Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2022 Tenable Network Security, Inc.SMB_KB954593.NASL
HistoryJan 24, 2018 - 12:00 a.m.

MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)

2018-01-2400:00:00
This script is Copyright (C) 2018-2022 Tenable Network Security, Inc.
www.tenable.com
33
JSON

The remote host is running a version of Windows that has multiple buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and BMP files that could allow an attacker to execute arbitrary code on the remote host.

To exploit these flaws, an attacker would need to send a malformed image file to a user on the remote host and wait for the user to open it using an affected Microsoft application.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(106298);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2007-5348",
    "CVE-2008-3012",
    "CVE-2008-3013",
    "CVE-2008-3014",
    "CVE-2008-3015"
  );
  script_bugtraq_id(
    31018,
    31019,
    31020,
    31021,
    31022
  );
  script_xref(name:"MSFT", value:"MS08-052");
  script_xref(name:"MSKB", value:"938464");
  script_xref(name:"MSKB", value:"954326");
  script_xref(name:"MSKB", value:"954478");
  script_xref(name:"MSKB", value:"954479");
  script_xref(name:"MSKB", value:"954606");

  script_name(english:"MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (uncredentialed check)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple arbitrary execution flaws.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Windows that has multiple
buffer overflow vulnerabilities when viewing VML, EMF, GIF, WMF and
BMP files that could allow an attacker to execute arbitrary code on
the remote host.

To exploit these flaws, an attacker would need to send a malformed
image file to a user on the remote host and wait for the user to
open it using an affected Microsoft application.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-052");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for SQL Server 2000 and
2005.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(119, 189, 399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/24");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2018-2022 Tenable Network Security, Inc.");

  script_dependencies("mssqlserver_detect.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports(1433, "Services/mssql");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

port = get_service(svc:"mssql", exit_on_fail:TRUE);

ver = get_kb_item("MSSQL/" + port + "/Version");
if (!ver) audit(AUDIT_SERVICE_VER_FAIL,"MSSQL", port);

v = split(ver, sep:".", keep:FALSE);
for (i=0; i < max_index(v); i++)
  v[i] = int(v[i]);

if (report_paranoia < 2) audit(AUDIT_PARANOID);
pcidss = get_kb_item("Settings/PCI_DSS");

vuln = 0;

if (pcidss && (v[0] == 8 && v[1] == 0 && v[2] < 534)) # 2000 < SP2
{
  vuln++;
  fix = "8.0.1062";
}
else if (v[0] == 8 && v[1] == 0 && (v[2] >= 1038 && v[2] < 1062))  # 2000 SP2
{
  vuln++;
  fix = "8.0.1062";
}
else if (pcidss && (v[0] == 9 && v[1] == 0 && v[2] < 3042)) # 2005 < SP2 
{
  vuln++;
  fix = "9.0.3072";
}
else if (v[0] == 9 && v[1] == 0 && (v[2] >= 3000 && v[2] < 3072)) # 2005 SP2 GDR
{
  vuln++;
  fix = "9.0.3072";
}
else if (v[0] == 9 && v[1] == 0 && (v[2] >= 3200 && v[2] < 3281))
{
  vuln++;
  fix = "9.0.3281";
}
if(vuln > 0)
{
  report = '\n  Installed Version : ' + ver;
  report +='\n  Fixed Version     : ' + fix +'\n';
  security_report_v4(severity:SECURITY_HOLE, port:port, extra:report);
}
else 
  audit(AUDIT_INST_VER_NOT_VULN, "MSSQL", ver);
VendorProductVersionCPE
microsoftsql_servercpe:/a:microsoft:sql_server

Related

securityvulns 7
openvas 2
nessus 1
mskb 1
checkpoint_advisories 9
cve 5
prion 5
seebug 5
zdi 2
securityvulns
securityvulns
Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution &#40;954593&#41;
2008-09-10 00:00:00
Microsoft Windows GDI library multiple security vulnerabilities
2008-09-10 00:00:00
iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability
2008-09-10 00:00:00
openvas
openvas
Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
2011-01-18 00:00:00
Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
2011-01-18 00:00:00
nessus
nessus
MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
2008-09-10 00:00:00
mskb
mskb
KB954593 - MS08-052: Vulnerabilities in GDI+ could allow remote code execution
2020-10-20 07:12:22
checkpoint_advisories
checkpoint_advisories
Microsoft Windows GDI+ WMF Parsing Buffer Overflow (MS08-052) - Ver2 (CVE-2008-3014)
2015-05-18 00:00:00
Microsoft Windows GDI+ WMF Parsing Buffer Overflow (MS08-052; CVE-2008-3014)
2008-09-09 00:00:00
Microsoft Windows GDI+ GIF Parsing Buffer Overflow (MS08-052; CVE-2008-3013)
2008-09-02 00:00:00
cve
cve
CVE-2008-3014
2008-09-11 01:11:00
CVE-2008-3015
2008-09-11 01:11:00
CVE-2008-3013
2008-09-11 01:11:00
prion
prion
Buffer overflow
2008-09-11 01:11:00
Integer overflow
2008-09-11 01:01:00
Code injection
2008-09-11 01:11:00
seebug
seebug
Microsoft GDI+ WMF文件远程代码执行漏洞(MS08-052)
2008-09-11 00:00:00
Microsoft GDI+ VML基于堆的缓冲区溢出漏洞(MS08-052)
2008-09-11 00:00:00
Microsoft GDI+ GIF文件远程代码执行漏洞(MS08-052)
2008-09-11 00:00:00
zdi
zdi
Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
2008-09-09 00:00:00
Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
2008-09-09 00:00:00
JSON
Related for SMB_KB954593.NASL
securityvulns7openvas2nessus1mskb1checkpoint_advisories9cve5prion5seebug5zdi2