Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.SMB_NT_MS07-043.NASL
HistoryAug 14, 2007 - 12:00 a.m.

MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

2007-08-1400:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
8
JSON

The remote host contains a version of Microsoft Windows that is affected by a vulnerability in the OLE Automation component that could be abused by an attacker to execute arbitrary code on the remote host.

An attacker may be able to execute arbitrary code on the remote host by constructing a malicious script and enticing a victim to visit a web site or view a specially crafted email message.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(25881);
 script_version("1.32");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2007-2224");
 script_bugtraq_id(25282);
 script_xref(name:"MSFT", value:"MS07-043");
 script_xref(name:"MSKB", value:"921503");
 

 script_name(english:"MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)");
 script_summary(english:"Determines the presence of update 921503");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web or
email client.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of Microsoft Windows that is
affected by a vulnerability in the OLE Automation component that could
be abused by an attacker to execute arbitrary code on the remote host.

An attacker may be able to execute arbitrary code on the remote host by
constructing a malicious script and enticing a victim to visit a web
site or view a specially crafted email message.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-043");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(119,189);

 script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/14");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/08/14");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/14");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_basic");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS07-043';
kb = '921503';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'2', win2003:'1,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Oleaut32.dll", version:"5.2.3790.4098", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"Oleaut32.dll", version:"5.2.3790.2955", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Oleaut32.dll", version:"5.1.2600.3139", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Oleaut32.dll", version:"2.40.4531.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftvisual_basiccpe:/a:microsoft:visual_basic

Related

prion 1
securityvulns 4
checkpoint_advisories 1
cve 1
nessus 1
prion
prion
Integer overflow
2007-08-14 21:17:00
securityvulns
securityvulns
Microsoft Windows OLE Automation memory corruption
2007-08-15 00:00:00
Microsoft Security Bulletin MS07-043 - Critical Vulnerability in OLE Automation Could Allow Remote Code Execution &#40;921503&#41;
2007-08-14 00:00:00
[Full-disclosure] ZDI-07-048: Microsoft Internet Explorer substringData&#40;&#41; Heap Overflow Vulnerability
2007-08-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft OLE Automation String Manipulation Heap Overflow (MS07-043; CVE-2007-2224)
2010-02-08 00:00:00
cve
cve
CVE-2007-2224
2007-08-14 21:17:00
nessus
nessus
MS07-043 / MS07-044: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (921503 / 940965) (Mac OS X)
2010-10-20 00:00:00
JSON
Related for SMB_NT_MS07-043.NASL
prion1securityvulns4checkpoint_advisories1cve1nessus1