Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.SMB_NT_MS13-002.NASL
HistoryJan 09, 2013 - 12:00 a.m.

MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)

2013-01-0900:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
606

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.4%

JSON

The version of Microsoft XML Core Services installed on the remote Windows host is affected by multiple code execution vulnerabilities when visiting a specially crafted web page using Internet Explorer.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63420);
  script_version("1.11");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2013-0006", "CVE-2013-0007");
  script_bugtraq_id(57116, 57122);
  script_xref(name:"MSFT", value:"MS13-002");
  script_xref(name:"MSKB", value:"2687497");
  script_xref(name:"MSKB", value:"2687499");
  script_xref(name:"MSKB", value:"2757638");
  script_xref(name:"MSKB", value:"2758694");
  script_xref(name:"MSKB", value:"2758696");
  script_xref(name:"MSKB", value:"2760574");
  script_xref(name:"IAVA", value:"2013-A-0004");

  script_name(english:"MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)");
  script_summary(english:"Checks the versions of Msxml3.dll, Msxml4.dll, and Msxml6.dll");
  script_set_attribute(
    attribute:"synopsis",
    value:
"Arbitrary code can be executed on the remote host through Microsoft XML
Core Services."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The version of Microsoft XML Core Services installed on the remote
Windows host is affected by multiple code execution vulnerabilities when
visiting a specially crafted web page using Internet Explorer."
  );
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-002");
  script_set_attribute(
    attribute:"solution",
    value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, and 2008 R2, 8, 2012, Office 2003, 2007, Word Viewer, Office
Compatibility Pack, Expression Web Service, Expression Web 2, SharePoint
Server 2007 and Groove Server 2007."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:xml_core_services");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:expression_web");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:groove_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word_viewer");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS13-002';
kbs = make_list(
  "2687497",
  "2687499",
  "2757638",
  "2758694",
  "2758696",
  "2760574"
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);


get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (!is_accessible_share())  audit(AUDIT_SHARE_FAIL, 'is_accessible_share');

vuln = 0;

arch = get_kb_item_or_exit("SMB/ARCH");
if (arch == "x86")
  commonfiles = hotfix_get_commonfilesdir();
else commonfiles = hotfix_get_commonfilesdirx86();
if (commonfiles)
  msxml5_dir = commonfiles + '\\Microsoft Shared\\Office11';

# XML Core Services 5 (this could be one of three KBs - KB2760574, KB2687497, KB2687499)
if (msxml5_dir)
  vuln += hotfix_is_vulnerable(path:msxml5_dir, file:"Msxml5.dll", version:"5.20.1099.0", min_version:"5.0.0.0", bulletin:bulletin);

# If a vulnerable version of XML Core Services 5 was detected, we should report on that
# regardless of the OS version.
if ((hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0))
{
  if (!vuln) audit(AUDIT_OS_SP_NOT_VULN);
}
else
{
  productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
  # Windows 8 / Server 2012
  vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.16447",                                  dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.20551", min_version:"8.110.9200.20000",  dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",            dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.9200.16447", min_version:"6.30.9200.16000",     dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.9200.20551", min_version:"6.30.9200.20000",     dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.16447",                                  dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.20551", min_version:"8.110.9200.20000",  dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.2",             sp:0, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",            dir:"\System32", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"6.2",             sp:0, file:"Msxml6.dll", version:"6.30.9200.16447", min_version:"6.30.9200.16000",     dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.2",             sp:0, file:"Msxml6.dll", version:"6.30.9200.20551", min_version:"6.30.9200.20000",     dir:"\System32", bulletin:bulletin, kb:"2757638");

  # Windows 7 / Server 2008 R2
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.17157",                                  dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.21360", min_version:"8.110.7600.21000",  dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.17988", min_version:"8.110.7601.17000",  dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.22149", min_version:"8.110.7601.22000",  dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64",       file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",            dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.7600.17157",                                   dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.7600.21360",  min_version:"6.30.7600.21000",   dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml6.dll", version:"6.30.7601.17988",  min_version:"6.30.7601.17000",   dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml6.dll", version:"6.30.7601.22149",  min_version:"6.30.7601.22000",   dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.17157",                                  dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.21360", min_version:"8.110.7600.21000",  dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.17988", min_version:"8.110.7601.17000",  dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.22149", min_version:"8.110.7601.22000",  dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1",                   file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",            dir:"\System32", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"6.1",             sp:0, file:"Msxml6.dll", version:"6.30.7600.17157",                                   dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1",             sp:0, file:"Msxml6.dll", version:"6.30.7600.21360",  min_version:"6.30.7600.21000",   dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1",             sp:1, file:"Msxml6.dll", version:"6.30.7601.17988",  min_version:"6.30.7601.17000",   dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.1",             sp:1, file:"Msxml6.dll", version:"6.30.7601.22149",  min_version:"6.30.7601.22000",   dir:"\System32", bulletin:bulletin, kb:"2757638");

