ID CVE-2013-0004 Type cve Reporter NVD Modified 2018-10-30T12:27:21
Description
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
{"symantec": [{"lastseen": "2018-03-13T12:07:32", "references": ["http://seclists.org/fulldisclosure/2013/Jan/51"], "edition": 2, "description": "### Description\n\nThe Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attackers can exploit this issue to gain escalated privileges; this may result in the attacker gaining complete control of the affected system.\n\n### Technologies Affected\n\n * Microsoft .NET Framework 1.0 \n * Microsoft .NET Framework 1.0 SP1 \n * Microsoft .NET Framework 1.0 SP2 \n * Microsoft .NET Framework 1.0 SP3 \n * Microsoft .NET Framework 1.1 \n * Microsoft .NET Framework 1.1 SP1 \n * Microsoft .NET Framework 2.0 SP2 \n * Microsoft .NET Framework 3.5 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.0 \n * Microsoft .NET Framework 4.5 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Implement multiple authentication mechanisms.** \nProvide an additional layer of authentication for sensitive or privileged information. \n\nUpdates are available. Please see the references for more information.\n", "reporter": "Symantec Security Response", "published": "2013-01-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "symantec", "title": "Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-0004"], "modified": "2013-01-08T00:00:00", "id": "SMNTC-57113", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/57113", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:48:12", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "Bugtraq ID:57113\r\nCVE ID: CVE-2013-0004\r\n\r\nMicrosoft .NET Framework\u662f\u4e00\u5957\u7531Microsoft\u5206\u53d1\u7684\u5e2e\u52a9\u5f00\u53d1\u8005\u6784\u5efa\u57fa\u4e8eWEB\u5e94\u7528\u7684\u7cfb\u7edf\r\n\r\nMicrosoft .NET Framework\u91cc\u5b58\u5728\u7684\u4e00\u4e2a\u4e24\u6b21\u6784\u5efa\u9519\u8bef\u4f1a\u5bfc\u81f4\u4e0d\u6b63\u786e\u9a8c\u8bc1\u5185\u5b58\u4e2d\u67d0\u4e9b\u5bf9\u8c61\u7684\u6743\u9650\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u7279\u5236\u7684XMAL\u6d4f\u89c8\u5668\u5e94\u7528(XBAP)\u6216\u4e0d\u53ef\u4fe1\u7684.Net\u5e94\u7528\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u5b8c\u5168\u63a7\u5236\u5e94\u7528\u7cfb\u7edf\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\r\n0\r\nMicrosoft .NET Framework 3.5.1\r\nMicrosoft .NET Framework 4.0\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 2.0 SP2\r\nMicrosoft .NET Framework 1.1 SP1\r\nMicrosoft .NET Framework 1.1\r\nMicrosoft .NET Framework 1.0 SP3\r\nMicrosoft .NET Framework 1.0 SP2\r\nMicrosoft .NET Framework 1.0 SP1\r\nMicrosoft .NET Framework 1.0\r\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6848\r\n\r\n-\u5728Internet Explorer\u4e2d\u7981\u7528XAML\u6d4f\u89c8\u5668\u5e94\u7528\r\n-\u628a\u53ef\u4fe1\u7ad9\u70b9\u6dfb\u52a0\u5230Internet Explorer\u53ef\u4fe1\u57df\u4e2d", "reporter": "Root", "published": "2013-01-10T00:00:00", "title": "Microsoft .NET Framework \u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e(CVE-2013-0004)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0004"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-01-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60582", "id": "SSV:60582", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "cve,details"}, {"lastseen": "2017-11-19T17:47:49", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "CVE ID: CVE-2013-0004\r\n\r\nMicrosoft .NET Framework\u662f\u4e00\u5957\u7531Microsoft\u5206\u53d1\u7684\u5e2e\u52a9\u5f00\u53d1\u8005\u6784\u5efa\u57fa\u4e8eWEB\u5e94\u7528\u7684\u7cfb\u7edf\u3002\r\nMicrosoft .NET Framework\u91cc\u5b58\u5728\u7684\u4e00\u4e2a\u4e24\u6b21\u6784\u5efa\u9519\u8bef\u4f1a\u5bfc\u81f4\u4e0d\u6b63\u786e\u9a8c\u8bc1\u5185\u5b58\u4e2d\u67d0\u4e9b\u5bf9\u8c61\u7684\u6743\u9650\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u7279\u5236\u7684XMAL\u6d4f\u89c8\u5668\u5e94\u7528(XBAP)\u6216\u4e0d\u53ef\u4fe1\u7684.Net\u5e94\u7528\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u5b8c\u5168\u63a7\u5236\u5e94\u7528\u7cfb\u7edf\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nMicrosoft .NET Framework 3.5.1\r\nMicrosoft .NET Framework 4.0\r\nMicrosoft .NET Framework 3.5\r\nMicrosoft .NET Framework 2.0 SP2\r\nMicrosoft .NET Framework 1.1 SP1\r\nMicrosoft .NET Framework 1.1\r\nMicrosoft .NET Framework 1.0 SP3\r\nMicrosoft .NET Framework 1.0 SP2\r\nMicrosoft .NET Framework 1.0 SP1\r\nMicrosoft .NET Framework 1.0\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6848\r\n\r\n-\u5728Internet Explorer\u4e2d\u7981\u7528XAML\u6d4f\u89c8\u5668\u5e94\u7528\r\n-\u628a\u53ef\u4fe1\u7ad9\u70b9\u6dfb\u52a0\u5230Internet Explorer\u53ef\u4fe1\u57df\u4e2d", "reporter": "Root", "published": "2013-01-10T00:00:00", "title": "Microsoft .NET