-1313

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-1313

Aliases

CVE-2006-1313

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1313",
    "description": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.",
    "id": "GSD-2006-1313"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1313"
      ],
      "details": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.",
      "id": "GSD-2006-1313",
      "modified": "2023-12-13T01:19:55.367147Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-1313",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:1785",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
          },
          {
            "name": "oval:org.mitre.oval:def:1644",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
          },
          {
            "name": "1016283",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016283"
          },
          {
            "name": "ms-jscript-code-execution(26805)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
          },
          {
            "name": "ADV-2006-2321",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2321"
          },
          {
            "name": "TA06-164A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1067",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
          },
          {
            "name": "VU#390044",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/390044"
          },
          {
            "name": "26434",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26434"
          },
          {
            "name": "MS06-023",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
          },
          {
            "name": "18359",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18359"
          },
          {
            "name": "oval:org.mitre.oval:def:2003",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
          },
          {
            "name": "20620",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20620"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-1313"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will \"release objects early\" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#390044",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/390044"
            },
            {
              "name": "18359",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/18359"
            },
            {
              "name": "20620",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20620"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "1016283",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016283"
            },
            {
              "name": "26434",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26434"
            },
            {
              "name": "ADV-2006-2321",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2321"
            },
            {
              "name": "ms-jscript-code-execution(26805)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26805"
            },
            {
              "name": "oval:org.mitre.oval:def:2003",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003"
            },
            {
              "name": "oval:org.mitre.oval:def:1785",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785"
            },
            {
              "name": "oval:org.mitre.oval:def:1644",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644"
            },
            {
              "name": "oval:org.mitre.oval:def:1067",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067"
            },
            {
              "name": "MS06-023",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-04-30T14:27Z",
      "publishedDate": "2006-06-13T19:06Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1313 (GCVE-0-2006-1313)

GHSA-X5CF-H7C6-P7F8

CERTA-2006-AVI-241

Description

Contournement provisoire

Solution

CERTA-2006-AVI-241

Description

Contournement provisoire

Solution

FKIE_CVE-2006-1313

GSD-2006-1313

Tags

Sightings

Nomenclature