DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2017-0240", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2017-0240", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.", "published": "2017-05-12T14:29:00", "modified": "2017-07-08T01:29:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.6}, "severity": "HIGH", "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0240", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0240", "http://www.securityfocus.com/bid/98203", "http://www.securitytracker.com/id/1038424"], "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "immutableFields": [], "lastseen": "2023-02-08T15:37:18", "viewCount": 42, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2017-0329", "CPAI-2017-0340", "CPAI-2017-0344"]}, {"type": "cve", "idList": ["CVE-2017-0221", "CVE-2017-0227"]}, {"type": "kaspersky", "idList": ["KLA11002"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0221", "MS:CVE-2017-0227", "MS:CVE-2017-0240"]}, {"type": "nessus", "idList": ["SMB_NT_MS17_MAY_4016871.NASL", "SMB_NT_MS17_MAY_4019472.NASL", "SMB_NT_MS17_MAY_4019473.NASL", "SMB_NT_MS17_MAY_4019474.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811107", "OPENVAS:1361412562310811108", "OPENVAS:1361412562310811110", "OPENVAS:1361412562310811111"]}, {"type": "symantec", "idList": ["SMNTC-98147", "SMNTC-98203", "SMNTC-98281"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B"]}, {"type": "zdi", "idList": ["ZDI-17-328", "ZDI-17-329"]}]}, "score": {"value": 2.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2017-0340"]}, {"type": "cve", "idList": ["CVE-2017-0221", "CVE-2017-0227"]}, {"type": "kaspersky", "idList": ["KLA11002"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0240"]}, {"type": "nessus", "idList": ["SMB_NT_MS17_MAY_4019472.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811107", "OPENVAS:1361412562310811108", "OPENVAS:1361412562310811110", "OPENVAS:1361412562310811111"]}, {"type": "symantec", "idList": ["SMNTC-98203"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B"]}, {"type": "zdi", "idList": ["ZDI-17-328", "ZDI-17-329"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-0240", "epss": "0.264370000", "percentile": "0.959830000", "modified": "2023-03-14"}], "vulnersScore": 2.7}, "_state": {"dependencies": 1675870663, "score": 1675870655, "affected_software_major_version": 1677268883, "epss": 1678825578}, "_internal": {"score_hash": "53eab1620ca5b329f9e57b2c11fe11c5"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:microsoft:edge:*"], "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"], "cwe": ["CWE-119"], "affectedSoftware": [{"cpeName": "microsoft:edge", "version": "*", "operator": "eq", "name": "microsoft edge"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0240", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0240", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://www.securityfocus.com/bid/98203", "name": "98203", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://www.securitytracker.com/id/1038424", "name": "1038424", "refsource": "SECTRACK", "tags": []}], "product_info": [{"vendor": "Microsoft Corporation", "product": "Microsoft Edge"}]}

{"cve": [{"lastseen": "2023-02-08T15:37:16", "description": "A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0221", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-05-23T19:17:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0221", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0221", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T15:37:16", "description": "A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-12T14:29:00", "type": "cve", "title": "CVE-2017-0227", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221", "CVE-2017-0227", "CVE-2017-0240"], "modified": "2017-07-08T01:29:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-0227", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0227", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2023-03-17T02:35:24", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-09T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0240"], "modified": "2017-05-09T07:00:00", "id": "MS:CVE-2017-0240", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0240", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:24", "description": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nIn a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\n\nThe security update addresses the vulnerability by changing how the scripting engine handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-09T07:00:00", "type": "mscve", "title": "Scripting