Lucene search
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SMB_NT_MS11-050.NASLHistoryJun 15, 2011 - 12:00 a.m.
MS11-050: Cumulative Security Update for Internet Explorer (2530548)
2011-06-1500:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
31
The remote host is missing Internet Explorer (IE) Security Update 2497640.
The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(55130);
script_version("1.27");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id(
"CVE-2011-1246",
"CVE-2011-1250",
"CVE-2011-1251",
"CVE-2011-1252",
"CVE-2011-1254",
"CVE-2011-1255",
"CVE-2011-1256",
"CVE-2011-1258",
"CVE-2011-1260",
"CVE-2011-1261",
"CVE-2011-1262"
);
script_bugtraq_id(
48199,
48200,
48201,
48202,
48203,
48204,
48206,
48207,
48208,
48210,
48211
);
script_xref(name:"EDB-ID", value:"17409");
script_xref(name:"MSFT", value:"MS11-050");
script_xref(name:"MSKB", value:"2530548");
script_name(english:"MS11-050: Cumulative Security Update for Internet Explorer (2530548)");
script_summary(english:"Checks version of Mshtml.dll");
script_set_attribute(
attribute:"synopsis",
value:
"Arbitrary code can be executed on the remote host through a web
browser."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is missing Internet Explorer (IE) Security Update
2497640.
The installed version of IE is affected by several vulnerabilities that
could allow an attacker to execute arbitrary code on the remote host."
);
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-193/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-194/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-194/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-196/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-198/");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-050");
script_set_attribute(
attribute:"solution",
value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
and 2008 R2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'MS11-050 IE mshtml!CObjectElement Use After Free');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus');
script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/14");
script_set_attribute(attribute:"patch_publication_date", value:"2011/06/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS11-050';
kb = '2530548';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'1,2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 7 and Windows Server 2008 R2
#
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.1", file:"Mshtml.dll", version:"9.0.8112.20530", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", file:"Mshtml.dll", version:"9.0.8112.16430", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.21735", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.17622", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.20975", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.16821", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Vista / Windows 2008
#
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"9.0.8112.20530", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"9.0.8112.16430", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"8.0.6001.23181", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"8.0.6001.19088", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.22629", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18457", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.22905", min_version:"7.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.18639", min_version:"7.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003 / XP 64-bit
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23181", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.19088", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21300", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17098", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.4857", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows XP x86
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23181", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.19088", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21300", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17098", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6104", min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1250
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1256
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1258
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1260
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1262
docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-050
www.zerodayinitiative.com/advisories/ZDI-11-193/
www.zerodayinitiative.com/advisories/ZDI-11-194/
www.zerodayinitiative.com/advisories/ZDI-11-196/
www.zerodayinitiative.com/advisories/ZDI-11-198/
Related
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2530548)
2011-06-15 00:00:00
Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2011-09-14 00:00:00
mskb
mskb
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2011-07-22 00:00:00
prion
prion
Memory corruption
2011-06-16 20:55:00
Information disclosure
2011-06-16 20:55:00
Memory corruption
2011-06-16 20:55:00
zdi
zdi
cve
cve
saint
saint
seebug
seebug
Microsoft Internet Explorer link属性未初始化内存远程代码执行漏洞
2011-06-16 00:00:00
Microsoft Internet Explorer拖放信息泄露漏洞
2011-06-16 00:00:00
Microsoft Internet Explorer 8 DOM处理未初始化内存远程代码执行漏洞
2011-06-16 00:00:00
checkpoint_advisories
checkpoint_advisories
packetstorm
packetstorm
MS11-050 IE mshtml!CObjectElement Use After Free
2011-06-17 00:00:00
Microsoft Internet Explorer toStaticHTML Information Disclosure
2011-07-21 00:00:00
threatpost
threatpost
M86 Researchers Discover Short-Lived IE 0-Day
2011-06-27 18:27:21
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31
Researcher Finds Technique to Bypass Microsoft's EMET Protections
2012-08-09 14:28:45
nessus
nessus
Related for SMB_NT_MS11-050.NASL