Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.SMB_NT_MS03-041.NASL
HistoryOct 15, 2003 - 12:00 a.m.

MS03-041: Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

2003-10-1500:00:00
This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
www.tenable.com
14
JSON

The remote host contains a version of the Authenticode Verification module that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page.

An attacker may also be able to exploit the vulnerability by sending a malicious HTML email.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11886);
 script_version("1.41");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2003-0660");
 script_bugtraq_id(8830);
 script_xref(name:"MSFT", value:"MS03-041");
 script_xref(name:"CERT", value:"838572");
 script_xref(name:"MSKB", value:"823182");

 script_name(english:"MS03-041: Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)");
 script_summary(english:"Checks for hotfix Q823182");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web
client.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Authenticode Verification
module that could allow an attacker to execute arbitrary code on the
remote host by constructing a malicious web page and entice a victim to
visit this web page.

An attacker may also be able to exploit the vulnerability by sending a
malicious HTML email.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-041");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/15");
 script_set_attribute(attribute:"patch_publication_date", value:"2003/10/15");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/10/15");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS03-041';
kb = '823182';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(nt:'6', win2k:'2,4', xp:'0,1', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Cryptui.dll", version:"5.131.3790.67", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Cryptui.dll", version:"5.131.2600.1243", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:0, file:"Cryptui.dll", version:"5.131.2600.117", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Cryptui.dll", version:"5.131.2195.6758", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0", file:"Cryptui.dll", version:"5.131.1878.14", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

cert 1
openvas 2
cve 1
securityvulns 1
cert
cert
Microsoft Authenticode mechanism installs ActiveX controls without prompting user
2003-10-16 00:00:00
openvas
openvas
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
2005-11-03 00:00:00
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
2005-11-03 00:00:00
cve
cve
CVE-2003-0660
2003-11-17 05:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS03-041
2003-10-16 00:00:00
JSON
Related for SMB_NT_MS03-041.NASL
cert1openvas2cve1securityvulns1