Framework\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e(MS13-004)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0004"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-01-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60579", "id": "SSV:60579", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}], "openvas": [{"lastseen": "2017-07-02T21:11:19", "references": ["http://support.microsoft.com/kb/2769324", "http://technet.microsoft.com/en-us/security/bulletin/ms13-004", "http://support.microsoft.com/kb/2742601", "http://support.microsoft.com/kb/2756920", "http://support.microsoft.com/kb/2742597", "http://support.microsoft.com/kb/2742598", "http://support.microsoft.com/kb/2756918", "http://support.microsoft.com/kb/2742613", "http://support.microsoft.com/kb/2742595", "http://support.microsoft.com/kb/2742599", "http://support.microsoft.com/kb/2756919", "http://support.microsoft.com/kb/2742604", "http://support.microsoft.com/kb/2742596", "http://secunia.com/advisories/51777/", "http://support.microsoft.com/kb/2756921", "http://support.microsoft.com/kb/2742607"], "pluginID": "902939", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-004.", "edition": 1, "reporter": "Copyright (C) 2013 SecPod", "published": "2013-01-09T00:00:00", "title": "Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0002", "CVE-2013-0001", "CVE-2013-0004", "CVE-2013-0003"], "modified": "2017-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902939", "id": "OPENVAS:902939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-004.nasl 5365 2017-02-20 13:46:09Z cfi $\n#\n# Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow an attacker to execute arbitrary code\n with the privileges of the currently logged-in user. Failed attacks will\n cause denial-of-service conditions.\n Impact Level: System/Application\";\n\ntag_affected = \"Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, 4 and 4.5\";\ntag_insight = \"- An error within the System Drawing namespace of Windows Forms when handling\n pointers can be exploited to bypass CAS (Code Access Security) restrictions\n and disclose information.\n - An error within WinForms when handling certain objects can be exploited to\n cause a buffer overflow.\n - A boundary error within the System.DirectoryServices.Protocols namespace\n when handling objects can be exploited to cause a buffer overflow.\n - A double construction error within the framework does not validate object\n permissions and can be exploited via a specially crafted XAML Browser\n Application (XBAP) or an untrusted .NET application.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms13-004\";\ntag_summary = \"This host is missing an important security update according to\n Microsoft Bulletin MS13-004.\";\n\nif(description)\n{\n script_id(902939);\n script_version(\"$Revision: 5365 $\");\n script_cve_id(\"CVE-2013-0001\", \"CVE-2013-0002\", \"CVE-2013-0003\", \"CVE-2013-0004\");\n script_bugtraq_id(57124, 57126, 57114, 57113);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 14:46:09 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-09 10:02:42 +0530 (Wed, 09 Jan 2013)\");\n script_name(\"Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51777/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2769324\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742613\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742595\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2756921\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2756920\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742599\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742598\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2756919\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2756918\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742601\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742596\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742597\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742604\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2742607\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-004\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nkey = \"\";\nitem = \"\";\npath = \"\";\ndllVer = \"\";\ndllv3 = \"\";\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\n## Confirm .NET\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\n## Try to Get Version\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n ## Get version from System.dll file\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.dll\");\n if(dllVer)\n {\n ## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,\n ## Windows 7 and and Windows Server 2008 R2\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.1000\", test_version2:\"4.0.30319.1000\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.2000\", test_version2:\"4.0.30319.2000\"))\n {\n security_message(0);\n exit(0);\n }\n\n ## .NET Framework 4.5 on Windows 7 SP1 and Windows Server 2008 R2 SP 1\n ## Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2\n if((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"4.0.30319.18000\", test_version2:\"4.0.30319.18020\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.19000\", test_version2:\"4.0.30319.19028\")))\n {\n security_message(0);\n exit(0);\n }\n\n ## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\n if((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&\n (version_in_range(version:dllVer, test_version:\"2.0.50727.5000\", test_version2:\"2.0.50727.5466\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.5600\", test_version2:\"2.0.50727.5739\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.4000\", test_version2:\"2.0.50727.4984\")))\n {\n security_message(0);\n exit(0);\n }\n\n ## .