ID CVE-2015-6141 Type cve Reporter NVD Modified 2018-10-12T18:10:31
Description
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6134.
{"symantec": [{"lastseen": "2018-03-12T06:25:01", "references": [], "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Internet Explorer 9 is vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "reporter": "Symantec Security Response", "published": "2015-12-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "symantec", "title": "Microsoft Internet Explorer CVE-2015-6141 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft Internet Explorer", "version": "9 ", "operator": "eq"}], "cvelist": ["CVE-2015-6141"], "modified": "2015-12-08T00:00:00", "id": "SMNTC-78483", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/78483", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2016-11-09T00:18:11", "references": ["https://technet.microsoft.com/en-us/library/security/ms15-124.aspx"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the usage of CStylesheet objects. By manipulating a document's elements, an attacker can force an out-of-bounds memory access to occur. An attacker can leverage this vulnerability to execute code under the context of the current process.", "reporter": "B6BEB4D5E828CF0CCB47BB24AAC22515", "published": "2015-12-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Microsoft Internet Explorer CStylesheet Rules Out-Of-Bounds Access Remote Code Execution Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2015-6141"], "modified": "2015-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-585", "id": "ZDI-15-585", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-12-17T15:15:14", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n12/08/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions 7 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-6135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6135>) \n[CVE-2015-6136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6136>) \n[CVE-2015-6134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6134>) \n[CVE-2015-6140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6140>) \n[CVE-2015-6155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6155>) \n[CVE-2015-6083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6083>) \n[CVE-2015-6138](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6138>) \n[CVE-2015-6169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6169>) \n[CVE-2015-6168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6168>) \n[CVE-2015-6176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6176>) \n[CVE-2015-6170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6170>) \n[CVE-2015-6153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6153>) \n[CVE-2015-6152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6152>) \n[CVE-2015-6151](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6151>) \n[CVE-2015-6150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6150>) \n[CVE-2015-6149](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6149>) \n[CVE-2015-6148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6148>) \n[CVE-2015-6147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6147>) \n[CVE-2015-6146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6146>) \n[CVE-2015-6145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6145>) \n[CVE-2015-6144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6144>) \n[CVE-2015-6142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6142>) \n[CVE-2015-6143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6143>) \n[CVE-2015-6162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6162>) \n[CVE-2015-6164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6164>) \n[CVE-2015-6160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6160>) \n[CVE-2015-6161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6161>) \n[CVE-2015-6154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6154>) \n[CVE-2015-6141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6141>) \n[CVE-2015-6156](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6156>) \n[CVE-2015-6157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6157>) \n[CVE-2015-6158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6158>) \n[CVE-2015-6159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6159>) \n[CVE-2015-6139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6139>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2015-6135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6135>) \n[CVE-2015-6136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136>) \n[CVE-2015-6134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6134>) \n[CVE-2015-6140](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140>) \n[CVE-2015-6155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6155>) \n[CVE-2015-6083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6083>) \n[CVE-2015-6138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6138>) \n[CVE-2015-6169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6169>) \n[CVE-2015-6168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6168>) \n[CVE-2015-6176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6176>) \n[CVE-2015-6170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6170>) \n[CVE-2015-6153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6153>) \n[CVE-2015-6152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6152>) \n[CVE-2015-6151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6151>) \n[CVE-2015-6150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6150>) \n[CVE-2015-6149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6149>) \n[CVE-2015-6148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6148>) \n[CVE-2015