Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.SMB_NT_MS10-090.NASL
HistoryDec 15, 2010 - 12:00 a.m.

MS10-090: Cumulative Security Update for Internet Explorer (2416400)

2010-12-1500:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
16
JSON

The remote host is missing Internet Explorer (IE) Security Update 2416400.

The remote version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(51162);
  script_version("1.29");
  script_cvs_date("Date: 2018/11/15 20:50:30");

  script_cve_id(
    "CVE-2010-3340",
    "CVE-2010-3342",
    "CVE-2010-3343",
    "CVE-2010-3345",
    "CVE-2010-3346",
    "CVE-2010-3348",
    "CVE-2010-3962"
  );
  script_bugtraq_id(
    44536,
    45255,
    45256,
    45259,
    45260,
    45261,
    45263
  );
  script_xref(name:"CERT", value:"899748");
  script_xref(name:"EDB-ID", value:"15421");
  script_xref(name:"EDB-ID", value:"15418");
  script_xref(name:"MSFT", value:"MS10-090");
  script_xref(name:"MSKB", value:"2416400");

  script_name(english:"MS10-090: Cumulative Security Update for Internet Explorer (2416400)");
  script_summary(english:"Checks version of Mshtml.dll");

  script_set_attribute(
    attribute:"synopsis",
    value:
"Arbitrary code can be executed on the remote host through a web
browser."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is missing Internet Explorer (IE) Security Update
2416400.

The remote version of IE is affected by several vulnerabilities that
may allow an attacker to execute arbitrary code on the remote host."
  );
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-090");
  script_set_attribute(
    attribute:"solution",
    value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
and 2008 R2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-13-157");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS10-090';
kbs = make_list("2416400");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'1,2', win7:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

kb = "2416400";
if (
  # Windows 7 and Windows Server 2008 R2
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"8.0.7600.20831", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"8.0.7600.16700", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / Windows 2008
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.0",       file:"Mshtml.dll", version:"8.0.6001.23091", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0",       file:"Mshtml.dll", version:"8.0.6001.18999", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.22511", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18332", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.22784", min_version:"7.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.18542", min_version:"7.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003 / XP 64-bit
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.18999", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17093", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.4795",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows XP x86
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.18999", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17093", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6049",  min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
  )
{
  set_kb_item(name:"SMB/Missing/MS10-090", value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

securityvulns 5
openvas 2
mskb 1
prion 7
cve 7
checkpoint_advisories 8
zdi 2
saint 8
symantec 5
jvn 4
packetstorm 3
seebug 1
canvas 1
exploitpack 1
cert 1
thn 1
exploitdb 1
threatpost 2
securityvulns
securityvulns
Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer &#40;2416400&#41;
2010-12-15 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2010-12-16 00:00:00
VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability &#40;VUPEN-SR-2010-199&#41;
2010-12-16 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2416400)
2010-12-15 00:00:00
mskb
mskb
MS10-090: Cumulative security update for Internet Explorer
2014-06-21 14:33:28
prion
prion
Information disclosure
2010-12-16 19:33:00
Information disclosure
2010-12-16 19:33:00
Memory corruption
2010-12-16 19:33:00
cve
cve
CVE-2010-3342
2010-12-16 19:33:00
CVE-2010-3348
2010-12-16 19:33:00
CVE-2010-3345
2010-12-16 19:33:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer HTML Time Element Memory Corruption (MS10-090; CVE-2010-3346)
2010-12-14 00:00:00
Internet Explorer 8 HTML Element Memory Corruption (MS10-090; CVE-2010-3345)
2010-12-14 00:00:00
Internet Explorer 6 HTML Object Memory Corruption (MS10-090; CVE-2010-3343)
2010-12-14 00:00:00
zdi
zdi
Microsoft Internet Explorer Recursive Select Element Remote Code Execution Vulnerability
2010-12-14 00:00:00
Microsoft Internet Explorer HTML+Time Element outerText Remote Code Execution Vulnerability
2010-12-14 00:00:00
saint
saint
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
Internet Explorer HTML+TIME element OuterText memory corruption
2010-12-16 00:00:00
symantec
symantec
Microsoft Internet Explorer Uninitialized Object CVE-2010-3343 Memory Corruption Vulnerability
2010-12-14 00:00:00
Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability
2010-12-14 00:00:00
Microsoft Internet Explorer Uninitialized Object CVE-2010-3340 Memory Corruption Vulnerability
2010-12-14 00:00:00
jvn
jvn
JVN#21120853: Internet Explorer vulnerable to cross-site scripting
2010-12-15 00:00:00
JVN#30273074: Internet Explorer vulnerable to cross-site scripting
2010-12-15 00:00:00
JVN#62275332: Internet Explorer vulnerable to cross-site scripting
2010-12-15 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer 6 / 7 / 8 Memory Corruption
2010-11-05 00:00:00
Internet Explorer CSS SetUserClip Memory Corruption
2010-12-14 00:00:00
Internet Explorer CSS Tags Memory Corruption
2010-11-05 00:00:00
seebug
seebug
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
2010-11-05 00:00:00
canvas
canvas
Immunity Canvas: IE_SETUSERCLIP
2010-11-05 17:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 678 - Memory Corruption
2010-11-04 00:00:00
cert
cert
Microsoft Internet Explorer invalid flag reference vulnerability
2010-11-03 00:00:00
thn
thn
Top 5 most serious internet security holes !
2010-12-23 23:51:00
exploitdb
exploitdb
Microsoft Internet Explorer 6/7/8 - Memory Corruption
2010-11-04 00:00:00
threatpost
threatpost
New Remotely Exploitable Bug Found in Internet Explorer
2010-12-10 14:22:34
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31
JSON
Related for SMB_NT_MS10-090.NASL
securityvulns5openvas2mskb1prion7cve7checkpoint_advisories8zdi2saint8symantec5jvn4packetstorm3seebug1canvas1exploitpack1cert1thn1exploitdb1threatpost2