Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.SMB_NT_MS12-059.NASL
HistoryAug 15, 2012 - 12:00 a.m.

MS12-059: Buffer Overflow in Microsoft Visio and Visio Viewer Could Allow Remote Code Execution (2733918)

2012-08-1500:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
12

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.947 High

EPSS

Percentile

99.3%

JSON

The remote host contains a version of Microsoft Visio or Visio Viewer that is affected by a buffer overflow vulnerability.

A memory handling error exists when parsing specially crafted DFX files.
A remote attacker could exploit these issues by tricking a user into opening a specially crafted Microsoft Visio file, resulting in arbitrary code execution.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(61534);
  script_version("1.21");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2012-1888");
  script_bugtraq_id(54934);
  script_xref(name:"MSFT", value:"MS12-059");
  script_xref(name:"MSKB", value:"2597171");
  script_xref(name:"MSKB", value:"2598287");
  script_xref(name:"MSKB", value:"2687508");

  script_name(english:"MS12-059: Buffer Overflow in Microsoft Visio and Visio Viewer Could Allow Remote Code Execution (2733918)");
  script_summary(english:"Checks version of Visio.exe");

  script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote Windows host through Visio
or Visio Viewer.");
  script_set_attribute(attribute:"description", value:
"The remote host contains a version of Microsoft Visio or Visio Viewer
that is affected by a buffer overflow vulnerability.

A memory handling error exists when parsing specially crafted DFX files.
A remote attacker could exploit these issues by tricking a user into
opening a specially crafted Microsoft Visio file, resulting in arbitrary
code execution.");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-143/");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/523938/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-059");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Visio 2010 and Visio Viewer
2010.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visio");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visio_viewer");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS12-059';
kbs = make_list("2597171", "2598287", "2687508");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");

vuln = FALSE;

# Visio 2010
installs = get_kb_item("SMB/Office/Visio/*/VisioPath");
if (!isnull(installs))
{
  foreach install (keys(installs))
  {
    version = install - 'SMB/Office/Visio/' - '/VisioPath';
    if ("14.0" >< version)
    {
      path = installs[install];
      share = hotfix_path2share(path:path);

      if (is_accessible_share(share:share))
      {
        # Note KB2597171 is replaced by KB2687508 (11 DEC 2012)
        if (hotfix_is_vulnerable(path:path, file:"Visio.exe", version:"14.0.6122.5000", min_version:"14.0.6000.0", bulletin:bulletin, kb:"2687508"))
          vuln = TRUE;
      }
    }
  }
}

# Visio Viewer 2010
# Determine the install path for Visio Viewer 2010.
visio_viewer_path = NULL;

# Connect to remote registry.
registry_init();
hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
visio_viewer_path = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\Office\14.0\Common\InstallRoot\Path");
RegCloseKey(handle:hklm);
close_registry(close:FALSE);

# Visio Viewer 2010.
if (visio_viewer_path)
{
  share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:visio_viewer_path);
  if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

  if (hotfix_is_vulnerable(path:visio_viewer_path, file:"Vviewer.dll", version:"14.0.6119.5000", min_version:"14.0.6000.0", bulletin:bulletin, kb:"2598287"))
    vuln = TRUE;
}

if (vuln)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftvisiocpe:/a:microsoft:visio
microsoftvisio_viewercpe:/a:microsoft:visio_viewer

Related

openvas 2
mskb 1
prion 1
symantec 1
checkpoint_advisories 2
cvelist 1
securityvulns 2
nvd 1
cve 1
zdi 1
openvas
openvas
Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
2012-08-15 00:00:00
Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
2012-08-15 00:00:00
mskb
mskb
MS12-059: Vulnerability in Microsoft Visio could allow remote code execution: August 14, 2012
2012-08-14 00:00:00
prion
prion
Design/Logic Flaw
2012-08-15 01:55:00
symantec
symantec
Microsoft Visio Viewer VSD File Format CVE-2012-1888 Remote Code Execution Vulnerability
2012-08-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Visio DXF File Parsing Code Execution (MS12-059; CVE-2012-1888)
2012-08-14 00:00:00
Microsoft Visio DXF File Parsing Code Execution - Ver2 (CVE-2012-1888)
2014-04-16 00:00:00
cvelist
cvelist
CVE-2012-1888
2012-08-15 01:00:00
securityvulns
securityvulns
Microsoft Visio buffer overflow
2012-08-20 00:00:00
ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability
2012-08-20 00:00:00
nvd
nvd
CVE-2012-1888
2012-08-15 01:55:01
cve
cve
CVE-2012-1888
2012-08-15 01:55:01
zdi
zdi
Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability
2012-08-17 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.947 High

EPSS

Percentile

99.3%

JSON
Related for SMB_NT_MS12-059.NASL
openvas2mskb1prion1symantec1checkpoint_advisories2cvelist1securityvulns2nvd1cve1zdi1