-6147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6147>) \n[CVE-2015-6146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6146>) \n[CVE-2015-6145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6145>) \n[CVE-2015-6144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6144>) \n[CVE-2015-6142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142>) \n[CVE-2015-6143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6143>) \n[CVE-2015-6162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6162>) \n[CVE-2015-6164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6164>) \n[CVE-2015-6160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6160>) \n[CVE-2015-6161](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6161>) \n[CVE-2015-6154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154>) \n[CVE-2015-6141](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6141>) \n[CVE-2015-6156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6156>) \n[CVE-2015-6157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6157>) \n[CVE-2015-6158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6158>) \n[CVE-2015-6159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6159>) \n[CVE-2015-6139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6139>) \n\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3116900](<http://support.microsoft.com/kb/3116900>) \n[3116869](<http://support.microsoft.com/kb/3116869>) \n[3105579](<http://support.microsoft.com/kb/3105579>) \n[3105578](<http://support.microsoft.com/kb/3105578>) \n[3104002](<http://support.microsoft.com/kb/3104002>) \n[3116184](<http://support.microsoft.com/kb/3116184>) \n[3116180](<http://support.microsoft.com/kb/3116180>)", "edition": 28, "reporter": "Kaspersky Lab", "published": "2015-12-08T00:00:00", "title": "\r KLA10720Multiple vulnerabilities in Microsoft Internet Explorer & Edge ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6144", "CVE-2015-6157", "CVE-2015-6150", "CVE-2015-6162", "CVE-2015-6146", "CVE-2015-6168", "CVE-2015-6148", "CVE-2015-6147", "CVE-2015-6136", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6138", "CVE-2015-6160", "CVE-2015-6161", "CVE-2015-6149", "CVE-2015-6164", "CVE-2015-6083", "CVE-2015-6135", "CVE-2015-6158", "CVE-2015-6143", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6134", "CVE-2015-6169", "CVE-2015-6159", "CVE-2015-6152", "CVE-2015-6176", "CVE-2015-6170", "CVE-2015-6141", "CVE-2015-6145", "CVE-2015-6153", "CVE-2015-6156"], "modified": "2018-12-06T00:00:00", "id": "KLA10720", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10720", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:39:22", "references": ["https://support.microsoft.com/en-us/kb/3116180", "https://technet.microsoft.com/library/security/MS15-124", "https://support.microsoft.com/en-us/kb/3104002"], "pluginID": "1361412562310806646", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-124.", "edition": 8, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-12-09T00:00:00", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (3116180)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6144", "CVE-2015-6157", "CVE-2015-6150", "CVE-2015-6162", "CVE-2015-6146", "CVE-2015-6148", "CVE-2015-6147", "CVE-2015-6136", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6138", "CVE-2015-6160", "CVE-2015-6161", "CVE-2015-6149", "CVE-2015-6164", "CVE-2015-6083", "CVE-2015-6135", "CVE-2015-6158", "CVE-2015-6143", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6134", "CVE-2015-6159", "CVE-2015-6152", "CVE-2015-6141", "CVE-2015-6145", "CVE-2015-6153", "CVE-2015-6156"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310806646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms15-124.nasl 11876 2018-10-12 12:20:01Z cfischer $\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (3116180)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806646\");\n script_version(\"$Revision: 11876 $\");\n script_cve_id(\"CVE-2015-6083\", \"CVE-2015-6134\", \"CVE-2015-6135\", \"CVE-2015-6136\",\n \"CVE-2015-6138\", \"CVE-2015-6139\", \"CVE-2015-6140\", \"CVE-2015-6141\",\n \"CVE-2015-6142\", \"CVE-2015-6143\", \"CVE-2015-6144\", \"CVE-2015-6145\",\n \"CVE-2015-6146\", \"CVE-2015-6147\", \"CVE-2015-6148\", \"CVE-2015-6149\",\n \"CVE-2015-6150\", \"CVE-2015-6151\", \"CVE-2015-6152\", \"CVE-2015-6153\",\n \"CVE-2015-6154\", \"CVE-2015-6155\", \"CVE-2015-6156\", \"CVE-2015-6157\",\n \"CVE-2015-6158\", \"CVE-2015-6159\", \"CVE-2015-6160\", \"CVE-2015-6161\",\n \"CVE-2015-6162\", \"CVE-2015-6164\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:20:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 11:34:00 +0530 (Wed, 09 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (3116180)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-124.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple errors caused by improperly accessing objects in memory.\n\n - Multiple XSS filter bypass errors.\n\n - An error in VBScript which improperly discloses the contents of its memory.\n\n - An error in the way that the VBScript engine renders when handling objects\n in memory in Internet Explorer.\n\n - An error when Internet Explorer does not properly enforce content types.\n\n - An error when Internet Explorer improperly discloses the contents of its\n memory.\n\n - An error when Internet Explorer fails to use the Address Space Layout\n Randomization (ASLR) security feature.\n\n - An error when Internet Explorer does not properly enforce cross-domain\n policies.