Engine Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0227"], "modified": "2017-05-09T07:00:00", "id": "MS:CVE-2017-0227", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0227", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-17T02:35:24", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-09T07:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221"], "modified": "2017-05-09T07:00:00", "id": "MS:CVE-2017-0221", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0221", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2018-03-13T14:30:46", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "symantec", "title": "Microsoft Edge CVE-2017-0240 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-0240"], "modified": "2017-05-09T00:00:00", "id": "SMNTC-98203", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98203", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-13T12:08:07", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "symantec", "title": "Microsoft Edge CVE-2017-0227 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-0227"], "modified": "2017-05-09T00:00:00", "id": "SMNTC-98281", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98281", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:40:16", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "symantec", "title": "Microsoft Edge CVE-2017-0221 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-0221"], "modified": "2017-05-09T00:00:00", "id": "SMNTC-98147", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98147", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:36:01", "description": "A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft scripting engines handle objects in memory. Successful exploitation of this vulnerability could allow an unauthenticated user to run arbitrary code with the rights of the current user.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Memory Corruption (CVE-2017-0240)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0240"], "modified": "2017-05-09T00:00:00", "id": "CPAI-2017-0340", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:36:01", "description": "A type confusion memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Memory Corruption (CVE-2017-0227)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0227"], "modified": "2017-05-09T00:00:00", "id": "CPAI-2017-0329", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:35:58", "description": "A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling of objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge allowing arbitrary code execution.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Memory Corruption (CVE-2017-0221)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0221"], "modified": "2017-05-09T00:00:00", "id": "CPAI-2017-0344", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2022-01-31T21:35:17", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AudioBuffer objects. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-10T00:00:00", "type": "zdi", "title": "(Pwn2Own) Microsoft Edge AudioBuffer Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0240"], "modified": "2017-05-10T00:00:00", "id": "ZDI-17-329", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-329/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:35:18", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AudioBuffer objects. By performing actions in JavaScript an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-10T00:00:00", "type": "zdi", "title": "(Pwn2Own) Microsoft Edge AudioBuffer Use-After-Free Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0240"], "modified": "2017-05-10T00:00:00", "id": "ZDI-17-328", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-328/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T16:07:46", "description": "### *Detect date*:\n05/09/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, bypass security restrictions.\n\n### *Affected products*:\nInternet Explorer 9 \nInternet Explorer 11 \nInternet Explorer 10 \nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0266](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0266>) \n[CVE-2017-0241](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0241>) \n[CVE-2017-0240](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0240>) \n[CVE-2017-0238](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0238>) \n[CVE-2017-0236](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0236>) \n[CVE-2017-0235](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0235>) \n[CVE-2017-0234](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0234>) \n[CVE-2017-0233](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0233>) \n[CVE-2017-0231](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0231>) \n[CVE-2017-0230](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0230>) \n[CVE-2017-0229](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0229>) \n[CVE-2017-0228](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0228>) \n[CVE-2017-0227](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0227>) \n[CVE-2017-0226](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0226>) \n[CVE-2017-0224](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0224>) \n[CVE-2017-0222](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0222>) \n[CVE-2017-0221](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0221>) \n[CVE-2017-0064](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0064>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0266](<https://vulners.com/cve/CVE-2017-0266>)7.6Critical \n[CVE-2017-0241](<https://vulners.com/cve/CVE-2017-0241>)5.4High \n[CVE-2017-0240](<https://vulners.com/cve/CVE-2017-0240>)7.6Critical \n[CVE-2017-0238](<https://vulners.com/cve/CVE-2017-0238>)7.6Critical \n[CVE-2017-0236](<https://vulners.com/cve/CVE-2017-0236>)7.6Critical \n[CVE-2017-0235](<https://vulners.com/cve/CVE-2017-0235>)7.6Critical \n[CVE-2017-0234](<https://vulners.com/cve/CVE-2017-0234>)7.6Critical \n[CVE-2017-0233](<https://vulners.com/cve/CVE-2017-0233>)5.1High \n[CVE-2017-0231](<https://vulners.com/cve/CVE-2017-0231>)4.3Warning \n[CVE-2017-0230](<https://vulners.com/cve/CVE-2017-0230>)7.6Critical \n[CVE-2017-0229](<https://vulners.com/cve/CVE-2017-0229>)7.6Critical \n[CVE-2017-0228](<https://vulners.com/cve/CVE-2017-0228>)7.6Critical \n[CVE-2017-0227](<https://vulners.com/cve/CVE-2017-0227>)7.6Critical \n[CVE-2017-0226](<https://vulners.com/cve/CVE-2017-0226>)7.6Critical \n[CVE-2017-0224](<https://vulners.com/cve/CVE-2017-0224>)7.6Critical \n[CVE-2017-0222](<https://vulners.com/cve/CVE-2017-0222>)7.6Critical \n[CVE-2017-0221](<https://vulners.com/cve/CVE-2017-0221>)7.6Critical \n[CVE-2017-0064](<https://vulners.com/cve/CVE-2017-0064>)4.3Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4016871](<http://support.microsoft.com/kb/4016871>) \n[4019474](<http://support.microsoft.com/kb/4019474>) \n[4018271](<http://support.microsoft.com/kb/4018271>) \n[4019215](<http://support.microsoft.com/kb/4019215>) \n[4019264](<http://support.microsoft.com/kb/4019264>) \n[4019216](<http://support.microsoft.com/kb/4019216>) \n[4034668](<http://support.microsoft.com/kb/4034668>) \n[4034733](<http://support.microsoft.com/kb/4034733>) \n[4034674](<http://support.microsoft.com/kb/4034674>) \n[4034681](<http://support.microsoft.com/kb/4034681>) \n[4034658](<http://support.microsoft.com/kb/4034658>) \n[4034660](<http://support.microsoft.com/kb/4034660>) \n[4019473](<http://support.microsoft.com/kb/4019473>) \n[4019472](<http://support.microsoft.com/kb/4019472>)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-09T00:00:00", "type": "kaspersky", "title": "KLA11002 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0221", "CVE-2017-0222", "CVE-2017-0224", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0266"], "modified": "2020-07-17T00:00:00", "id": "KLA11002", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11002/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:19:39", "description": "This host is missing a critical/important\n security update according to Microsoft KB4019472.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0221", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811107", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4019472)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811107\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0171\", \"CVE-2017-0190\",\n \"CVE-2017-0212\", \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0221\",\n \"CVE-2017-0222\", \"CVE-2017-0226\", \"CVE-2017-0227\", \"CVE-2017-0228\",\n \"CVE-2017-0229\", \"CVE-2017-0230\", \"CVE-2017-0231\", \"CVE-2017-0233\",\n \"CVE-2017-0234\", \"CVE-2017-0236\", \"CVE-2017-0238\", \"CVE-2017-0240\",\n \"CVE-2017-0241\", \"CVE-2017-0246\", \"CVE-2017-0248\", \"CVE-2017-0258\",\n \"CVE-2017-0259\", \"CVE-2017-0263\", \"CVE-2017-0266\", \"CVE-2017-0267\",\n \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\",\n \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\",\n \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\",\n \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98097, 98298, 98099, 98102, 98103, 98147, 98127,\n 98139, 98281, 98164, 98217, 98222, 98173, 98179, 98229, 98234,\n 98237, 98203, 98208, 98108, 98117, 98112, 98113, 98258, 98276,\n 98259, 98261, 98263, 98264, 98265, 98260, 98274, 98266, 98267,\n 98268, 98270, 98271, 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:54:53 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4019472)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical/important\n security update according to Microsoft KB4019472.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, spoof content, bypass\n certain security restrictions and cause a host machine to crash.