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2\n if((hotfix_check_sp(winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"2.0.50727.4000\", test_version2:\"2.0.50727.4234\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.5700\", test_version2:\"2.0.50727.5739\")))\n {\n security_message(0);\n exit(0);\n }\n\n ## .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003\n if((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"2.0.50727.3000\", test_version2:\"2.0.50727.3643\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.5700\", test_version2:\"2.0.50727.5739\")))\n {\n security_message(0);\n exit(0);\n }\n\n ## .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008\n if((hotfix_check_sp(xp:4, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"1.1.4322.2000\", test_version2:\"1.1.4322.2501\")))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## Microsoft .NET Framework 1.1 Service Pack 1 when used with\n## Windows Server 2003 Service Pack 2\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(\"\\Microsoft.NET\\Framework\" >< path)\n {\n ## Get version from mscorlib.dll file\n dllVer = fetch_file_version(sysPath:path, file_name:\"mscorlib.dll\");\n if(dllVer)\n {\n ## Windows XP and Windows 2003\n if(hotfix_check_sp(win2003:3) > 0)\n {\n ## Microsoft .NET Framework 1.1 Service Pack 1\n if(version_in_range(version:dllVer, test_version:\"1.1.4322.2000\", test_version2:\"1.1.4322.2501\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n }\n}\n\n## Get .NET Framework 3.0 Service Pack 2 Version\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"system.identitymodel.dll\");\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003\nif(dllv3 && (hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.4506.4000\", test_version2:\"3.0.4506.4036\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5000\", test_version2:\"3.0.4506.5844\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows Vista and Windows Server 2008\nif(dllv3 && (hotfix_check_sp(winVista:3, win2008:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.4506.4000\", test_version2:\"3.0.4506.4213\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5000\", test_version2:\"3.0.4506.5846\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif(dllv3 && (hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.4506.5400\", test_version2:\"3.0.4506.5451\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5800\", test_version2:\"3.0.4506.5845\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5000\", test_version2:\"3.0.4506.5006\")){\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:42:09", "references": ["http://support.microsoft.com/kb/2769324", "http://technet.microsoft.com/en-us/security/bulletin/ms13-004", "http://support.microsoft.com/kb/2742601", "http://support.microsoft.com/kb/2756920", "http://support.microsoft.com/kb/2742597", "http://support.microsoft.com/kb/2742598", "http://support.microsoft.com/kb/2756918", "http://support.microsoft.com/kb/2742613", "http://support.microsoft.com/kb/2742595", "http://support.microsoft.com/kb/2742599", "http://support.microsoft.com/kb/2756919", "http://support.microsoft.com/kb/2742604", "http://support.microsoft.com/kb/2742596", "http://secunia.com/advisories/51777/", "http://support.microsoft.com/kb/2756921", "http://support.microsoft.com/kb/2742607"], "pluginID": "1361412562310902939", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-004.", "edition": 7, "reporter": "Copyright (C) 2013 SecPod", "published": "2013-01-09T00:00:00", "title": "Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0002", "CVE-2013-0001", "CVE-2013-0004", "CVE-2013-0003"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310902939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-004.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902939\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-0001\", \"CVE-2013-0002\", \"CVE-2013-0003\", \"CVE-2013-0004\");\n script_bugtraq_id(57124, 57126, 57114, 57113);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-09 10:02:42 +0530 (Wed, 09 Jan 2013)\");\n script_name(\"Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51777/\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2769324\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742613\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742595\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2756921\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2756920\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742599\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742598\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2756919\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2756918\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742601\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742596\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742597\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742604\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2742607\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms13-004\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to execute arbitrary code\n with the privileges of the currently logged-in user. Failed attacks will\n cause denial-of-service conditions.\");\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, 4 and 4.5\");\n script_tag(name:\"insight\", value:\"- An error within the System Drawing namespace of Windows Forms when handling\n pointers can be exploited to bypass CAS (Code Access Security) restrictions\n and disclose information.\n\n - An error within WinForms when handling certain objects can be exploited to\n cause a buffer overflow.\n\n - A boundary error within the System.DirectoryServices.Protocols namespace\n when handling objects can be exploited to cause a buffer overflow.\n\n - A double construction error within the framework does not validate object\n permissions and can be exploited via a specially crafted XAML Browser\n Application (XBAP) or an untrusted .NET application.\");\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed hotfixes or download and\n install the hotfixes from the referenced advisory.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-004.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.dll\");\n if(dllVer)\n {\n ## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,\n ## Windows 7 and and Windows Server 2008 R2\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.1000\", test_version2:\"4.0.30319.1000\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.2000\", test_version2:\"4.0.30319.2000\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n\n ## .NET Framework 4.5 on Windows 7 SP1 and Windows Server 2008 R2 SP 1\n ## Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2\n if((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"4.0.30319.18000\", test_version2:\"4.0.30319.18020\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.19000\", test_version2:\"4.0.30319.19028\")))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n\n ## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\n if((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&\n (version_in_range(version:dllVer, test_version:\"2.0.50727.5000\", test_version2:\"2.0.50727.5466\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.5600\", test_version2:\"2.0.50727.5739\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.4000\", test_version2:\"2.0.50727.4984\")))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n\n ## .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2\n if((hotfix_check_sp(winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"2.0.50727.4000\", test_version2:\"2.0.50727.4234\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.5700\", test_version2:\"2.0.50727.5739\")))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n\n ## .NET Framework 2.0 Service Pack 2 on Windows XP and Windows Server 2003\n if((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"2.0.50727.3000\", test_version2:\"2.0.50727.3643\")||\n version_in_range(version:dllVer, test_version:\"2.0.50727.5700\", test_version2:\"2.0.50727.5739\")))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n\n ## .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008\n if((hotfix_check_sp(xp:4, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllVer, test_version:\"1.1.4322.2000\", test_version2:\"1.1.4322.2501\")))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n## Microsoft .NET Framework 1.1 Service Pack 1 when used with\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(\"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"mscorlib.dll\");\n if(dllVer)\n {\n if(hotfix_check_sp(win2003:3) > 0)\n {\n ## Microsoft .NET Framework 1.1 Service Pack 1\n if(version_in_range(version:dllVer, test_version:\"1.1.4322.2000\", test_version2:\"1.1.4322.2501\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"system.identitymodel.dll\");\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003\nif(dllv3 && (hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.4506.4000\", test_version2:\"3.0.4506.4036\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5000\", test_version2:\"3.0.4506.5844\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows Vista and Windows Server 2008\nif(dllv3 && (hotfix_check_sp(winVista:3, win2008:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.4506.4000\", test_version2:\"3.0.4506.4213\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5000\", test_version2:\"3.0.4506.5846\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif(dllv3 && (hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.4506.5400\", test_version2:\"3.0.4506.5451\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5800\", test_version2:\"3.0.4506.5845\") ||\n version_in_range(version:dllv3, test_version:\"3.0.4506.5000\", test_version2:\"3.0.4506.5006\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-17T03:15:22", "references": ["https://seclists.org/fulldisclosure/2013/Jan/51", "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-004", "https://www.zerodayinitiative.com/advisories/ZDI-13-005/", "https://www.zerodayinitiative.com/advisories/ZDI-13-004/"], "pluginID": "63422", "description": "The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the way the Windows Forms in .NET Framework handle pointers to unmanaged memory locations. (CVE-2013-0001)\n\n - A buffer overflow vulnerability in a Windows Form method in the .NET Framework exists that could be exploited to gain elevated privileges. (CVE-2013-0002)\n\n - A method in the S.DS.P namespace of the .NET Framework is affected by a buffer overflow vulnerability which could be exploited to gain elevated privileges.