Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.SMB_NT_MS07-010.NASL
HistoryFeb 13, 2007 - 12:00 a.m.

MS07-010: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)

2007-02-1300:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
85
JSON

The remote host is running a version of Windows Malware Protection engine that is vulnerable to a bug in the PDF file handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted file.

#
# Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(24334);
 script_version("1.29");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2006-5270");
 script_bugtraq_id(22479);
 script_xref(name:"MSFT", value:"MS07-010");
 script_xref(name:"MSKB", value:"932135");
 
 script_xref(name:"CERT", value:"511577");

 script_name(english:"MS07-010: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)");
 script_summary(english:"Determines the version of Malware Protection Engine");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the
AntiMalware program.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Windows Malware Protection
engine that is vulnerable to a bug in the PDF file handling routine
that could allow an attacker execute arbitrary code on the remote host
by sending a specially crafted file.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-010");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Defender and Live
OneCare.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/13");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/02/13");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:antigen");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:forefront_security");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:malware_protection_engine");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:windows_defender");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:windows_live_onecare");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");


include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS07-010';
kbs = make_list("932135");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);


login	=  kb_smb_login();
pass  	=  kb_smb_password();
domain 	=  kb_smb_domain();
port    =  kb_smb_transport();

if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init");

r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (r != 1)
{
  NetUseDel();
  audit(AUDIT_SHARE_FAIL,"IPC$");
}

hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
  NetUseDel();
  audit(AUDIT_REG_FAIL);
}

keys = make_list (
	"SOFTWARE\Microsoft\Windows Defender\Signature Updates",
	"SOFTWARE\Microsoft\OneCare Protection\Signature Updates"
	);

foreach key (keys)
{
 value = NULL;
 item = "EngineVersion";
 key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
 if (!isnull(key_h))
 {
  value = RegQueryValue(handle:key_h, item:item);
  RegCloseKey(handle:key_h);
 }

 if (!isnull(value))
 {
  v = split(value[1], sep:".", keep:FALSE);

  if ( ( (int(v[0]) == 1) && (int(v[1]) < 1) ) ||
       ( (int(v[0]) == 1) && (int(v[1]) == 1) && (int(v[2]) < 2101) ) )
  {
 {
 set_kb_item(name:"SMB/Missing/MS07-010", value:TRUE);
 info =
   '\n  Installed version : ' + value[1] +
   '\n  Fixed version : 1.1.2101.0\n';
 hotfix_add_report(info, bulletin:"MS07-010", kb:"932135");
 hotfix_security_hole();
 }
   break;
  }
 }
}


RegCloseKey(handle:hklm);
NetUseDel();
VendorProductVersionCPE
microsoftantigencpe:/a:microsoft:antigen
microsoftforefront_securitycpe:/a:microsoft:forefront_security
microsoftmalware_protection_enginecpe:/a:microsoft:malware_protection_engine
microsoftwindows_defendercpe:/a:microsoft:windows_defender
microsoftwindows_live_onecarecpe:/a:microsoft:windows_live_onecare

Related

securityvulns 2
cert 1
cve 1
securityvulns
securityvulns
Microsoft Malware Protection integer overflow
2007-02-13 00:00:00
Microsoft Security Bulletin MS07-010 Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution &#40;932135&#41;
2007-02-13 00:00:00
cert
cert
Microsoft Malware Protection Engine fails to properly process a specially crafted PDF File
2007-02-20 00:00:00
cve
cve
CVE-2006-5270
2007-02-13 20:28:00
JSON
Related for SMB_NT_MS07-010.NASL
securityvulns2cert1cve1