Lucene search
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SMB_NT_MS11-057.NASLHistoryAug 09, 2011 - 12:00 a.m.
MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049)
2011-08-0900:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
29
The remote host is missing Internet Explorer (IE) Security Update 2559049.
The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(55787);
script_version("1.21");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id(
"CVE-2011-1257",
"CVE-2011-1347",
"CVE-2011-1960",
"CVE-2011-1961",
"CVE-2011-1962",
"CVE-2011-1963",
"CVE-2011-1964",
"CVE-2011-2382",
"CVE-2011-2383"
);
script_bugtraq_id(
46821,
47989,
48994,
49023,
49027,
49032,
49037,
49039
);
script_xref(name:"MSFT", value:"MS11-057");
script_xref(name:"MSKB", value:"2559049");
script_name(english:"MS11-057: Critical Cumulative Security Update for Internet Explorer (2559049)");
script_summary(english:"Checks version of Mshtml.dll");
script_set_attribute(
attribute:"synopsis",
value:
"Arbitrary code can be executed on the remote host through a web
browser."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is missing Internet Explorer (IE) Security Update
2559049.
The installed version of IE is affected by several vulnerabilities that
could allow an attacker to execute arbitrary code on the remote host."
);
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-247/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-248/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-249/");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-057");
script_set_attribute(
attribute:"solution",
value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
and 2008 R2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/23");
script_set_attribute(attribute:"patch_publication_date", value:"2011/08/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS11-057';
kb = '2559049';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 7 and Windows Server 2008 R2
#
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.1", file:"Mshtml.dll", version:"9.0.8112.20534", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", file:"Mshtml.dll", version:"9.0.8112.16434", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.21776", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.17655", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.21013", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.16853", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Vista / Windows 2008
#
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"9.0.8112.20534", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"9.0.8112.16434", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"8.0.6001.23216", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", file:"Mshtml.dll", version:"8.0.6001.19120", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.22683", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18494", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003 / XP 64-bit
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23216", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.19120", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21305", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17102", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.4882", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows XP x86
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23216", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.19120", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21305", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17102", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6129", min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2383
docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-057
www.zerodayinitiative.com/advisories/ZDI-11-247/
www.zerodayinitiative.com/advisories/ZDI-11-248/
www.zerodayinitiative.com/advisories/ZDI-11-249/
Related
securityvulns
securityvulns
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
2011-08-11 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2559049)
2011-08-11 00:00:00
Microsoft Internet Explorer Cookie Hijacking Vulnerability
2011-06-13 00:00:00
mskb
mskb
MS11-057: Cumulative Security Update for Internet Explorer: August 9, 2011
2020-05-21 04:45:55
seebug
seebug
Microsoft Internet Explorer跨域本地Cookie文件访问安全绕过漏洞
2011-08-10 00:00:00
Microsoft Internet Explorer窗口打开竞争条件远程代码执行漏洞
2011-08-10 00:00:00
Microsoft Internet Explorer 保护模式绕过漏洞(Pwn2Own)
2011-08-10 00:00:00
prion
prion
Cross site scripting
2011-06-03 17:55:00
Design/Logic Flaw
2011-03-10 20:55:00
Race condition
2011-08-10 21:55:00
cve
cve
zdi
zdi
checkpoint_advisories
checkpoint_advisories
saint
saint
Internet Explorer Telnet URI Insecure Loading
2011-08-16 00:00:00
Internet Explorer Telnet URI Insecure Loading
2011-08-16 00:00:00
Internet Explorer Telnet URI Insecure Loading
2011-08-16 00:00:00
jvn
jvn
threatpost
threatpost
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31
Related for SMB_NT_MS11-057.NASL