  # Vista / Windows Server 2008
  vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64",  sp:2, file:"Msxml3.dll", version:"8.100.5006.0",                               dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64",  sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",     dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64",  sp:2, file:"Msxml6.dll", version:"6.20.5006.0",                                dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64",  sp:2, file:"Msxml3.dll", version:"8.100.5006.0",                               dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"6.0",              sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",     dir:"\System32", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"6.0",              sp:2, file:"Msxml6.dll", version:"6.20.5006.0",                                dir:"\System32", bulletin:bulletin, kb:"2757638");

  # Windows 2003 and XP x64
  vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.1053.0",                               dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",     dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml6.dll", version:"6.20.2016.0",                                dir:"\SysWOW64", bulletin:bulletin, kb:"2758696");
  vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.1053.0",                               dir:"\System32", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"5.2",             sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",     dir:"\System32", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"5.2",             sp:2, file:"Msxml6.dll", version:"6.20.2016.0",                                dir:"\System32", bulletin:bulletin, kb:"2758696");

  # Windows XP
  vuln += hotfix_is_vulnerable(os:"5.1", arch:"x64", sp:3, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",     dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"5.1", arch:"x64", sp:3, file:"Msxml6.dll", version:"6.20.2502.0",                                dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
  vuln += hotfix_is_vulnerable(os:"5.1",             sp:3, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0",     dir:"\System32", bulletin:bulletin, kb:"2758694");
  vuln += hotfix_is_vulnerable(os:"5.1",             sp:3, file:"Msxml6.dll", version:"6.20.2502.0",                                dir:"\System32", bulletin:bulletin, kb:"2757638");
}

if (vuln > 0)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftxml_core_servicescpe:/a:microsoft:xml_core_services
microsoftexpression_webcpe:/a:microsoft:expression_web
microsoftgroove_servercpe:/a:microsoft:groove_server
microsoftofficecpe:/a:microsoft:office
microsoftoffice_compatibility_packcpe:/a:microsoft:office_compatibility_pack
microsoftsharepoint_servercpe:/a:microsoft:sharepoint_server
microsoftword_viewercpe:/a:microsoft:word_viewer
microsoftwindowscpe:/o:microsoft:windows

Related

openvas 2
mskb 1
cve 2
symantec 2
prion 2
nvd 2
cvelist 2
checkpoint_advisories 2
seebug 2
ics 1
securityvulns 1
openvas
openvas
Microsoft XML Core Services Remote Code Execution Vulnerabilities (2756145)
2013-01-09 00:00:00
Microsoft XML Core Services Remote Code Execution Vulnerabilities (2756145)
2013-01-09 00:00:00
mskb
mskb
MS13-002: Vulnerabilities in Microsoft XML core services could allow remote code execution: January 8, 2013
2013-01-08 00:00:00
cve
cve
CVE-2013-0007
2013-01-09 18:09:40
CVE-2013-0006
2013-01-09 18:09:40
symantec
symantec
Microsoft XML Core Services CVE-2013-0007 Remote Code Execution Vulnerability
2013-01-08 00:00:00
Microsoft XML Core Services CVE-2013-0006 Remote Code Execution Vulnerability
2013-01-08 00:00:00
prion
prion
Design/Logic Flaw
2013-01-09 18:09:00
Integer overflow
2013-01-09 18:09:00
nvd
nvd
CVE-2013-0007
2013-01-09 18:09:40
CVE-2013-0006
2013-01-09 18:09:40
cvelist
cvelist
CVE-2013-0007
2013-01-09 18:00:00
CVE-2013-0006
2013-01-09 18:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows MSXML XSLT Remote Code Execution (MS13-002; CVE-2013-0007)
2013-01-08 00:00:00
Microsoft XML Core Services Integer Truncation Memory Corruption (MS13-002; CVE-2013-0006)
2013-02-24 00:00:00
seebug
seebug
Microsoft XML Core Services XSLT解析漏洞(MS13-002)
2013-01-09 00:00:00
Microsoft XML Core Services整数截断漏洞(MS13-002)
2013-01-09 00:00:00
ics
ics
OSIsoft PI Interface for OPC XML-DA
2020-11-10 12:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-01-10 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.4%

JSON
Related for SMB_NT_MS13-002.NASL
openvas2mskb1cve2symantec2prion2nvd2cvelist2checkpoint_advisories2seebug2ics1securityvulns1