Check Point Advisories

Update Protection against Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

Check Point Reference: CPAI-2006-074
Date Published: 5 Jul 2006
Severity: High
Last Updated: Tuesday 15 May, 2007
Source: Microsoft Security Bulletin MS06-023
Industry Reference:CVE-2006-1313
Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1, SP2 
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Vulnerability Description JScript is Microsoft's implementation of the ECMA 262 language specification (ECMAScript Edition 3). Microsoft JScript contains a memory corruption vulnerability. By convincing a user to visit a Web site or read an e-mail message containing a specially crafted JScript file, a remote attacker may be able to take complete control of an affected system.
Update/Patch AvaliableApply patches:
http://www.microsoft.com/technet/security/bulletin/MS06-023.mspx
Vulnerability DetailsThe vulnerability is caused due to memory corruption error in Microsoft JScript when releasing certain objects early. To exploit this vulnerability, an attacker would have to entice a user to open an e-mail message or Web page containing a crafted JScript file.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK