Lucene search
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS12-078.NASLHistoryDec 11, 2012 - 12:00 a.m.
MS12-078: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
2012-12-1100:00:00
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.912 High
EPSS
Percentile
98.9%
The remote Windows host is affected by the following remote code execution vulnerabilities :
-
An OpenType Font parsing vulnerability exists due to the way OpenType font files are handled. (CVE-2012-2556)
-
A TrueType Font parsing vulnerability exists due to the way TrueType font files are handled.(CVE-2012-4786)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(63225);
script_version("1.14");
script_cvs_date("Date: 2019/12/04");
script_cve_id("CVE-2012-2556", "CVE-2012-4786");
script_bugtraq_id(56841, 56842);
script_xref(name:"MSFT", value:"MS12-078");
script_xref(name:"MSKB", value:"2753842");
script_xref(name:"MSKB", value:"2779030");
script_name(english:"MS12-078: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)");
script_summary(english:"Checks version of win32k.sys and atmfd.dll");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by remote code execution
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by the following remote code
execution vulnerabilities :
- An OpenType Font parsing vulnerability exists due to
the way OpenType font files are handled. (CVE-2012-2556)
- A TrueType Font parsing vulnerability exists due to
the way TrueType font files are handled.(CVE-2012-4786)");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-078");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, 2008 R2, 8, and 2012.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4786");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2012/12/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');
bulletin = 'MS12-078';
kbs = make_list("2753842", "2779030");
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
vuln = 0;
# Kernel Drivers
kb = "2779030";
if (
# Windows 8 / 2012
hotfix_is_vulnerable(os:"6.2", sp:0, file:"Win32k.sys", version:"6.2.9200.16453", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.2", sp:0, file:"Win32k.sys", version:"6.2.9200.20557", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 7 / 2008 R2
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Win32k.sys", version:"6.1.7600.17174", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Win32k.sys", version:"6.1.7600.21379", min_version:"6.1.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.18009", min_version:"6.1.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.22171", min_version:"6.1.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows Vista / 2008
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.18733", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.22977", min_version:"6.0.6002.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003 / XP 64-bit
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Win32k.sys", version:"5.2.3790.5094", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows XP 32-bit
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Win32k.sys", version:"5.1.2600.6322", dir:"\system32", bulletin:bulletin, kb:kb)
) vuln++;
# OpenType Compact Font Format
kb = "2753842";
if (
# Windows 8 / 2012
hotfix_is_vulnerable(os:"6.2", file:"Atmfd.dll", version:"5.1.2.236", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 7 / 2008 R2
hotfix_is_vulnerable(os:"6.1", file:"Atmfd.dll", version:"5.1.2.237", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows Vista / 2008
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Atmfd.dll", version:"5.1.2.235", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003 / XP 64-bit
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Atmfd.dll", version:"5.2.2.235", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows XP 32-bit
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Atmfd.dll", version:"5.1.2.235", dir:"\system32", bulletin:bulletin, kb:kb)
) vuln++;
if (vuln)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
openvas
openvas
mskb
mskb
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2012-2556
2012-12-12 00:55:01
CVE-2012-4786
2012-12-12 00:55:01
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2012-12-13 00:00:00
cve
cve
CVE-2012-2556
2012-12-12 00:55:01
CVE-2012-4786
2012-12-12 00:55:01
symantec
symantec
seebug
seebug
prion
prion
Design/Logic Flaw
2012-12-12 00:55:00
Design/Logic Flaw
2012-12-12 00:55:00
cvelist
cvelist
CVE-2012-2556
2012-12-12 00:00:00
CVE-2012-4786
2012-12-12 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.912 High
EPSS
Percentile
98.9%
Related for SMB_NT_MS12-078.NASL