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4019472\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1197\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.14393.0 - 11.0.14393.1197\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:25:18", "description": "This host is missing important/critical\n security update according to Microsoft Security update KB4019474.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811111", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4019474)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811111\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0190\", \"CVE-2017-0212\",\n \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0222\", \"CVE-2017-0226\",\n \"CVE-2017-0227\", \"CVE-2017-0228\", \"CVE-2017-0229\", \"CVE-2017-0231\",\n \"CVE-2017-0233\", \"CVE-2017-0234\", \"CVE-2017-0236\", \"CVE-2017-0238\",\n \"CVE-2017-0240\", \"CVE-2017-0241\", \"CVE-2017-0246\", \"CVE-2017-0248\",\n \"CVE-2017-0258\", \"CVE-2017-0259\", \"CVE-2017-0263\", \"CVE-2017-0267\",\n \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\",\n \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\",\n \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\",\n \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98298, 98099, 98102, 98103, 98127, 98139, 98281,\n 98164, 98217, 98173, 98179, 98229, 98234, 98237, 98203, 98208,\n 98108, 98117, 98112, 98113, 98258, 98259, 98261, 98263, 98264,\n 98265, 98260, 98274, 98266, 98267, 98268, 98270, 98271, 98272,\n 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:55:53 +0530 (Wed, 10 May 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4019474)\");\n\n script_tag(name:\"summary\", value:\"This host is missing important/critical\n security update according to Microsoft Security update KB4019474.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, spoof content, bypass\n certain security restrictions and cause a host machine to crash.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4019474\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_is_less(version:edgeVer, test_version:\"11.0.10240.17394\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: Less than 11.0.10240.17394\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:25:38", "description": "This host is missing a critical/important\n security update according to Microsoft KB4019473.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4019473)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811110", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4019473)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811110\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0190\", \"CVE-2017-0212\",\n \"CVE-2017-0213\", \"CVE-2017-0214\", \"CVE-2017-0222\", \"CVE-2017-0226\",\n \"CVE-2017-0227\", \"CVE-2017-0228\", \"CVE-2017-0229\", \"CVE-2017-0231\",\n \"CVE-2017-0233\", \"CVE-2017-0234\", \"CVE-2017-0236\", \"CVE-2017-0238\",\n \"CVE-2017-0240\", \"CVE-2017-0241\", \"CVE-2017-0246\", \"CVE-2017-0248\",\n \"CVE-2017-0258\", \"CVE-2017-0259\", \"CVE-2017-0263\", \"CVE-2017-0266\",\n \"CVE-2017-0267\", \"CVE-2017-0268\", \"CVE-2017-0269\", \"CVE-2017-0270\",\n \"CVE-2017-0271\", \"CVE-2017-0272\", \"CVE-2017-0273\", \"CVE-2017-0274\",\n \"CVE-2017-0275\", \"CVE-2017-0276\", \"CVE-2017-0277\", \"CVE-2017-0278\",\n \"CVE-2017-0279\", \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98298, 98099, 98102, 98103, 98127, 98139, 98281,\n 98164, 98217, 98173, 98179, 98229, 98234, 98237, 98203, 98208,\n 98108, 98117, 98112, 98113, 98258, 98276, 98259, 98261, 98263,\n 98264, 98265, 98260, 98274, 98266, 98267, 98268, 98270, 98271,\n 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:55:53 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4019473)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical/important\n security update according to Microsoft KB4019473.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, spoof content, bypass\n certain security restrictions and cause a host machine to crash.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4019473\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.915\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10586.0 - 11.0.10586.915\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:21", "description": "This host is missing a critical security\n update according to Microsoft Security update KB4016871.", "cvss3": {}, "published": "2017-05-10T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4016871)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0229", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0248", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0235", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0224", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0077", "CVE-2017-0277", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0276", "CVE-2017-0246"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811108", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4016871)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811108\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0064\", \"CVE-2017-0077\", \"CVE-2017-0212\", \"CVE-2017-0213\",\n \"CVE-2017-0214\", \"CVE-2017-0222\", \"CVE-2017-0224\", \"CVE-2017-0226\",\n \"CVE-2017-0227\", \"CVE-2017-0228\", \"CVE-2017-0229\", \"CVE-2017-0230\",\n \"CVE-2017-0231\", \"CVE-2017-0233\", \"CVE-2017-0234\", \"CVE-2017-0235\",\n \"CVE-2017-0236\", \"CVE-2017-0238\", \"CVE-2017-0240\", \"CVE-2017-0241\",\n \"CVE-2017-0246\", \"CVE-2017-0248\", \"CVE-2017-0258\", \"CVE-2017-0259\",\n \"CVE-2017-0263\", \"CVE-2017-0266\", \"CVE-2017-0267\", \"CVE-2017-0268\",\n \"CVE-2017-0269\", \"CVE-2017-0270\", \"CVE-2017-0271\", \"CVE-2017-0272\",\n \"CVE-2017-0273\", \"CVE-2017-0274\", \"CVE-2017-0275\", \"CVE-2017-0276\",\n \"CVE-2017-0277\", \"CVE-2017-0278\", \"CVE-2017-0279\", \"CVE-2017-0280\");\n script_bugtraq_id(98121, 98114, 98099, 98102, 98103, 98127, 98214, 98139, 98281,\n 98164, 98217, 98222, 98173, 98179, 98229, 98230, 98234, 98237,\n 98203, 98208, 98108, 98117, 98112, 98113, 98258, 98276, 98259,\n 98261, 98263, 98264, 98265, 98260, 98274, 98266, 98267, 98268,\n 98270, 98271, 98272, 98273);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-05-10 08:52:53 +0530 (Wed, 10 May 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4016871)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Security update KB4016871.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This monthly rollup,\n\n - Addressed issue with Surface Hub devices waking from sleep approximately\n every four minutes after the first two hours.\n\n - Addressed issue where autochk.exe can randomly skip drive checks and not fix\n corruptions, which may lead to data loss.\n\n - Addressed an issue where Microsoft Edge users in networking environments that\n do not fully support the TCP Fast Open standard may have problems connecting\n to some websites. Users can re-enable TCP Fast Open in about:flags.\n\n - Addressed issues with Arc Touch mouse Bluetooth connectivity.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to obtain information to further compromise the user's system, execute\n arbitrary code in the context of the current user, gain the same user rights as\n the current user, could take control of an affected system, cause a host\n machine to crash, spoof content and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4016871\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-gb/help/4016871\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.295\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.15063.0 - 11.0.15063.295\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:25:33", "description": "The remote Windows host is missing security update KB4019472. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows DNS server when it's configured to answer version queries. An unauthenticated, remote attacker can exploit this, via a malicious DNS query, to cause the DNS server to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Edge due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0221)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0171", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0221", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_4019472.NASL", "href": "https://www.tenable.com/plugins/nessus/100059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100059);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0171\",\n \"CVE-2017-0190\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0221\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0230\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0266\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98097,\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98147,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98217,\n 98222,\n 98229,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98276,\n 98281,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4019472\");\n script_xref(name:\"MSFT\", value:\"MS17-4019472\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4019472: Windows 10 Version 1607 and Windows Server 2016 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4019472. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - A denial of service vulnerability exists in the Windows\n DNS server when it's configured to answer version\n queries. An unauthenticated, remote attacker can exploit\n this, via a malicious DNS query, to cause the DNS server\n to become nonresponsive. (CVE-2017-0171)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics Device Interface (GDI) due to improper\n handling of objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n this, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-0221)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the\n Microsoft scripting engines due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n crafted web page or open a crafted Office document file,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019472/windows-10-update-kb4019472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?038b505a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4019472.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\n## NB: Microsoft \nbulletin = 'MS17-05';\nkbs = make_list(4019472);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# Update only applies to Window 10 1607 / Server 2016\nif (hotfix_check_sp_range(win10:'0') <= 0) \n audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10 1607 / Server 2016\n smb_check_rollup(os:\"10\", sp:0, os_build:\"14393\", rollup_date:\"05_2017\", bulletin:bulletin, rollup_kb_list:kbs)\n)\n{\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:25:17", "description": "The remote Windows 10 version 1507 host is missing security update KB4019474. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4019474: Windows 10 Version 1507 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_4019474.NASL", "href": "https://www.tenable.com/plugins/nessus/100061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100061);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0190\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98217,\n 98229,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98281,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4019474\");\n script_xref(name:\"MSFT\", value:\"MS17-4019474\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4019474: Windows 10 Version 1507 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1507 host is missing security update\nKB4019474. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics Device Interface (GDI) due to improper\n handling of objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019474/windows-10-update-kb4019474\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?01ec841b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4019474.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4019474' # 10 1507\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1507)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date: \"05_2017\",\n bulletin:bulletin,\n rollup_kb_list:kbs)\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:55", "description": "The remote Windows 10 version 1511 host is missing security update KB4019473. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the Windows Graphics Device Interface (GDI) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4019473: Windows 10 Version 1511 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0190", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_MAY_4019473.NASL", "href": "https://www.tenable.com/plugins/nessus/100060", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100060);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0190\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0266\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98217,\n 98229,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98276,\n 98281,\n 98298\n );\n script_xref(name:\"MSKB\", value:\"4019473\");\n script_xref(name:\"MSFT\", value:\"MS17-4019473\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4019473: Windows 10 Version 1511 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1511 host is missing security update\nKB4019473. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics Device Interface (GDI) due to improper\n handling of objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-0190)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the\n Microsoft scripting engines due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n crafted web page or open a crafted Office document file,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4019473/windows-10-update-kb4019473\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4763dd01\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4019473.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkb = make_list(\n '4019473' # 10 1151\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kb, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 10 (1511)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date: \"05_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4019473))\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:23", "description": "The remote Windows 10 version 1703 host is missing security update KB4016871. