Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.SMB_NT_MS12-037.NASL
HistoryJun 13, 2012 - 12:00 a.m.

MS12-037: Cumulative Security Update for Internet Explorer (2699988)

2012-06-1300:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
64
JSON

The remote host is missing Internet Explorer (IE) Security Update 2699988.

The installed version of IE is affected by several vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(59455);
  script_version("1.31");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id(
    "CVE-2012-1523",
    "CVE-2012-1858",
    "CVE-2012-1872",
    "CVE-2012-1873",
    "CVE-2012-1874",
    "CVE-2012-1875",
    "CVE-2012-1876",
    "CVE-2012-1877",
    "CVE-2012-1878",
    "CVE-2012-1879",
    "CVE-2012-1880",
    "CVE-2012-1881",
    "CVE-2012-1882"
  );
  script_bugtraq_id(
    53841,
    53842,
    53843,
    53844,
    53845,
    53847,
    53848,
    53866,
    53867,
    53868,
    53869,
    53870,
    53871
  );
  script_xref(name:"EDB-ID", value:"19777");
  script_xref(name:"EDB-ID", value:"20174");
  script_xref(name:"EDB-ID", value:"24017");
  script_xref(name:"EDB-ID", value:"33944");
  script_xref(name:"EDB-ID", value:"35815");
  script_xref(name:"MSFT", value:"MS12-037");
  script_xref(name:"MSKB", value:"2699988");

  script_name(english:"MS12-037: Cumulative Security Update for Internet Explorer (2699988)");
  script_summary(english:"Checks version of Mshtml.dll");

  script_set_attribute(attribute:"synopsis", value:"The remote host is affected by code execution vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2699988.

The installed version of IE is affected by several vulnerabilities
that could allow an attacker to execute arbitrary code on the remote
host.");
  # http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7d49512");
  # http://www.vupen.com/blog/20120710.Advanced_Exploitation_of_Internet_Explorer_HeapOv_CVE-2012-1876.php
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?18c6adba");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-093/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-190/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-192/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-193/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-194/");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/523185/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/523186/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/523196/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-037");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
and 2008 R2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS12-037 Microsoft Internet Explorer Fixed Table Col Span Heap Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS12-037';
kb = '2699988';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 7 / 2008 R2
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.20551", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.16446", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.21976", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.17824", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.21198", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.17006", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20551", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16446", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23359", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19272", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.22838", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18616", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003 / XP 64-bit
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23345", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.19258", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21312", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17110", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.4986",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows XP x86
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23345", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.19258", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21312", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17110", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6212",  min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftiecpe:/a:microsoft:ie
microsoftwindowscpe:/o:microsoft:windows

References

Related

securityvulns 8
openvas 5
mskb 2
checkpoint_advisories 14
cve 14
symantec 12
seebug 14
prion 13
zdi 6
packetstorm 6
threatpost 7
metasploit 1
saint 8
attackerkb 1
thn 4
exploitpack 5
canvas 1
zdt 2
exploitdb 7
nessus 2
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2012-06-25 00:00:00
VUPEN Security Research - Microsoft Internet Explorer &quot;GetAtomTable&quot; Remote Use-after-free &#40;MS12-037 / CVE-2012-1875&#41;
2012-06-25 00:00:00
[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability
2012-06-17 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
2012-06-13 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2699988)
2012-06-13 00:00:00
Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
2012-06-13 00:00:00
mskb
mskb
MS12-037: Cumulative Security Update for Internet Explorer: June 12, 2012
2012-06-12 00:00:00
MS12-050: Vulnerabilities in SharePoint could allow elevation of privilege: July 10, 2012
2012-07-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer insertRow Remote Code Execution (MS12-037; CVE-2012-1880)
2012-06-12 00:00:00
Internet Explorer OnBeforeDeactivate Event Remote Code Execution (MS12-037; CVE-2012-1878)
2012-06-12 00:00:00
Internet Explorer Title Element Change Remote Code Execution (MS12-037; CVE-2012-1877)
2012-06-12 00:00:00
cve
cve
CVE-2012-1877
2012-06-12 22:55:00
CVE-2012-1880
2012-06-12 22:55:00
CVE-2012-1875
2012-06-12 22:55:00
symantec
symantec
Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability
2012-06-12 00:00:00
Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability
2012-06-12 00:00:00
Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability
2012-06-12 00:00:00
seebug
seebug
Microsoft IE insertRow远程代码执行漏洞 (MS12-037)
2012-06-13 00:00:00
Microsoft IE OnBeforeDeactivate事件远程代码执行漏洞 (MS12-037)
2012-06-13 00:00:00
Microsoft IE OnRowsInserted远程代码执行漏洞 (MS12-037)
2012-06-13 00:00:00
prion
prion
Remote code execution
2012-06-12 22:55:00
Information disclosure
2012-06-12 22:55:00
Remote code execution
2012-06-12 22:55:00
zdi
zdi
Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability
2012-12-21 00:00:00
Microsoft Internet Explorer Title Element Change Remote Code Execution Vulnerability
2012-12-21 00:00:00
Microsoft Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability
2012-12-21 00:00:00
packetstorm
packetstorm
MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption
2012-06-14 00:00:00
Internet Explorer 8 Bypass
2014-07-01 00:00:00
Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
2012-08-01 00:00:00
threatpost
threatpost
What Have We Learned: Flame Malware
2012-06-15 19:46:56
New Fake Android Security App is Zeus Malware
2012-06-18 15:28:08
Exploit Code Surfaces for CVE-2012-1875 Internet Explorer Bug
2012-06-18 13:43:09
metasploit
metasploit
MS12-037 Microsoft Internet Explorer Same ID Property Deleted Object Handling Memory Corruption
2012-06-13 16:33:26
saint
saint
Internet Explorer Same ID Property vulnerability
2012-06-22 00:00:00
Internet Explorer Same ID Property vulnerability
2012-06-22 00:00:00
Internet Explorer Same ID Property vulnerability
2012-06-22 00:00:00
attackerkb
attackerkb
MS12-037 Microsoft Internet Explorer Same ID Property Deleted Object Handling Memory Corruption
2012-06-12 00:00:00
thn
thn
Hackers Exploit Unpatched Windows XML vulnerability
2012-06-22 21:14:00
Latest Internet Explorer zero-day linked to Elderwood Project
2013-01-06 15:49:00
Latest Internet Explorer zero-day linked to Elderwood Project
2013-01-06 04:49:00
exploitpack
exploitpack
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)
2014-07-01 00:00:00
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)
2014-11-17 00:00:00
Microsoft Internet Explorer 9 SharePoint Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037MS12-039MS12-050)
2012-07-12 00:00:00
canvas
canvas
Immunity Canvas: MS12_037
2012-06-12 22:55:00
zdt
zdt
Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 4.1.X Bypass
2014-07-01 00:00:00
Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.1 Bypass (MS12-037)
2014-11-18 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - Same ID Property Deleted Object Handling Memory Corruption (MS12-037) (Metasploit)
2012-06-14 00:00:00
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP Bypass) (MS12-037)
2013-01-10 00:00:00
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)
2014-11-17 00:00:00
nessus
nessus
MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
2012-06-13 00:00:00
MS12-050: Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
2012-07-11 00:00:00
JSON
Related for SMB_NT_MS12-037.NASL
securityvulns8openvas5mskb2checkpoint_advisories14cve14symantec12seebug14prion13zdi6packetstorm6threatpost7metasploit1saint8attackerkb1thn4exploitpack5canvas1zdt2exploitdb7nessus2