=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN333
_____________________________________________________________________

DATE                      : 14/06/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running JScript 5.1, JScript 5.6,
                                             JScript 5.5.

======================================================================

MS06-023 - Vulnerability in Microsoft JScript Could Allow Remote
Code Execution (917344)

Affected Software:
	- Microsoft Windows 2000 Service Pack 4
	- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
	- Microsoft Windows XP Professional x64 Edition
	- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
	- Microsoft Windows Server 2003 for Itanium-based Systems
	  and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft Windows Server 2003 x64 Edition
	- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
	  and Microsoft Windows Millennium Edition (Me)

Affected Components:
	- Microsoft JScript 5.1 on Microsoft Windows 2000 Service Pack 4
	- Microsoft JScript 5.6 and 5.5 when installed on Windows 2000 Service Pack 4
	- Microsoft JScript 5.6 on Microsoft Windows XP Service Pack 1
	  and Microsoft Windows XP Service Pack 2
	- Microsoft JScript 5.6 on Microsoft Windows XP Professional x64 Edition
	- Microsoft JScript 5.6 on Microsoft Windows Server 2003
	  and Microsoft Windows Server 2003 Service Pack 1
	- Microsoft JScript 5.6 on Microsoft Windows Server 2003 for Itanium-based Systems
	  and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
	- Microsoft JScript 5.6 on Microsoft Windows Server 2003 x64 Edition
	- Microsoft JScript 5.6 on Microsoft Windows 98, Microsoft Windows 98 Second
	  Edition (SE), and Microsoft Windows Millennium Edition (Me)

Full MS06-023 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx

Vulnerability Details

Microsoft JScript Memory Corruption Vulnerability - CVE-2006-1313

	There is a remote code execution vulnerability in JScript. An
	attacker could exploit the vulnerability by constructing specially
	crafted JScript that could potentially allow remote code execution
	if a user visited a Web site or viewed a specially crafted e-mail
	message. An attacker who successfully exploited this vulnerability
	could take complete control of an affected system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================