Info

Disclosure

Jun 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Windows contains a flaw that may allow a malicious user to execute arbitary code. The issue is triggered when JScript releases objects early, leading to memory corruption and may allow an attacker to run arbitary code. It is possible that the flaw may allow arbitary code executiomn resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	98
		98 SE
		ME
		2000 SP4
		XP SP1
		XP SP2
		XP Professional x64 Edition
	Windows Server	2003
		2003 SP1
		2003 for Itanium
		2003 SP1 for Itanium
		2003 x64 Edition

References

Bugtraq ID: 18359
CVE ID: 2006-1313 (see also: NVD)
Secunia Advisory ID: 20620
SCIP VulDB ID: 2307
CERT VU: 390044
Microsoft Knowledge Base Article: 917344
VUPEN Advisory: ADV-2006-2321
Microsoft Security Bulletin: MS06-023

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/26434

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

Windows Server

References

Credit