Vulnerability CVE-2006-1313 - CERT Civis.Net

Vulnerability Name:

CVE-2006-1313 (CCN-26805)

Assigned:

2006-06-13

Published:

2006-06-13

Updated:

2019-04-30

Summary:

Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2006-1313

Source: CCN
Type: SA20620
Microsoft JScript Memory Corruption Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
20620

Source: CCN
Type: SECTRACK ID: 1016283
Microsoft JScript Memory Corruption Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016283

Source: CCN
Type: ASA-2006-126
Windows Security Updates for June 2006 - (MS06-021 - MS06-032)

Source: CCN
Type: Microsoft Security Bulletin MS12-056
Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)

Source: CCN
Type: US-CERT VU#390044
Microsoft JScript memory corruption vulnerability

Source: CERT-VN
Type: US Government Resource
VU#390044

Source: CCN
Type: Microsoft Security Bulletin MS06-023
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)

Source: CCN
Type: Microsoft Security Bulletin MS08-022
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)

Source: CCN
Type: Microsoft Security Bulletin MS09-045
Vulnerability in JScript Scripting Engines Could Allow Remote Code Execution (971961)

Source: CCN
Type: Microsoft Security Bulletin MS11-031
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

Source: OSVDB
Type: UNKNOWN
26434

Source: CCN
Type: OSVDB ID: 26434
Microsoft JScript Object Release Memory Corruption

Source: BID
Type: Patch
18359

Source: CCN
Type: BID-18359
Microsoft JScript Memory Corruption Vulnerability

Source: CERT
Type: US Government Resource
TA06-164A

Source: VUPEN
Type: UNKNOWN
ADV-2006-2321

Source: MS
Type: UNKNOWN
MS06-023

Source: XF
Type: UNKNOWN
ms-jscript-code-execution(26805)

Source: XF
Type: UNKNOWN
ms-jscript-code-execution(26805)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1067

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1644

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1785

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2003

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:jscript:5.6:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1067	V	Microsoft JScript Memory Corruption Vulnerability	2012-12-31