Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS10-103.NASL
HistoryDec 15, 2010 - 12:00 a.m.

MS10-103: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)

2010-12-1500:00:00
This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

The Publisher component of Microsoft Office installed on the remote host has multiple memory corruption vulnerabilities.

A remote attacker could exploit these by tricking a user into opening a specially crafted Publisher file, resulting in remote code execution.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(51175);
  script_version("1.25");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");

  script_cve_id(
    "CVE-2010-2569",
    "CVE-2010-2570",
    "CVE-2010-2571",
    "CVE-2010-3954",
    "CVE-2010-3955"
  );
  script_bugtraq_id(
    45277,
    45279,
    45280,
    45281,
    45282
  );
  script_xref(name:"IAVA", value:"2010-A-0171-S");
  script_xref(name:"MSFT", value:"MS10-103");
  script_xref(name:"MSKB", value:"2284692");
  script_xref(name:"MSKB", value:"2284695");
  script_xref(name:"MSKB", value:"2284697");
  script_xref(name:"MSKB", value:"2409055");

  script_name(english:"MS10-103: Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)");
  script_summary(english:"Checks the version of publisher");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The version of Microsoft Office installed on the remote host has
multiple memory corruption vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The Publisher component of Microsoft Office installed on the remote
host has multiple memory corruption vulnerabilities.

A remote attacker could exploit these by tricking a user into opening
a specially crafted Publisher file, resulting in remote code
execution."
  );
  # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-103
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?21958e1a");
  script_set_attribute(
    attribute:"solution",
    value:
"Microsoft has released a set of patches for Microsoft Office XP, 2003,
2007, and 2010."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:publisher");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_nt_ms02-031.nasl", "office_installed.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS10-103';
kbs = make_list("2284692", "2284695", "2284697", "2409055");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

installs = get_kb_list_or_exit("SMB/Office/Publisher/*/ProductPath");
foreach install (keys(installs))
{
  version = install - 'SMB/Office/Publisher/' - '/ProductPath';
  path = installs[install];

  v = split(version, sep:'.', keep:FALSE);
  for (i = 0; i < max_index(v); i++)
    v[i] = int(v[i]);


  kb = "";
  info = NULL;
  # Office XP SP3
  if (v[0] == 10 && v[1] == 0 && v[2] < 6867)
  {
    info = '\n  Product           : Publisher 2002'+
           '\n  File              : '+path+
           '\n  Installed version : '+version+
           '\n  Fixed version     : 10.0.6867.0\n';
    kb = "2284692";
  }
  # Office 2003 SP3
  else if (v[0] == 11 && v[1] == 0 && v[2] < 8329)
  {
    info = '\n  Product           : Publisher 2003'+
           '\n  File              : '+path+
           '\n  Installed version : '+version+
           '\n  Fixed version     : 11.0.8329.0\n';
    kb = "2284695";
  }
  # Office 2007 SP1/SP2
  else if (v[0] == 12 && v[1] == 0 && (v[2] < 6546 || (v[2] == 6546 && v[3] < 5000)))
  {
    info = '\n  Product           : Publisher 2007'+
           '\n  File              : '+path+
           '\n  Installed version : '+version+
           '\n  Fixed version     : 12.0.6546.5000\n';
    kb = "2284697";
  }
  # Office 2010
  else if (v[0] == 14 && v[1] == 0 && (v[2] < 5126 || (v[2] == 5126 && v[3] < 5000)))
  {
    info = '\n  Product           : Publisher 2010'+
           '\n  File              : '+path+
           '\n  Installed version : '+version+
           '\n  Fixed version     : 14.0.5126.5000\n';
    kb = "2409055";
  }
  if (info)
  {
    vuln++;
    hotfix_add_report(info, bulletin:bulletin, kb:kb);
  }
}

if (vuln)
{
  set_kb_item(name:'SMB/Missing/MS10-103', value:TRUE);
  hotfix_security_hole();
  exit(0);
}
else audit(AUDIT_HOST_NOT, 'affected');
VendorProductVersionCPE
microsoftofficecpe:/a:microsoft:office
microsoftpublishercpe:/a:microsoft:publisher

Related

openvas 2
mskb 1
securityvulns 5
checkpoint_advisories 5
prion 5
cve 5
symantec 1
openvas
openvas
Microsoft Publisher Remote Code Execution Vulnerability (2292970)
2010-12-15 00:00:00
Microsoft Publisher Remote Code Execution Vulnerability (2292970)
2010-12-15 00:00:00
mskb
mskb
MS10-103: Vulnerabilities in Microsoft Publisher could allow remote code execution
2014-06-21 14:22:32
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2010-12-28 00:00:00
VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability &#40;VUPEN-SR-2010-200&#41;
2010-12-16 00:00:00
VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability &#40;VUPEN-SR-2010-041&#41;
2010-12-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Publisher pubconv.dll Size Value Heap Corruption (MS10-103) - Ver2 (CVE-2010-2569)
2014-04-16 00:00:00
Microsoft Office Publisher pubconv.dll Size Value Heap Corruption (MS10-103; CVE-2010-2569)
2010-12-14 00:00:00
Microsoft Office Publisher pubconv.dll Heap Overrun (MS10-103; CVE-2010-2570)
2010-12-14 00:00:00
prion
prion
Design/Logic Flaw
2010-12-16 19:33:00
Heap overflow
2010-12-16 19:33:00
Memory corruption
2010-12-16 19:33:00
cve
cve
CVE-2010-2569
2010-12-16 19:33:00
CVE-2010-2570
2010-12-16 19:33:00
CVE-2010-3954
2010-12-16 19:33:00
symantec
symantec
Microsoft Publisher (CVE-2010-3954) Memory Corruption Remote Code Execution Vulnerability
2010-12-14 00:00:00
JSON
Related for SMB_NT_MS10-103.NASL
openvas2mskb1securityvulns5checkpoint_advisories5prion5cve5symantec1