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code, gain access to sensitive information,\n elevate privileges, bypass certain security restrictions and execute arbitrary\n HTML and script code in a user's browser session in context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version\n 7.x/8.x/9.x/10.x/11.x\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed\n hotfixes or download and update mentioned hotfixes in the advisory from the\n link, https://technet.microsoft.com/library/security/MS15-124\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3116180\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3104002\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-124\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2,\n win8:1, win8x64:1, win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || !(ieVer =~ \"^(7|8|9|10|11)\")){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Mshtml.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif(dllVer =~ \"^(7\\.0\\.6002\\.1)\"){\n Vulnerable_range = \"7.0.6002.18000 - 7.0.6002.19536\";\n}\nelse if (dllVer =~ \"^(7\\.0\\.6002\\.2)\"){\n Vulnerable_range = \"7.0.6002.23000 - 7.0.6002.23846\";\n}\nelse if (dllVer =~ \"^(8\\.0\\.6001\\.1)\"){\n Vulnerable_range = \"8.0.6001.18000 - 8.0.6001.19704\";\n}\nelse if (dllVer =~ \"^(8\\.0\\.6001\\.2)\"){\n Vulnerable_range = \"8.0.6001.20000 - 8.0.6001.23764\";\n}\n\nelse if (dllVer =~ \"^(9\\.0\\.8112\\.1)\"){\n Vulnerable_range = \"9.0.8112.16000 - 9.0.8112.16722\";\n}\nelse if (dllVer =~ \"^(9\\.0\\.8112\\.2)\"){\n Vulnerable_range = \"9.0.8112.20000 - 9.0.8112.20837\";\n}\nelse if (dllVer =~ \"^(8\\.0\\.7601\\.1)\"){\n Vulnerable_range = \"8.0.7601.17000 - 8.0.7601.19057\";\n}\nelse if (dllVer =~ \"^(8\\.0\\.7601\\.2)\"){\n Vulnerable_range = \"8.0.7601.22000 - 8.0.7601.23261\";\n}\n\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.19536\")||\n version_in_range(version:dllVer, test_version:\"7.0.6002.23000\", test_version2:\"7.0.6002.23846\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.19704\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.20000\", test_version2:\"8.0.6001.23764\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16722\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20837\")){\n VULN = TRUE ;\n }\n}\n\n\n\nelse if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"8.0.7601.17000\", test_version2:\"8.0.7601.19057\")||\n version_in_range(version:dllVer, test_version:\"8.0.7601.22000\", test_version2:\"8.0.7601.23261\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16722\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20837\")){\n VULN = TRUE ;\n }\n else if(version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17565\"))\n {\n Vulnerable_range = \"10.0.9200.16000 - 10.0.9200.17565\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:dllVer, test_version:\"10.0.9200.21000\", test_version2:\"10.0.9200.21683\"))\n {\n Vulnerable_range = \"10.0.9200.21000 - 10.0.9200.21683\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:dllVer, test_version:\"11.0.9600.00000\", test_version2:\"11.0.9600.18124\"))\n {\n Vulnerable_range = \"11.0.9600.00000 - 11.0.9600.18124\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8:1, win2012:1) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17567\"))\n {\n Vulnerable_range = \"10.0.9200.16000 - 10.0.9200.17567\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.21683\"))\n {\n Vulnerable_range = \"10.0.9200.20000 - 10.0.9200.21672\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"11.0.9600.18125\"))\n {\n Vulnerable_range = \"Less than 11.0.9600.18125\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"11.0.10240.16603\"))\n {\n Vulnerable_range = \"Less than 11.0.10240.16603\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:dllVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.19\"))\n {\n Vulnerable_range = \"11.0.10586.0 - 11.0.10586.19\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\system32\\Mshtml.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-17T03:15:32", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-124"], "pluginID": "87253", "description": "The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "edition": 10, "reporter": "Tenable", "published": "2015-12-08T00:00:00", "title": "MS15-124: Cumulative Security Update for Internet Explorer (3116180)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6144", "CVE-2015-6157", "CVE-2015-6150", "CVE-2015-6162", "CVE-2015-6146", "CVE-2015-6148", "CVE-2015-6147", "CVE-2015-6136", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6138", "CVE-2015-6160", "CVE-2015-6161", "CVE-2015-6149", "CVE-2015-6164", "CVE-2015-6083", "CVE-2015-6135", "CVE-2015-6158", "CVE-2015-6143", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6134", "CVE-2015-6159", "CVE-2015-6152", "CVE-2015-6141", "CVE-2015-6145", "CVE-2015-6153", "CVE-2015-6156"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS15-124.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87253", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87253);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2015-6083\",\n \"CVE-2015-6134\",\n \"CVE-2015-6135\",\n \"CVE-2015-6136\",\n \"CVE-2015-6138\",\n \"CVE-2015-6139\",\n \"CVE-2015-6140\",\n \"CVE-2015-6141\",\n \"CVE-2015-6142\",\n \"CVE-2015-6143\",\n \"CVE-2015-6144\",\n \"CVE-2015-6145\",\n \"CVE-2015-6146\",\n \"CVE-2015-6147\",\n \"CVE-2015-6148\",\n \"CVE-2015-6149\",\n \"CVE-2015-6150\",\n \"CVE-2015-6151\",\n \"CVE-2015-6152\",\n \"CVE-2015-6153\",\n \"CVE-2015-6154\",\n \"CVE-2015-6155\",\n \"CVE-2015-6156\",\n \"CVE-2015-6157\",\n \"CVE-2015-6158\",\n \"CVE-2015-6159\",\n \"CVE-2015-6160\",\n \"CVE-2015-6161\",\n \"CVE-2015-6162\",\n \"CVE-2015-6164\"\n );\n script_bugtraq_id(\n 78481,\n 78482,\n 78483,\n 78484,\n 78485,\n 78486,\n 78487,\n 78488,\n 78489,\n 78490,\n 78491,\n 78492,\n 78494,\n 78495,\n 78507,\n 78508,\n 78526,\n 78527,\n 78528,\n 78529,\n 78530,\n 78531,\n 78532,\n 78533,\n 78534,\n 78535,\n 78536,\n 78537,\n 78538,\n 78540\n );\n script_xref(name:\"MSFT\", value:\"MS15-124\");\n script_xref(name:\"MSKB\", value:\"3104002\");\n script_xref(name:\"MSKB\", value:\"3116869\");\n script_xref(name:\"MSKB\", value:\"3116900\");\n script_xref(name:\"MSKB\", value:\"3125869\");\n\n script_name(english:\"MS15-124: Cumulative Security Update for Internet Explorer (3116180)\");\n script_summary(english:\"Checks the version of mshtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3116180. