Vulnerabilities > CVE-2006-1311 - Remote Code Execution vulnerability in Microsoft Office And Microsoft Windows RichEdit Component

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
critical
nessus

Summary

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS07-013.NASL
descriptionThe remote host contains a version of Microsoft Windows and/or Microsoft Office that has a vulnerability in the RichEdit component that could be abused by an attacker to execute arbitrary code on the remote host. To exploit this vulnerability, an attacker would need to spend a specially crafted RTF file to a user on the remote host and lure him into opening it.
last seen2020-06-01
modified2020-06-02
plugin id24337
published2007-02-13
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24337
titleMS07-013: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)

Oval

accepted2012-05-28T04:00:05.356-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameClifford Farrugia
    organizationGFI Software
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
  • commentMicrosoft Office 2000 is installed
    ovaloval:org.mitre.oval:def:93
  • commentMicrosoft Office XP is installed
    ovaloval:org.mitre.oval:def:663
  • commentMicrosoft Office 2003 is installed
    ovaloval:org.mitre.oval:def:233
  • commentMicrosoft Project 2000 SR1 is installed
    ovaloval:org.mitre.oval:def:518
  • commentMicrosoft Project 2002 SP1 is installed
    ovaloval:org.mitre.oval:def:707
  • commentMicrosoft Office Visio 2002 SP2 is installed
    ovaloval:org.mitre.oval:def:692
  • commentMicrosoft Word Viewer is installed
    ovaloval:org.mitre.oval:def:737
  • commentMicrosoft Excel Viewer 2003 is installed
    ovaloval:org.mitre.oval:def:439
  • commentMicrosoft Windows 2000 SP4 or later is installed
    ovaloval:org.mitre.oval:def:229
  • commentMicrosoft Windows XP SP2 or later is installed
    ovaloval:org.mitre.oval:def:521
  • commentMicrosoft Windows XP SP1 (64-bit) is installed
    ovaloval:org.mitre.oval:def:480
  • commentMicrosoft Windows Server 2003 (x86) Gold is installed
    ovaloval:org.mitre.oval:def:165
  • commentMicrosoft Windows Server 2003 SP1 (x86) is installed
    ovaloval:org.mitre.oval:def:565
descriptionThe RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
familywindows
idoval:org.mitre.oval:def:1090
statusaccepted
submitted2007-02-14T09:49:32
titleMicrosoft RichEdit Vulnerability
version76