Check Point Advisories

Update Protection against Microsoft JScript Remote Code Execution Vulnerability (MS06-023)

Check Point Reference: CPAI-2006-074
Date Published: 5 Jul 2006
Severity: High
Last Updated: 15 May 2007
Source: Microsoft Security Bulletin MS06-023
Industry Reference:CVE-2006-1313
Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1, SP2 
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Vulnerability Description JScript is Microsoft's implementation of the ECMA 262 language specification (ECMAScript Edition 3). Microsoft JScript contains a memory corruption vulnerability. By convincing a user to visit a Web site or read an e-mail message containing a specially crafted JScript file, a remote attacker may be able to take complete control of an affected system.
Update/Patch AvaliableApply patches:
http://www.microsoft.com/technet/security/bulletin/MS06-023.mspx
Vulnerability DetailsThe vulnerability is caused due to memory corruption error in Microsoft JScript when releasing certain objects early. To exploit this vulnerability, an attacker would have to entice a user to open an e-mail message or Web page containing a crafted JScript file.

Protection Overview

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO