Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Microsoft
  • Windows 2000
  • Windows 2003 Server
  • Windows 98
  • Windows 98se
  • Windows Me
  • Windows Xp

Configuration 1 [-]

OR cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

No data.

References
Link Providers
http://secunia.com/advisories/20620 cve-icon cve-icon
http://securitytracker.com/id?1016283 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/390044 cve-icon cve-icon
http://www.osvdb.org/26434 cve-icon cve-icon
http://www.securityfocus.com/bid/18359 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA06-164A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/2321 cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-023 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/26805 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1067 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1644 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1785 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2003 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2006-06-13T19:00:00

Updated: 2024-08-07T17:03:29.012Z

Reserved: 2006-03-20T00:00:00

Link: CVE-2006-1313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-06-13T19:06:00.000

Modified: 2019-04-30T14:27:13.913

Link: CVE-2006-1313

cve-icon Redhat

No data.