CVE-2006-1311

Published Feb 13, 2007

Last updated 4 days ago

CVSS info 9.3

Overview

Description: The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
Source: secure@microsoft.com
NVD status: Modified
Products: learning_essentials, office, windows_2000, windows_2003_server, windows_xp

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:learning_essentials:1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "556AEEE8-2801-4B4A-AEC1-22BF8FFC7489",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:learning_essentials:1.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "1DE325B7-0EDA-4807-9EA1-BCB4EAD5850D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:learning_essentials:1.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "43C727FE-979A-4B67-B995-F5298C570A83",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "49AD45BF-8A91-4C87-AF15-D38D8468A4C5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",
            "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
            "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
            "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
            "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References