Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: MS06-023: Microsoft's JScript remote code execution - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-023: Microsoft's JScript remote code execution
MS06-023 - KB 917344

A problem in JScript where it releases memory too soon can cause memory corruption and lead to remoee code execution.

The attack vector is web based where visiting malicious contant is sufficint to exploit the browser. This is strongly linked with MS06-021 and Microsoft recommends to install both at the same time.

Obviously it's better not to log in with administrative rights as it makes the impact of these vulnerabilities a lot worse.

--
Swa Frantzen -- section 66


Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!