Vulnerabilities > CVE-2006-1313 - Unspecified vulnerability in Microsoft products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
microsoft
nessus
NVD
Published: 2006-06-13
Updated: 2019-04-30

Summary

Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

Vulnerable Configurations

Part Description Count
OS
Microsoft
32

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS06-023.NASL
descriptionThe remote host is running a version of Windows that contains a flaw in JScript. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious JScript and enticing a victim to visit a website or view a specially crafted email message.
last seen2020-06-01
modified2020-06-02
plugin id21687
published2006-06-13
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21687
titleMS06-023: Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
code
#
# Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(21687);
 script_version("1.33");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2006-1313");
 script_bugtraq_id(18359);
 script_xref(name:"CERT", value:"390044");
 script_xref(name:"MSFT", value:"MS06-023");
 script_xref(name:"MSKB", value:"917344");

 script_name(english:"MS06-023: Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)");
 script_summary(english:"Determines the presence of update 917344");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web or
email client.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Windows that contains a flaw
in JScript.

An attacker may be able to execute arbitrary code on the remote host
by constructing a malicious JScript and enticing a victim to visit a
website or view a specially crafted email message.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-023");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/13");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/06/13");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS06-023';
kb = '917344';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Jscript.dll", version:"5.6.0.8831", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.2", sp:1, file:"Jscript.dll", version:"5.6.0.8831", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:1, file:"Jscript.dll", version:"5.6.0.8831", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:2, file:"Jscript.dll", version:"5.6.0.8831", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.0", file:"Jscript.dll", version:"5.6.0.8831", min_version:"5.6.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.0", file:"Jscript.dll", version:"5.1.0.12512", dir:"\system32", bulletin:bulletin, kb:kb) )
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

  • accepted2012-12-31T04:00:05.397-05:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameNate Przybyszewski
      organizationThe MITRE Corporation
    • nameChandan S
      organizationSecPod Technologies
    descriptionMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    familywindows
    idoval:org.mitre.oval:def:1067
    statusaccepted
    submitted2006-06-14T09:55:00.000-04:00
    titleMicrosoft JScript Memory Corruption Vulnerability
    version68
  • accepted2007-03-21T16:16:57.859-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameAnna Min
      organizationBigFix, Inc
    • nameNate Przybyszewski
      organizationThe MITRE Corporation
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    familywindows
    idoval:org.mitre.oval:def:1644
    statusdeprecated
    submitted2006-06-14T09:55:00.000-04:00
    titleDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K)
    version68
  • accepted2007-03-21T16:17:03.450-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameAnna Min
      organizationBigFix, Inc
    • nameNate Przybyszewski
      organizationThe MITRE Corporation
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    familywindows
    idoval:org.mitre.oval:def:1785
    statusdeprecated
    submitted2006-06-14T09:55:00.000-04:00
    titleDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (Win2K w/ JScript 5.6)
    version68
  • accepted2006-10-24T09:15:47.362-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameNate Przybyszewski
      organizationThe MITRE Corporation
    descriptionMicrosoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
    familywindows
    idoval:org.mitre.oval:def:2003
    statusdeprecated
    submitted2006-06-14T09:55:00.000-04:00
    titleDEPRECATED: Microsoft JScript Memory Corruption Vulnerability (WinXP)
    version65

References