4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.1%
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is installed on the remote system and is 3.x newer than or equal to 3.5 or 4.x prior to 4.0.4913.26122. It is, therefore, potentially affected by a security bypass vulnerability.
The application stores function addresses in a predictable way that could aid an attacker in bypassing Address Space Layout Randomization (ASLR) protections.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(71176);
script_version("1.4");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_cve_id("CVE-2013-6791");
script_bugtraq_id(64022);
script_name(english:"Microsoft EMET 3.x >= 3.5 / 4.x < 4.0.4913.26122 ASLR Security Bypass");
script_summary(english:"Checks Microsoft EMET version.");
script_set_attribute(attribute:"synopsis", value:
"A tool for mitigating security vulnerabilities is potentially affected
by a security bypass vulnerability.");
script_set_attribute(attribute:"description", value:
"Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is installed
on the remote system and is 3.x newer than or equal to 3.5 or 4.x prior
to 4.0.4913.26122. It is, therefore, potentially affected by a security
bypass vulnerability.
The application stores function addresses in a predictable way that
could aid an attacker in bypassing Address Space Layout Randomization
(ASLR) protections.");
# https://blogs.technet.microsoft.com/srd/2013/06/17/emet-4-0-now-available-for-download/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f42bd53d");
script_set_attribute(attribute:"solution", value:
"Upgrade to EMET 4.0.4913.26122 or later. A possible temporary
mitigation step is to disable EMET.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:enhanced_mitigation_experience_toolkit");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/17");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("microsoft_emet_installed.nasl");
script_require_keys("SMB/Microsoft/EMET/Path");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("smb_func.inc");
path = get_kb_item_or_exit("SMB/Microsoft/EMET/Path");
version = get_kb_item_or_exit("SMB/Microsoft/EMET/Version");
# Affected
# 3.5 or greater 3.x
# 4.x < 4.0.4913.26122 (proper release)
if (
ver_compare(ver:version, fix:'3.5', strict:FALSE) >= 0 &&
ver_compare(ver:version, fix:'4.0.4913.26122', strict:FALSE) < 0
)
{
port = kb_smb_transport();
if (!port) port = 445;
if(report_verbosity > 0)
{
report =
'\n' +
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : 4.0.4913.26122' +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "EMET", version, path);
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | enhanced_mitigation_experience_toolkit | cpe:/a:microsoft:enhanced_mitigation_experience_toolkit |