9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
30.0%
The remote host is using Sun Microsystems’s Java Media Framework (JMF).
There is a bug in the version installed that may allow an untrusted applet to crash the Java Virtual Machine it is being run on, or even to gain unauthorized privileges.
An attacker could exploit this flaw to execute arbitrary code on this host. To exploit this flaw, the attacker would need to trick a user into running a malicious Java applet.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(11635);
script_version("1.15");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_cve_id("CVE-2003-1572");
script_bugtraq_id(7612);
script_xref(name:"Secunia", value:"8792");
script_name(english:"Sun Java Media Framework (JMF) Arbitrary Code Execution");
script_summary(english:"Determines the presence of JMF");
script_set_attribute(attribute:"synopsis", value:
"A framework installed on the remote Windows host has a code execution
vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is using Sun Microsystems's Java Media Framework
(JMF).
There is a bug in the version installed that may allow an untrusted
applet to crash the Java Virtual Machine it is being run on, or even
to gain unauthorized privileges.
An attacker could exploit this flaw to execute arbitrary code on this
host. To exploit this flaw, the attacker would need to trick a user
into running a malicious Java applet.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Jun/219");
script_set_attribute(
attribute:"see_also",
value:"https://download.oracle.com/sunalerts/1000986.1.html"
);
script_set_attribute(attribute:"solution", value:"Upgrade to JMF 2.1.1e or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/05/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
include("audit.inc");
if ( ! get_kb_item("SMB/Registry/Enumerated") ) exit(1);
port = kb_smb_transport();
if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');
r = NetUseAdd(login:kb_smb_login(), password:kb_smb_password(), domain:kb_smb_domain(), share:"IPC$");
if ( r != 1 ) exit(1);
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) )
{
NetUseDel();
exit(1);
}
key_h = RegOpenKey(handle:hklm, key:"SOFTWARE\Sun Microsystems, Inc.\JMF", mode:MAXIMUM_ALLOWED);
if ( isnull(key_h) )
{
RegCloseKey(handle:hklm);
NetUseDel();
exit(0);
}
item = RegQueryValue(handle:key_h, item:"LatestVersion");
RegCloseKey(handle:key_h);
RegCloseKey(handle:hklm);
NetUseDel();
if ( isnull(item) ) exit(1);
if(ereg(pattern:"^([0-1]\.|2\.0|2\.1\.0|2\.1\.1($|[a-d]))$", string:item[1]))security_hole(port);