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0224)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0235)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0223", "CVE-2017-0224", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_MAY_4016871.NASL", "href": "https://www.tenable.com/plugins/nessus/100055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100055);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0223\",\n \"CVE-2017-0224\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0230\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0235\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0266\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98214,\n 98217,\n 98222,\n 98229,\n 98230,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98276,\n 98281,\n 98452\n );\n script_xref(name:\"MSKB\", value:\"4016871\");\n script_xref(name:\"MSFT\", value:\"MS17-4016871\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1703 host is missing security update\nKB4016871. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0224)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0235)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the\n Microsoft scripting engines due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n crafted web page or open a crafted Office document file,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4016871/windows-10-update-kb4016871\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f546dcfb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4016871.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4016871' # 10 1703 \n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1703)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date: \"05_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4016871))\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2017-05-18T08:47:17", "description": "\n\nAlthough I\u2019m still dreaming of the sandy beaches of Cancun, it\u2019s time to get back to reality. Security vulnerabilities never take a holiday and this week is no exception. In addition to our normal Digital Vaccine (DV) package delivered earlier this week, we also issued an out-of-band DV package to address zero-day vulnerabilities for Intel Active Management Technology (AMT) ([CVE-2017-5689](<https://nvd.nist.gov/vuln/detail/CVE-2017-5689>)) and Windows Defender ([CVE-2017-0290](<https://nvd.nist.gov/vuln/detail/CVE-2017-0290>)).\n\nThe Intel AMT vulnerability is an escalation of privilege vulnerability that allows an unprivileged attacker to gain control of the manageability features provided by the affected Intel AMT products. The Windows Defender vulnerability is much scarier because allows a remote attacker to take over a system without any interaction from the system owner. Just the mere execution of Windows Defender scanning an email or instant message from an attacker is enough. But don\u2019t worry \u2013 customers using TippingPoint solutions are protected from these vulnerabilities with the following DV filters:\n\n| \n\n * 28214: HTTP: Null response digest\n * 28221: HTTP: Microsoft Malware Protection Engine mpengine Type Confusion Vulnerability \n---|--- \n| \n \n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before May 9, 2017. Microsoft released patches for 55 new CVEs in Internet Explorer, Edge, Office, Windows, and .NET Framework. A total of 14 of these CVEs are rated Critical while the rest are rated Important in severity. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an (*) shipped prior to this DV package, providing zero-day protection for our customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [May 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/5/5/the-may-2017-security-update-review>):\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0064 | | Insufficient Vendor Information \nCVE-2017-0077 | 28112 | \nCVE-2017-0171 | | Insufficient Vendor Information \nCVE-2017-0175 | 28183 | \nCVE-2017-0190 | | Insufficient Vendor Information \nCVE-2017-0212 | | Insufficient Vendor Information \nCVE-2017-0213 | 28184 | \nCVE-2017-0214 | 28189 | \nCVE-2017-0220 | 28198 | \nCVE-2017-0221 | 28114 | \nCVE-2017-0222 | | Insufficient Vendor Information \nCVE-2017-0224 | | Insufficient Vendor Information \nCVE-2017-0226 | | Insufficient Vendor Information \nCVE-2017-0227 | 28130 | \nCVE-2017-0228 | *27538 | \nCVE-2017-0229 | | Insufficient Vendor Information \nCVE-2017-0230 | | Insufficient Vendor Information \nCVE-2017-0231 | | Insufficient Vendor Information \nCVE-2017-0233 | | Insufficient Vendor Information \nCVE-2017-0234 | *27532 | \nCVE-2017-0235 | | Insufficient Vendor Information \nCVE-2017-0236 | *27536 | \nCVE-2017-0238 | *27540 | \nCVE-2017-0240 | *27541, *27542 | \nCVE-2017-0241 | | Insufficient Vendor Information \nCVE-2017-0242 | | Insufficient Vendor Information \nCVE-2017-0243 | 28192 | \nCVE-2017-0244 | | Insufficient Vendor Information \nCVE-2017-0245 | 28185 | \nCVE-2017-0246 | 28111 | \nCVE-2017-0248 | | Insufficient Vendor Information \nCVE-2017-0254 | | Insufficient Vendor Information \nCVE-2017-0255 | | Insufficient Vendor Information \nCVE-2017-0258 | 28199 | \nCVE-2017-0259 | 28200 | \nCVE-2017-0261 | | Insufficient Vendor Information \nCVE-2017-0262 | | Insufficient Vendor Information \nCVE-2017-0263 | 28186 | \nCVE-2017-0264 | | Insufficient Vendor Information \nCVE-2017-0265 | | Insufficient Vendor Information \nCVE-2017-0266 | 28193 | \nCVE-2017-0267 | | Insufficient Vendor Information \nCVE-2017-0268 | | Insufficient Vendor Information \nCVE-2017-0269 | | Insufficient Vendor Information \nCVE-2017-0270 | | Insufficient Vendor Information \nCVE-2017-0271 | | Insufficient Vendor Information \nCVE-2017-0272 | | Insufficient Vendor Information \nCVE-2017-0273 | | Insufficient Vendor Information \nCVE-2017-0274 | | Insufficient Vendor Information \nCVE-2017-0275 | | Insufficient Vendor Information \nCVE-2017-0276 | | Insufficient Vendor Information \nCVE-2017-0277 | | Insufficient Vendor Information \nCVE-2017-0278 | | Insufficient Vendor Information \nCVE-2017-0279 | | Insufficient Vendor Information \nCVE-2017-0280 | | Insufficient Vendor Information \nCVE-2017-0281 | | Insufficient Vendor Information \n \n \n\n**Zero-Day Filters**\n\nThere are 14 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (5)_**\n\n| \n\n * 28094: ZDI-CAN-4564: Zero Day Initiative Vulnerability (Adobe Flash)\n * 28099: ZDI-CAN-4565: Zero Day Initiative Vulnerability (Adobe Flash)\n * 28100: ZDI-CAN-4566: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28101: ZDI-CAN-4567: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28202: ZDI-CAN-4715, 4716: Zero Day Initiative Vulnerability (Adobe Reader DC)**_ _** \n---|--- \n| \n \n**_EMC (6)_**\n\n| \n\n * 28102: ZDI-CAN-4694: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28103: ZDI-CAN-4695: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28104: ZDI-CAN-4696: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28105: ZDI-CAN-4698: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28106: ZDI-CAN-4699: Zero Day Initiative Vulnerability (EMC Data Protection Advisor)\n * 28107: ZDI-CAN-4710: Zero Day Initiative Vulnerability (EMC AppSync)**_ _** \n---|--- \n| \n \n**_NetGain (3)_**\n\n| \n\n * 28108: ZDI-CAN-4749: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)\n * 28109: ZDI-CAN-4750: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)\n * 28110: ZDI-CAN-4751: Zero Day Initiative Vulnerability (NetGain Enterprise Manager)**_ _** \n---|--- \n| \n \n**Updated Existing Zero-Day Filters**\n\nThis section highlights specific filter(s) of interest in this week\u2019s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its [Disclosure Policy](<http://zerodayinitiative.com/advisories/disclosure_policy/>).\n\nThree of the filters we have for this month\u2019s Microsoft bulletins are a direct result of the Zero Day Initiative\u2019s Pwn2Own contest held in March. These filters have been updated to reflect the fact that the vulnerabilities have been patched:\n\n| \n\n * 27532: HTTP: Microsoft Edge Chakra JIT Array Memory Corruption Vulnerability (Pwn2Own)\n * 27538: HTTP: Microsoft Edge Chakra Array Splice Use-After-Free Vulnerability (Pwn2Own)\n * 27540: HTTP: Microsoft Edge Chakra Array Unshift Buffer Overflow Vulnerability (Pwn2Own)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-1-2017/>).", "cvss3": {}, "published": "2017-05-12T16:47:57", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of May 8, 2017", "type": "trendmicroblog", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0226", "CVE-2017-0231", "CVE-2017-0244", "CVE-2017-0229", "CVE-2017-0190", "CVE-2017-0280", "CVE-2017-0228", "CVE-2017-0290", "CVE-2017-0248", "CVE-2017-5689", "CVE-2017-0272", "CVE-2017-0279", "CVE-2017-0271", "CVE-2017-0233", "CVE-2017-0270", "CVE-2017-0214", "CVE-2017-0235", "CVE-2017-0240", "CVE-2017-0269", "CVE-2017-0227", "CVE-2017-0259", "CVE-2017-0230", "CVE-2017-0220", "CVE-2017-0224", "CVE-2017-0281", "CVE-2017-0258", "CVE-2017-0274", "CVE-2017-0266", "CVE-2017-0275", "CVE-2017-0064", "CVE-2017-0263", "CVE-2017-0254", "CVE-2017-0238", "CVE-2017-0236", "CVE-2017-0278", "CVE-2017-0267", "CVE-2017-0212", "CVE-2017-0264", "CVE-2017-0077", "CVE-2017-0255", "CVE-2017-0221", "CVE-2017-0243", "CVE-2017-0277", "CVE-2017-0245", "CVE-2017-0273", "CVE-2017-0222", "CVE-2017-0268", "CVE-2017-0241", "CVE-2017-0242", "CVE-2017-0262", "CVE-2017-0213", "CVE-2017-0234", "CVE-2017-0265", "CVE-2017-0276", "CVE-2017-0171", "CVE-2017-0246", "CVE-2017-0261", "CVE-2017-0175"], "modified": "2017-05-12T16:47:57", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-may-8-2017/", "id": "TRENDMICROBLOG:278CA36BE7BE1D87941A99D03E2C3D5B", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}