Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.SMB_NT_MS07-067.NASL
HistoryDec 11, 2007 - 12:00 a.m.

MS07-067: Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

2007-12-1100:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
13
JSON

Macrovision SafeDisc, a copy-protection application for Microsoft Windows, is installed on the remote host.

The ‘SECDRV.SYS’ driver included with the version of SafeDisc currently installed on the remote host enables a local user to gain SYSTEM privileges using a specially crafted argument to the METHOD_NEITHER IOCTL.

#
# Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(29311);
 script_version("1.28");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2007-5587");
 script_bugtraq_id(26121);
 script_xref(name:"MSFT", value:"MS07-067");
 script_xref(name:"MSKB", value:"944653");
 
 script_xref(name:"EDB-ID", value:"30680");

 script_name(english:"MS07-067: Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)");
 script_summary(english:"Determines the presence of update 944653");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a kernel driver that is prone to a
local privilege escalation attack.");
 script_set_attribute(attribute:"description", value:
"Macrovision SafeDisc, a copy-protection application for Microsoft
Windows, is installed on the remote host.

The 'SECDRV.SYS' driver included with the version of SafeDisc currently
installed on the remote host enables a local user to gain SYSTEM
privileges using a specially crafted argument to the METHOD_NEITHER
IOCTL.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-067");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP and 2003.");
 script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_cwe_id(119,264);

 script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/17");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "macrovision_secdrv_priv_escalation.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS07-067';
kb = "944653";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'2', win2003:'1,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

vuln = 0;
if (hotfix_check_sp_range(xp:'2') > 0)
{
  if (get_kb_item("Host/SMB/secdrv/CVE-2007-5587"))
  {
    vuln++;
    hotfix_add_report(bulletin:bulletin, kb:kb);
  }
}
else if (hotfix_check_sp_range(win2003:'1,2') > 0)
{
  if (hotfix_is_vulnerable(os:"5.2", file:"secdrv.sys", version:"4.3.86.0", dir:"\system32\drivers", bulletin:bulletin, kb:kb)) vuln++;
  hotfix_check_fversion_end();
}

if (vuln)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

securityvulns 2
prion 2
nessus 1
canvas 1
cve 2
kaspersky 1
cvelist 1
securityvulns
securityvulns
Microsoft Security Bulletin MS07-067 – Important Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege &#40;944653&#41;
2007-12-12 00:00:00
Microsoft Windows SafeDisk driver buffer overflow
2007-12-12 00:00:00
prion
prion
Buffer overflow
2007-10-19 21:17:00
Design/Logic Flaw
2007-10-19 21:17:00
nessus
nessus
Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow
2007-11-13 00:00:00
canvas
canvas
Immunity Canvas: MS07_067
2007-10-19 21:17:00
cve
cve
CVE-2007-5587
2007-10-19 21:17:00
CVE-2007-5586
2007-10-19 21:17:00
kaspersky
kaspersky
KLA10257 Vulnerability in Macrovision SafeDisc
2007-10-19 00:00:00
cvelist
cvelist
CVE-2007-5587
2007-10-19 21:00:00
JSON
Related for SMB_NT_MS07-067.NASL
securityvulns2prion2nessus1canvas1cve2kaspersky1cvelist1