\n (CVE-2013-0003)\n\n - The way the .NET Framework validates permissions of certain objects in memory has a flaw that could be exploited to gain elevated privileges. (CVE-2013-0004).", "edition": 7, "reporter": "Tenable", "published": "2013-01-09T00:00:00", "title": "MS13-004: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0002", "CVE-2013-0001", "CVE-2013-0004", "CVE-2013-0003"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:.net_framework"], "id": "SMB_NT_MS13-004.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(63422);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2013-0001\",\n \"CVE-2013-0002\",\n \"CVE-2013-0003\",\n \"CVE-2013-0004\"\n );\n script_bugtraq_id(57113, 57114, 57124, 57126);\n script_xref(name:\"MSFT\", value:\"MS13-004\");\n script_xref(name:\"MSKB\", value:\"2742595\");\n script_xref(name:\"MSKB\", value:\"2742596\");\n script_xref(name:\"MSKB\", value:\"2742597\");\n script_xref(name:\"MSKB\", value:\"2742598\");\n script_xref(name:\"MSKB\", value:\"2742599\");\n script_xref(name:\"MSKB\", value:\"2742601\");\n script_xref(name:\"MSKB\", value:\"2742604\");\n script_xref(name:\"MSKB\", value:\"2742613\");\n script_xref(name:\"MSKB\", value:\"2742614\");\n script_xref(name:\"MSKB\", value:\"2742616\");\n script_xref(name:\"MSKB\", value:\"2756918\");\n script_xref(name:\"MSKB\", value:\"2756919\");\n script_xref(name:\"MSKB\", value:\"2756920\");\n script_xref(name:\"MSKB\", value:\"2756921\");\n script_xref(name:\"MSKB\", value:\"2756923\");\n script_xref(name:\"IAVA\", value:\"2013-A-0006\");\n\n script_name(english:\"MS13-004: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)\");\n script_summary(english:\"Checks file versions\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The version of the .NET Framework installed on the remote host is\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Windows host is running a version of Microsoft .NET\nFramework that is affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n way the Windows Forms in .NET Framework handle pointers\n to unmanaged memory locations. (CVE-2013-0001)\n\n - A buffer overflow vulnerability in a Windows Form method\n in the .NET Framework exists that could be exploited to\n gain elevated privileges. (CVE-2013-0002)\n\n - A method in the S.DS.P namespace of the .NET Framework is\n affected by a buffer overflow vulnerability which could\n be exploited to gain elevated privileges.\n (CVE-2013-0003)\n\n - The way the .NET Framework validates permissions of\n certain objects in memory has a flaw that could be\n exploited to gain elevated privileges. (CVE-2013-0004).\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-004/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-005/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2013/Jan/51\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-004\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for the .NET Framework on\nWindows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS13-004';\nkbs = make_list(\n '2742595', # verify min versions\n '2742596',\n '2742597',\n '2742598',\n '2742599',\n '2742601',\n '2742604',\n #'2742607', # Not checked\n # Media Center Edition 2005 Service Pack 3 and Tablet PC Edition 2005 Service Pack 3 only\n '2742613',\n '2742614',\n '2742616',\n '2756918',\n '2756919',\n '2756920',\n '2756921',\n '2756923'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\"Windows Embedded\" >< productname) exit(0, \"The host is running \"+productname+\" and hence is not affected.\");\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\nassembly_dir_30 = get_registry_value(handle:hklm, item:\"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\\All Assemblies In\");\nassembly_dir_35 = get_registry_value(handle:hklm, item:\"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.5\\All Assemblies In\");\nRegCloseKey(handle:hklm);\nclose_registry();\n\nvuln = 0;\n\n########## KB2742595 ###########\n# .NET Framework 4.0 #\n# Windows XP SP3, #\n# Windows XP SP2 x64, #\n# Windows 2003 SP2, #\n# Windows Vista SP2, #\n# Windows 7, #\n# Windows Server 2008 SP2, #\n# Windows Server 2008 R2 #\n################################\nmissing = 0;\n# Windows XP SP3\nmissing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"System.Windows.Forms.dll\", version:\"4.0.30319.1001\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\nmissing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"System.Windows.Forms.dll\", version:\"4.0.30319.2001\", min_version:\"4.0.30319.1200\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\n# Windows