Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-023: Microsoft's JScript remote code execution SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-023: Microsoft's JScript remote code execution
MS06-023 - KB 917344

A problem in JScript where it releases memory too soon can cause memory corruption and lead to remoee code execution.

The attack vector is web based where visiting malicious contant is sufficint to exploit the browser. This is strongly linked with MS06-021 and Microsoft recommends to install both at the same time.

Obviously it's better not to log in with administrative rights as it makes the impact of these vulnerabilities a lot worse.

Swa Frantzen -- section 66


760 Posts
Jun 13th 2006

Sign Up for Free or Log In to start participating in the conversation!