Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.SMB_NT_MS04-012.NASL
HistoryApr 13, 2004 - 12:00 a.m.

MS04-012: Microsoft Hotfix (credentialed check) (828741)

2004-04-1300:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
85
JSON

The remote host has multiple bugs in its RPC/DCOM implementation (828741).

An attacker could exploit one of these flaws to execute arbitrary code on the remote system.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(12206);
 script_version("1.45");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id(
   "CVE-2003-0813",
   "CVE-2004-0116",
   "CVE-2003-0807",
   "CVE-2004-0124"
 );
 script_bugtraq_id(10121, 10123, 10127, 8811);
 script_xref(name:"CERT", value:"547820");
 script_xref(name:"CERT", value:"698564");
 script_xref(name:"CERT", value:"212892");
 script_xref(name:"MSFT", value:"MS04-012");
 script_xref(name:"MSKB", value:"828741");

 script_name(english:"MS04-012: Microsoft Hotfix (credentialed check) (828741)");
 script_summary(english:"Checks for ms04-012");

 script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote host has multiple bugs in its RPC/DCOM implementation
(828741).

An attacker could exploit one of these flaws to execute arbitrary code
on the remote system.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2004/ms04-012");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/10");
 script_set_attribute(attribute:"patch_publication_date", value:"2004/04/13");
 script_set_attribute(attribute:"plugin_publication_date", value:"2004/04/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS04-012';
kb = '828741';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(nt:'6', win2k:'2,4', xp:'0,1', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"Rpcrt4.dll", version:"5.2.3790.137", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Rpcrt4.dll", version:"5.1.2600.1361", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:0, file:"Rpcrt4.dll", version:"5.1.2600.135", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Rpcrt4.dll", version:"5.0.2195.6904", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0", file:"Rpcrt4.dll", version:"4.0.1381.7230", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0", file:"Rpcrt4.dll", version:"4.0.1381.33551", min_version:"4.0.1381.33000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

nessus 1
securityvulns 2
cert 4
cve 5
checkpoint_advisories 1
nessus
nessus
MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741) (uncredentialed check)
2007-03-16 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS04-012
2004-04-14 00:00:00
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products
2004-04-14 00:00:00
cert
cert
Microsoft Windows DCOM/RPC vulnerability
2003-10-14 00:00:00
Microsoft CIS and RPC over HTTP Proxy components fail to properly handle responses
2004-04-14 00:00:00
Microsoft Windows creates COM object identifiers incorrectly
2004-04-14 00:00:00
cve
cve
CVE-2004-0124
2004-06-01 04:00:00
CVE-2003-0807
2004-06-01 04:00:00
CVE-2004-0116
2004-06-01 04:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft RPCSS Denial of Service RPCSYSAC badUNClen - Ver2 (CVE-2004-0116)
2015-03-26 00:00:00
JSON
Related for SMB_NT_MS04-012.NASL
nessus1securityvulns2cert4cve5checkpoint_advisories1