Vulnerability CVE-2006-1311 - CERT Civis.Net

Vulnerability Name:

CVE-2006-1311 (CCN-30592)

Assigned:

2006-03-20

Published:

2007-02-13

Updated:

2018-10-12

Summary:

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-1311

Source: CCN
Type: SA24152
Microsoft RichEdit OLE Dialog Memory Corruption Vulnerability

Source: SECUNIA
Type: UNKNOWN
24152

Source: CCN
Type: SECTRACK ID: 1017640
Microsoft Office OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1017641
Microsoft Windows RichEdit OLE Memory Corruption Error Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2007-087
MS07-013 Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)

Source: CCN
Type: US-CERT VU#368132
Microsoft RichEdit vulnerable to remote code execution via malformed embedded OLE object

Source: CERT-VN
Type: US Government Resource
VU#368132

Source: CCN
Type: Microsoft Security Bulletin MS07-013
Vulnerability in Microsoft Rich Edit Could Allow Remote Code Execution (918118)

Source: OSVDB
Type: UNKNOWN
31886

Source: CCN
Type: OSVDB ID: 31886
Microsoft RichEdit OLE Dialog RTF Memory Corruption Remote Code Execution

Source: BID
Type: UNKNOWN
21876

Source: CCN
Type: BID-21876
Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017640

Source: SECTRACK
Type: UNKNOWN
1017641

Source: CERT
Type: US Government Resource
TA07-044A

Source: VUPEN
Type: UNKNOWN
ADV-2007-0582

Source: MS
Type: UNKNOWN
MS07-013

Source: XF
Type: UNKNOWN
ms-richedit-code-execution(30592)

Source: XF
Type: UNKNOWN
ms-richedit-code-execution(30592)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1090

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:learning_essentials:1.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:learning_essentials:1.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:learning_essentials:1.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office:*:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office:2000:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:office:2003:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:office:xp:sp3:*:*:*:*:*:*

Configuration 2:

cpe:/o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:outlook:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:frontpage:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:powerpoint:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:excel:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:excel:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:powerpoint:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:access:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:access:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:frontpage:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:publisher:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:publisher:2002:*:*:*:*:*:*:*

OR cpe:/a:microsoft:visio:2002:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:word:2003:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/a:microsoft:outlook:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:project:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:visio:2003:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:frontpage:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:publisher:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:visio:2002:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:office:xp:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:excel:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:powerpoint:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office_infopath:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:onenote:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office:2000:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/a:microsoft:access:2003:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/a:microsoft:word_viewer:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office:2003:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:project:2000:sr1:*:*:*:*:*:*

OR cpe:/a:microsoft:learning_essentials:1.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:learning_essentials:1.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:learning_essentials:1.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1090	V	Microsoft RichEdit Vulnerability	2012-05-28