Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.SMB_NT_MS09-002.NASL
HistoryFeb 11, 2009 - 12:00 a.m.

MS09-002: Cumulative Security Update for Internet Explorer (961260)

2009-02-1100:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
24
JSON

The remote host is missing IE Security Update 961260.

The remote version of IE is affected by two memory corruption vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(35630);
  script_version("1.32");
  script_cvs_date("Date: 2018/11/15 20:50:30");

  script_cve_id("CVE-2009-0075", "CVE-2009-0076");
  script_bugtraq_id(33627, 33628);
  script_xref(name:"MSFT", value:"MS09-002");
  script_xref(name:"MSKB", value:"961260");
  script_xref(name:"EDB-ID", value:"8077");
  script_xref(name:"EDB-ID", value:"16555");

  script_name(english:"MS09-002: Cumulative Security Update for Internet Explorer (961260)");
  script_summary(english:"Determines the presence of update 961260");

  script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web
client.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing IE Security Update 961260.

The remote version of IE is affected by two memory corruption
vulnerabilities that may allow an attacker to execute arbitrary code on
the remote host.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-002");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-09-011/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-09-012/");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista and
2008.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS09-002 Microsoft Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS09-002';
kb = "961260";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);


get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'2,3', win2003:'1,2', vista:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Vista / Windows 2008
  hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"8.0.6001.22352", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"8.0.6001.18259", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.22355", min_version:"7.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.18203", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Mshtml.dll", version:"7.0.6000.20996", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Mshtml.dll", version:"7.0.6000.16809", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"8.0.6001.22352", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"8.0.6001.18259", min_version:"8.0.6001.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"7.0.6000.20996", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"7.0.6000.16809", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows XP
  hotfix_is_vulnerable(os:"5.1", file:"Mshtml.dll", version:"8.0.6001.22352", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", file:"Mshtml.dll", version:"8.0.6001.18259", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", file:"Mshtml.dll", version:"7.0.6000.20996", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", file:"Mshtml.dll", version:"7.0.6000.16809", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftiecpe:/a:microsoft:ie

Related

mskb 1
openvas 2
securityvulns 4
prion 3
seebug 2
checkpoint_advisories 5
cve 3
zdi 2
saint 4
packetstorm 1
canvas 1
mskb
mskb
MS09-002: Cumulative security update for Internet Explorer
2018-04-17 18:59:42
openvas
openvas
Cumulative Security Update for Internet Explorer (961260)
2009-02-11 00:00:00
Cumulative Security Update for Internet Explorer (961260)
2009-02-11 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2009-02-11 00:00:00
Microsoft Security Bulletin MS09-002 - Critical Cumulative Security Update for Internet Explorer &#40;961260&#41;
2009-02-11 00:00:00
ZDI-09-012: Microsoft Internet Explorer Malformed CSS Memory Corruption
2009-02-11 00:00:00
prion
prion
Memory corruption
2009-02-10 22:30:00
Memory corruption
2009-02-10 22:30:00
Design/Logic Flaw
2010-03-29 19:30:00
seebug
seebug
Microsoft IE畸形CSS处理内存破坏漏洞(MS09-002)
2009-02-13 00:00:00
Microsoft IE CFunctionPointer函数内存破坏漏洞(MS09-002)
2009-02-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer CSS Memory Corruption (MS09-002; CVE-2009-0076)
2009-02-10 00:00:00
Internet Explorer CSS Memory Corruption (MS09-002) - Ver2 (CVE-2009-0076)
2014-12-28 00:00:00
Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2009-0075)
2020-09-09 00:00:00
cve
cve
CVE-2009-0076
2009-02-10 22:30:00
CVE-2009-0075
2009-02-10 22:30:00
CVE-2010-1176
2010-03-29 19:30:00
zdi
zdi
Microsoft Internet Explorer Malformed CSS Memory Corruption Vulnerability
2009-02-10 00:00:00
Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability
2009-02-10 00:00:00
saint
saint
Internet Explorer deleted object memory corruption
2009-02-23 00:00:00
Internet Explorer deleted object memory corruption
2009-02-23 00:00:00
Internet Explorer deleted object memory corruption
2009-02-23 00:00:00
packetstorm
packetstorm
Internet Explorer 7 Uninitialized Memory Corruption Vulnerability
2009-11-26 00:00:00
canvas
canvas
Immunity Canvas: MS09_002
2009-02-10 22:30:00
JSON
Related for SMB_NT_MS09-002.NASL
mskb1openvas2securityvulns4prion3seebug2checkpoint_advisories5cve3zdi2saint4packetstorm1canvas1