TITLE: Microsoft JScript Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA20620
VERIFY ADVISORY: http://secunia.com/advisories/20620/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a memory corruption error in Microsoft JScript when releasing certain objects. This can be exploited to execute arbitrary code when a user views a malicious web site or opens an e-mail message containing specially crafted JScript. SOLUTION: Apply patches: Microsoft Windows 2000 SP4 with JScript 5.1: http://www.microsoft.com/downloads/details.aspx?FamilyId=23E79ABD-B1FE-4734-B3D3-FB53D286C06F Microsoft Windows 2000 SP4 with JScript 5.6 or 5.5: http://www.microsoft.com/downloads/details.aspx?FamilyId=16DD21A1-C4EE-4ECA-8B80-7BD1DFEFB4F8 Microsoft Windows XP SP1 and SP2 with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?FamilyId=D28C02BE-CAC3-4579-9B93-939FD5D3CDE6 Microsoft Windows XP Professional x64 Edition with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?FamilyId=2EE3DD28-7167-4A2C-941D-A236F8CC5C4B Microsoft Windows Server 2003 (with or without SP1) with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?FamilyId=8963AE25-2230-47FE-AECE-49D7457D96D4 Microsoft Windows Server 2003 for Itanium-based Systems (with or without SP1) with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?FamilyId=7764C7DC-A7E4-4B91-95C2-EF7D4DCE0A00 Microsoft Windows Server 2003 x64 Edition with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?FamilyId=BCF7AB2E-EE1C-45F9-8B1C-4B1CEF683082 Windows 98, Windows 98 SE, and Windows ME with JScript 5.6: Patches are available via the Microsoft Update web site or the Windows Update web site. ORIGINAL ADVISORY: MS06-023 (KB917344): http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