XP SP2 x64 / Server 2003 SP2\nmissing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"System.Windows.Forms.dll\", version:\"4.0.30319.1001\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"System.Windows.Forms.dll\", version:\"4.0.30319.2001\", min_version:\"4.0.30319.1200\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\n# Windows Vista SP2 / Server 2008 SP2\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.Windows.Forms.dll\", version:\"4.0.30319.1001\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.Windows.Forms.dll\", version:\"4.0.30319.2001\", min_version:\"4.0.30319.1200\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\n# Windows 7 / 2008 R2\nmissing += hotfix_is_vulnerable(os:\"6.1\", file:\"System.Windows.Forms.dll\", version:\"4.0.30319.1001\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", file:\"System.Windows.Forms.dll\", version:\"4.0.30319.2001\", min_version:\"4.0.30319.1200\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742595\");\nvuln += missing;\n\n######### KB2742596 ###########\n# .NET Framework 2.0 SP2 #\n# Windows XP SP 3, #\n# Server 2003 SP2 #\n###############################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.5740\", min_version:\"2.0.50727.5000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\nmissing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.3644\", min_version:\"2.0.50727.3000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.5740\", min_version:\"2.0.50727.5000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.3644\", min_version:\"2.0.50727.3000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742596\");\nvuln += missing;\n\n########## KB2742597 ###########\n# .NET Framework 1.1 SP 1 #\n# Windows XP, #\n# Windows Server 2003 64-bit, #\n# Vista SP2, #\n# Server 2008 SP2 #\n################################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"5.1\", arch:\"x86\", sp:3, file:\"System.Web.dll\", version:\"1.1.4322.2502\", dir:\"\\Microsoft.NET\\Framework\\v1.1.4322\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", arch:\"x64\", sp:2, file:\"System.Web.dll\", version:\"1.1.4322.2502\", dir:\"\\Microsoft.NET\\Framework\\v1.1.4322\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.Web.dll\", version:\"1.1.4322.2502\", dir:\"\\Microsoft.NET\\Framework\\v1.1.4322\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:'2742597');\nvuln += missing;\n\n########## KB2742598 ###########\n# .NET Framework 3.5.1 #\n# Windows 7, #\n# Server 2008 R2 #\n################################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.5740\", min_version:\"2.0.50727.5000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.4985\", min_version:\"2.0.50727.4000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742598\");\nvuln += missing;\n\n########## KB2742599 ###########\n# .NET Framework 3.5.1 #\n# Windows 7 SP1, #\n# Server 2008 R2 SP1 #\n################################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.5740\", min_version:\"2.0.50727.5600\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.5467\", min_version:\"2.0.50727.4000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742599\");\nvuln += missing;\n\n########## KB2742601 ###########\n# .NET Framework 2.0 SP2 #\n# Windows Vista SP2, #\n# Server 2008 SP2 #\n################################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.5740\", min_version:\"2.0.50727.5000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.Windows.Forms.dll\", version:\"2.0.50727.4235\", min_version:\"2.0.50727.4000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742601\");\nvuln += missing;\n\n########## KB2742604 ###########\n# .NET Framework 1.1 SP 1 #\n# Windows Server 2003 SP2 #\n################################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"5.2\", arch:\"x86\", sp:2, file:\"mscorlib.dll\", version:\"1.1.4322.2502\", dir:\"\\Microsoft.NET\\Framework\\v1.1.4322\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:'2742604');\nvuln += missing;\n\n########## KB2742613 ###########\n# .NET Framework 4.5 #\n# Windows Vista SP2, #\n# Server 2008 SP2, #\n# Windows 7 SP1, #\n# Windows 2008 R2 SP1 #\n################################\nmissing = 0;\n# Windows Vista SP2 / Server 2008 SP2\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.dll\", version:\"4.0.30319.18021\", min_version:\"4.0.30319.17900\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.dll\", version:\"4.0.30319.19029\", min_version:\"4.0.30319.19000\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\n# Windows 7 SP1 / 2008 R2 SP1\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"System.dll\", version:\"4.0.30319.18021\", min_version:\"4.0.30319.17900\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"System.dll\", version:\"4.0.30319.19029\", min_version:\"4.0.30319.19000\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742613\");\nvuln += missing;\n\n########## KB2742614 ###########\n# .NET Framework 4.0 #\n# Windows 8, #\n# Server 2012 #\n################################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"System.dll\", version:\"4.0.30319.18022\", min_version:\"4.0.30319.17900\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\nmissing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"System.dll\", version:\"4.0.30319.19030\", min_version:\"4.0.30319.19000\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742614\");\nvuln += missing;\n\n########## KB2742616 ###########\n# .NET Framework 3.5 #\n# Windows 8, #\n# Server 2012 #\n################################\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"System.dll\", version:\"2.0.50727.6401\", min_version:\"2.0.50727.6000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\nmissing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"System.dll\", version:\"2.0.50727.7005\", min_version:\"2.0.50727.7000\", dir:\"\\Microsoft.NET\\Framework\\v2.0.50727\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2742616\");\nvuln += missing;\n\n######### KB2756918 ###########\n# .NET Framework 3.0 SP2 #\n# Windows XP SP 3, #\n# Server 2003 SP2 #\n###############################\nif (!isnull(assembly_dir_30))\n{\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"System.ServiceModel.dll\", version:\"3.0.4506.4037\", min_version:\"3.0.4506.4000\", path:assembly_dir_30);\n missing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"System.ServiceModel.dll\", version:\"3.0.4506.5845\", min_version:\"3.0.4506.5600\", path:assembly_dir_30);\n missing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"System.ServiceModel.dll\", version:\"3.0.4506.4037\", min_version:\"3.0.4506.4000\", path:assembly_dir_30);\n missing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"System.ServiceModel.dll\", version:\"3.0.4506.5845\", min_version:\"3.0.4506.5600\", path:assembly_dir_30);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2756918\");\n vuln += missing;\n}\n\n######### KB2756919 ###########\n# .NET Framework 3.0 SP2 #\n# Windows Vista SP2, #\n# Server 2008 SP2 #\n###############################\nif (!isnull(assembly_dir_30))\n{\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.ServiceModel.dll\", version:\"3.0.4506.4214\", min_version:\"3.0.4506.4000\", path:assembly_dir_30);\n missing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"System.ServiceModel.dll\", version:\"3.0.4506.5847\", min_version:\"3.0.4506.5600\", path:assembly_dir_30);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2756919\");\n vuln += missing;\n}\n\n######### KB2756920 ###########\n# .NET Framework 3.5.1 #\n# Windows 7, #\n# Server 2008 R2 #\n###############################\nif (!isnull(assembly_dir_35))\n{\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"System.ServiceModel.dll\", version:\"3.0.4506.5007\", min_version:\"3.0.4506.4000\", path:assembly_dir_35);\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"System.ServiceModel.dll\", version:\"3.0.4506.5846\", min_version:\"3.0.4506.5600\", path:assembly_dir_35);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2756920\");\n vuln += missing;\n}\n\n######### KB2756921 ###########\n# .NET Framework 3.5.1 #\n# Windows 7 SP1, #\n# Server 2008 R2 SP1 #\n###############################\nif (!isnull(assembly_dir_35))\n{\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"System.ServiceModel.dll\", version:\"3.0.4506.5452\", min_version:\"3.0.4506.4000\", path:assembly_dir_35);\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"System.ServiceModel.dll\", version:\"3.0.4506.5846\", min_version:\"3.0.4506.5600\", path:assembly_dir_35);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2756921\");\n vuln += missing;\n}\n\n######### KB2756923 ###########\n# .NET Framework 3.5 #\n# Windows 8, #\n# Server 2012 #\n###############################\nif (!isnull(assembly_dir_35))\n{\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"System.ServiceModel.dll\", version:\"3.0.4506.6401\", min_version:\"3.0.4506.6000\", path:assembly_dir_35);\n missing += hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"System.ServiceModel.dll\", version:\"3.0.4506.7005\", min_version:\"3.0.4506.7000\", path:assembly_dir_35);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2756923\");\n vuln += missing;\n}\n\nif(vuln > 0)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "references": [], "description": "Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS.", "edition": 1, "reporter": "MICROSOFT", "published": "2013-01-10T00:00:00", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:50", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Windows", "version": "7", "operator": "eq"}, {"name": "Windows", "version": "8", "operator": "eq"}], "cvelist": ["CVE-2013-0007", "CVE-2013-0002", "CVE-2013-0005", "CVE-2013-0001", "CVE-2013-0013", "CVE-2013-0008", "CVE-2013-0004", "CVE-2013-0003", "CVE-2013-0011", "CVE-2013-0006"], "modified": "2013-01-10T00:00:00", "id": "SECURITYVULNS:VULN:12817", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12817", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
