CVE-2006-1311

2007-02-1320:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1311

richedit component

remote code execution

ole object

memory corruption

microsoft windows

office

learning essentials

nvd

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.

CPENameOperatorVersion
microsoft:learning_essentialsmicrosoft learning essentialseq1.1
microsoft:officemicrosoft officeeqxp
microsoft:officemicrosoft officeeq2003
microsoft:officemicrosoft officeeq*
microsoft:learning_essentialsmicrosoft learning essentialseq1.5
microsoft:learning_essentialsmicrosoft learning essentialseq1.0
microsoft:officemicrosoft officeeq2000
microsoft:windows_2003_servermicrosoft windows 2003 servereqsp1
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:learning_essentials	microsoft learning essentials	eq	1.1
microsoft:office	microsoft office	eq	xp
microsoft:office	microsoft office	eq	2003
microsoft:office	microsoft office	eq	*
microsoft:learning_essentials	microsoft learning essentials	eq	1.5
microsoft:learning_essentials	microsoft learning essentials	eq	1.0
microsoft:office	microsoft office	eq	2000
microsoft:windows_2003_server	microsoft windows 2003 server	eq	sp1
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*