Lucene search
This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS09-074.NASLHistoryDec 08, 2009 - 12:00 a.m.
MS09-074: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
2009-12-0800:00:00
This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
The remote host contains a version of Microsoft Project that has a vulnerability in the way it validates memory that could be used by an attacker to execute arbitrary code on the remote host.
To exploit this vulnerability, an attacker would need to spend a specially crafted Project document to a user on the remote host and lure him into opening it.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(43066);
script_version("1.23");
script_cvs_date("Date: 2018/11/15 20:50:30");
script_cve_id("CVE-2009-0102");
script_bugtraq_id(37211);
script_xref(name:"MSFT", value:"MS09-074");
script_xref(name:"MSKB", value:"961082");
script_xref(name:"MSKB", value:"961083");
script_xref(name:"MSKB", value:"961079");
script_name(english:"MS09-074: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)");
script_summary(english:"Determines the presence of update 967183");
script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through Microsoft
Project.");
script_set_attribute(attribute:"description", value:
"The remote host contains a version of Microsoft Project that has a
vulnerability in the way it validates memory that could be used by an
attacker to execute arbitrary code on the remote host.
To exploit this vulnerability, an attacker would need to spend a
specially crafted Project document to a user on the remote host and
lure him into opening it.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-074");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Microsoft Project 2000,
2002 and 2003.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(399);
script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/08");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_project");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:project");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Windows : Microsoft Bulletins");
script_dependencies("smb_hotfixes.nasl", "smb_nt_ms02-031.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports("SMB/Office/Project/Version", "Host/patch_management_checks");
exit(0);
}
include("smb_func.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
include("smb_hotfixes.inc");
include("audit.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS09-074';
kbs = make_list("961082", "961083", "961079");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
vers9 = make_list(9, 0,2009, 1022);
vers10 = make_list(10,0,2108,2216);
vers11 = make_list(11,3,2009,1108);
vuln = 0;
installs = get_kb_list_or_exit("SMB/Office/Project/*/ProductPath");
foreach install (keys(installs))
{
version = install - 'SMB/Office/Project/' - '/ProductPath';
path = installs[install];
vers = split(version, sep:'.', keep:FALSE);
for (i=0; i < max_index(vers); i++) vers[i] = int(vers[i]);
kb = '';
if ( vers[0] == 9 )
{
ref = vers9;
kb = '961083';
}
else if ( vers[0] == 10 )
{
ref = vers10;
kb = '961079';
}
else if ( vers[0] == 11 )
{
ref = vers11;
kb = '961082';
}
if (kb)
{
for (i=0; i < max_index(vers); i++)
{
if (vers[i] < ref[i])
{
vuln++;
info =
'\n Path : ' + path +
'\n Installed version : ' + str +
'\n Fixed version : ' + join(ref, sep:'.') + '\n';
hotfix_add_report(info, bulletin:bulletin, kb:kb);
}
else if (vers[i] > ref[i]) break;
}
}
}
if (vuln)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
exit(0);
}
else audit(AUDIT_HOST_NOT, 'affected');
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | office_project | cpe:/a:microsoft:office_project | |
| microsoft | project | cpe:/a:microsoft:project |
Related
openvas
openvas
Microsoft Office Project Remote Code Execution Vulnerability (967183)
2009-12-14 00:00:00
Microsoft Office Project Remote Code Execution Vulnerability (967183)
2009-12-14 00:00:00
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
Microsoft Security Bulletin MS09-074 - Critical Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
2009-12-09 00:00:00
Fortinet Advisory: Fortinet Discovers Microsoft Office Project Vulnerability
2009-12-09 00:00:00
Microsoft Project memory corruption
2009-12-09 00:00:00
seebug
seebug
Microsoft Project无效资源内存分配远程代码执行漏洞(MS09-074)
2009-12-12 00:00:00
prion
prion
Input validation
2009-12-09 18:30:00
cve
cve
CVE-2009-0102
2009-12-09 18:30:00
Related for SMB_NT_MS09-074.NASL