Vulnerability Note VU#390044
Microsoft JScript memory corruption vulnerability
Microsoft JScript contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
According to Microsoft Security Bulletin MS06-023:
Microsoft JScript fails to properly release objects allowing in a memory corruption vulnerability to occur. When a specially crafted JScript file, or specially crafted web page containing JScript is accessed, system memory can be corrupted in a way that could allow a remote attacker to execute arbitrary code.
For more information refer to Microsoft Security Bulletin MS06-023
A remote, unauthenticated attacker may be able to execute arbitrary code. If the attacked user is running with administrative privileges, the attacker could take complete control of an affected system.
Apply a patch from Microsoft
Microsoft addresses this vulnerability with the updates listed in Microsoft Security Bulletin MS06-023.
Disable Active Scripting
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||13 Jun 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin MS06-023.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-1313
- Date Public: 13 Jun 2006
- Date First Published: 13 Jun 2006
- Date Last Updated: 13 Jun 2006
- Severity Metric: 37.94
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.