Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.SMB_NT_MS09-028.NASL
HistoryJul 14, 2009 - 12:00 a.m.

MS09-028: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)

2009-07-1400:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
23
JSON

The DirectShow component included with the version of Microsoft DirectX installed on the remote host is affected by multiple vulnerabilities that may allow execution of arbitrary code when processing a specially crafted QuickTime media file.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(39791);
  script_version("1.25");
  script_cvs_date("Date: 2018/11/15 20:50:30");

  script_cve_id("CVE-2009-1537", "CVE-2009-1538", "CVE-2009-1539");
  script_bugtraq_id(35139, 35600, 35616);
  script_xref(name:"MSFT", value:"MS09-028");
  script_xref(name:"MSKB", value:"971633");

  script_name(english:"MS09-028: Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)");
  script_summary(english:"Checks version of Quartz.dll");

  script_set_attribute(attribute:"synopsis", value:
"It is possible to execute arbitrary code on the remote Windows host
using DirectX.");
  script_set_attribute(attribute:"description", value:
"The DirectShow component included with the version of Microsoft DirectX
installed on the remote host is affected by multiple vulnerabilities
that may allow execution of arbitrary code when processing a specially
crafted QuickTime media file.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-028");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for DirectX 7.0, 8.0 and
9.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
  script_cwe_id(20, 94);

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:directx");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS09-028';
kb = "971633";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);


get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (!get_kb_item("SMB/Registry/HKLM/SOFTWARE/Microsoft/DirectX/Version")) audit(AUDIT_NOT_INST, "DirectX");


rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 2003
  hotfix_is_vulnerable(os:"5.2", sp:2,             file:"Quartz.dll", version:"6.5.3790.4523", dir:"\System32", bulletin:bulletin, kb:kb) ||

  # Windows XP
  hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Quartz.dll", version:"6.5.2600.5822", dir:"\System32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x64", file:"Quartz.dll", version:"6.5.3790.4523", dir:"\System32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, arch:"x86", file:"Quartz.dll", version:"6.5.2600.3580", dir:"\System32", bulletin:bulletin, kb:kb) ||

  # Windows 2000
  hotfix_is_vulnerable(os:"5.0",                   file:"Quartz.dll", version:"6.5.1.911", min_version:"6.5.0.0", dir:"\System32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0",                   file:"Quartz.dll", version:"6.3.1.893", min_version:"6.3.0.0", dir:"\System32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0",                   file:"Quartz.dll", version:"6.1.9.736",                        dir:"\System32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftdirectxcpe:/a:microsoft:directx

Related

securityvulns 4
openvas 4
prion 3
checkpoint_advisories 5
cve 3
zdi 1
d2 1
seebug 2
saint 4
threatpost 1
securityvulns
securityvulns
Microsoft DirectShow multiple security vulnerabilities
2009-07-14 00:00:00
Microsoft Security Bulletin MS09-028 - Critical Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution &#40;971633&#41;
2009-07-14 00:00:00
ZDI-09-045: Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability
2009-07-14 00:00:00
openvas
openvas
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
2009-07-15 00:00:00
Microsoft DirectShow Remote Code Execution Vulnerability (961373)
2009-07-15 00:00:00
Microsoft DirectShow RCE Vulnerability
2009-06-01 00:00:00
prion
prion
Input validation
2009-07-15 15:30:00
Design/Logic Flaw
2009-05-29 18:30:00
Input validation
2009-07-15 15:30:00
checkpoint_advisories
checkpoint_advisories
Microsoft DirectShow Size Validation Remote Code Execution (MS09-028) - Ver2 (CVE-2009-1539)
2015-03-26 00:00:00
Microsoft DirectShow Size Validation Remote Code Execution (MS09-028; CVE-2009-1539)
2009-07-14 00:00:00
Microsoft DirectShow Pointer Validation Remote Code Execution (MS09-028; CVE-2009-1538)
2009-07-14 00:00:00
cve
cve
CVE-2009-1539
2009-07-15 15:30:00
CVE-2009-1538
2009-07-15 15:30:00
CVE-2009-1537
2009-05-29 18:30:00
zdi
zdi
Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability
2009-07-14 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_DIRECTSHOW
2009-05-29 18:30:00
seebug
seebug
Microsoft DirectX QuickTime媒体文件解析代码执行漏洞
2009-06-01 00:00:00
Microsoft DirectX QuickTime媒体文件解析代码执行漏洞(MS09-028)
2009-07-16 00:00:00
saint
saint
Microsoft DirectX DirectShow QuickTime movie parsing vulnerability
2009-06-03 00:00:00
Microsoft DirectX DirectShow QuickTime movie parsing vulnerability
2009-06-03 00:00:00
Microsoft DirectX DirectShow QuickTime movie parsing vulnerability
2009-06-03 00:00:00
threatpost
threatpost
Password Stealers Riding Along with DirectShow Exploits
2009-06-26 14:11:49
JSON
Related for SMB_NT_MS09-028.NASL
securityvulns4openvas4prion3checkpoint_advisories5cve3zdi1d21seebug2saint4threatpost1