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these issues by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-124\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-124';\nkbs = make_list('3104002', '3116869', '3116900', '3125869');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Server 2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\n######################################\n# Get registry keys values\n# 1. 32bit hardening\n# 2. 64bit hardening\n######################################\n\n# Connect to the appropriate share.\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\nhcf_init = TRUE;\n\n# Connect to remote registry.\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, \"IPC$\");\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n audit(AUDIT_REG_FAIL);\n}\n\nh32 = NULL;\nh64 = NULL;\nlocal_arch = get_kb_item(\"SMB/ARCH\");\n\nkey32 = \"SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\";\nkey_h = RegOpenKey(handle:hklm, key:key32, mode:MAXIMUM_ALLOWED, wow:FALSE);\nif (!isnull(key_h))\n{\n value = RegQueryValue(handle:key_h, item:'iexplore.exe');\n if (!isnull(value)) h32 = value[1];\n\n RegCloseKey(handle:key_h);\n}\nkey64 = \"SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING\";\nkey_h = RegOpenKey(handle:hklm, key:key64, mode:MAXIMUM_ALLOWED, wow:FALSE);\nif (!isnull(key_h))\n{\n value = RegQueryValue(handle:key_h, item:'iexplore.exe');\n if (!isnull(value)) h64 = value[1];\n\n RegCloseKey(handle:key_h);\n}\n\nRegCloseKey(handle:hklm);\nNetUseDel(close:FALSE);\n\n######################################\n# Start normal checks\n######################################\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n# Assume applied until proven guilty\napplied = TRUE;\nif (\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"mshtml.dll\", version:\"11.0.10586.20\", min_version:\"11.0.10586.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"3116900\") ||\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"mshtml.dll\", version:\"11.0.10240.16603\", min_version:\"11.0.10240.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3116869\") ||\n\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18125\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n\n # Windows 8 / Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.21684\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.17568\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"10.0.9200.21684\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"10.0.9200.17566\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18125\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n # Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"8.0.7601.23262\", min_version:\"8.0.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"8.0.7601.19058\", min_version:\"8.0.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.20838\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.16723\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n\n # Vista / Windows Server 2008\n # Internet Explorer 7\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"7.0.6002.23847\", min_version:\"7.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"7.0.6002.19537\", min_version:\"7.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n # Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"8.0.6001.23765\", min_version:\"8.0.6001.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"8.0.6001.19705\", min_version:\"8.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.20838\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16723\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3104002\")\n) applied = FALSE;\n\n\n######################################\n# Check registry keys values\n######################################\nharden = TRUE;\n\n# BOTH keys required on x64\nif (\n (h32 == 0 || empty_or_null(h32))\n ||\n ((h64 == 0 || empty_or_null(h64)) && local_arch == \"x64\")\n)\n{\n hreport =\n 'ASLR hardening settings for Internet Explorer in KB3125869\\n'+\n 'have not been applied. The following DWORD keys must be\\n' +\n 'created with a value of 1:\\n';\n\n if (h32 == 0 || empty_or_null(h32))\n hreport += ' - HKLM\\\\'+key32+'\\\\iexplore.exe\\n';\n if ((h64 == 0 || empty_or_null(h64)) && local_arch == \"x64\")\n hreport += ' - HKLM\\\\'+key64+'\\\\iexplore.exe\\n';\n\n if (empty_or_null(local_arch))\n hreport +=\n '\\nNote that Nessus was unable to determine the architecture of' +\n '\\nthe remote host; therefore, it is not certain which hardening' +\n '\\nkeys are required for this vulnerability.';\n\n hotfix_add_report(hreport, bulletin:bulletin, kb:\"3125869\");\n harden = FALSE;\n}\n\n######################################\n# Report\n######################################\nif (!applied || !harden)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n # System appears to be not affected, but if\n # the arch key was not found or readable, it's\n # not certain the machine is not affected, i.e.,\n # 64bit machines require BOTH keys.\n if (empty_or_null(local_arch))\n exit(1, \"System architecture could not be determined, and it is therefore not certain which hardening keys are required for this vulnerability.\");\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
