Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.SMB_NT_MS13-021.NASL
HistoryMar 12, 2013 - 12:00 a.m.

MS13-021: Security Update for Internet Explorer (2809289)

2013-03-1200:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
22
JSON

The remote host is missing Internet Explorer (IE) Security Update 2809289.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(65210);
  script_version("1.14");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id(
    "CVE-2013-0087",
    "CVE-2013-0088",
    "CVE-2013-0089",
    "CVE-2013-0090",
    "CVE-2013-0091",
    "CVE-2013-0092",
    "CVE-2013-0093",
    "CVE-2013-0094",
    "CVE-2013-1288"
  );
  script_bugtraq_id(
    58341,
    58342,
    58343,
    58344,
    58345,
    58346,
    58347,
    58348,
    58437
  );
  script_xref(name:"MSFT", value:"MS13-021");
  script_xref(name:"MSKB", value:"2809289");

  script_name(english:"MS13-021: Security Update for Internet Explorer (2809289)");
  script_summary(english:"Checks version of Mshtml.dll");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple code execution
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2809289.

The installed version of IE is affected by multiple vulnerabilities that
could allow an attacker to execute arbitrary code on the remote host.");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-043/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-044/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-045/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-046/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-047/");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/526051/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/526052/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-097/");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-021");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
2008 R2, 8, and 2012.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS13-021';
kb = '2809289';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 8 / 2012
  #
  # - Internet Explorer 10
  hotfix_is_vulnerable(os:"6.2",       file:"Mshtml.dll", version:"10.0.9200.20630", min_version:"10.0.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2",       file:"Mshtml.dll", version:"10.0.9200.16525", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 / 2008 R2
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.20580", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.16470", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22258", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18094", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.21471", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.17256", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20580", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16470", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23471", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19403", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.23032", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18778", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003 / XP 64-bit
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23471", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.19403", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21325", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17123", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5120",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows XP x86
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23471", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.19403", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21325", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17123", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6347",  min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftiecpe:/a:microsoft:ie
microsoftwindowscpe:/o:microsoft:windows

References

Related

mskb 1
openvas 2
securityvulns 3
cve 9
cvelist 9
checkpoint_advisories 10
symantec 9
prion 9
zdi 6
packetstorm 1
seebug 2
threatpost 1
fireeye 1
mskb
mskb
MS13-021: Cumulative Security Update for Internet Explorer: March 12, 2013
2013-03-12 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2809289)
2013-03-13 00:00:00
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2809289)
2013-03-13 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-03-24 00:00:00
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 &quot;OnResize&quot; Use-after-free &#40;MS13-021 / CVE-2013-0087&#41;
2013-03-24 00:00:00
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 &quot;OnMove&quot; Use-after-free &#40;MS13-021 / CVE-2013-0087&#41;
2013-03-24 00:00:00
cve
cve
CVE-2013-1288
2013-03-13 00:55:00
CVE-2013-0090
2013-03-13 00:55:00
CVE-2013-0087
2013-03-13 00:55:00
cvelist
cvelist
CVE-2013-1288
2013-03-13 00:00:00
CVE-2013-0087
2013-03-13 00:00:00
CVE-2013-0090
2013-03-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer CTreeNode Use After Free Remote Code Execution (MS13-021; CVE-2013-1288)
2013-03-12 00:00:00
Internet Explorer CCaret Use After Free Code Execution (MS13-021; CVE-2013-0090)
2013-03-12 00:00:00
Internet Explorer CMarkupBehaviorContext use after free (MS13-021; CVE-2013-0089)
2013-03-12 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2013-1288 Use-After-Free Remote Code Execution Vulnerability
2013-03-12 00:00:00
Microsoft Internet Explorer CVE-2013-0090 Use-After-Free Remote Code Execution Vulnerability
2013-03-12 00:00:00
Microsoft Internet Explorer CVE-2013-0088 Use-After-Free Remote Code Execution Vulnerability
2013-03-12 00:00:00
prion
prion
Design/Logic Flaw
2013-03-13 00:55:00
Design/Logic Flaw
2013-03-13 00:55:00
Design/Logic Flaw
2013-03-13 00:55:00
zdi
zdi
Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
2013-05-29 00:00:00
Microsoft Internet Explorer CMarkupBehaviorContext Use-After-Free Remote Code Execution Vulnerability
2013-03-22 00:00:00
Microsoft Internet Explorer saveHistory Use-After-Free Remote Code Execution Vulnerability
2013-03-22 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer 9 IEFRAME CView::EnsureSize Use-After-Free
2016-12-16 00:00:00
seebug
seebug
Microsoft Internet Explorer CElement ι‡Šζ”ΎεŽι‡η”¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-0091)(MS13-021)
2013-03-15 00:00:00
Microsoft Internet Explorer removeChildι‡Šζ”ΎεŽι‡η”¨θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-0094)(MS13-021)
2013-03-15 00:00:00
threatpost
threatpost
Critical IE, Windows Kernel Flaws Patched
2013-03-12 18:28:50
fireeye
fireeye
Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents
2013-03-20 17:26:00
JSON
Related for SMB_NT_MS13-021.NASL
mskb1openvas2securityvulns3cve9cvelist9checkpoint_advisories10symantec9prion9zdi6packetstorm1seebug2threatpost1fireeye1