Lucene search
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.SMB_NT_MS13-033.NASLHistoryApr 10, 2013 - 12:00 a.m.
MS13-033: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2820917)
2013-04-1000:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
15
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
14.4%
The Windows Client/Server Run-time Subsystem (CSRSS) on the remote host has a privilege escalation vulnerability due to an improper handling of objects in memory. An attacker who successfully exploits this vulnerability can execute arbitrary code in the context of the local system. The attacker could then install or modify applications as well as create new accounts with full user rights.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(65880);
script_version("1.8");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id("CVE-2013-1295");
script_bugtraq_id(58886);
script_xref(name:"MSFT", value:"MS13-033");
script_xref(name:"MSKB", value:"2820917");
script_xref(name:"IAVB", value:"2013-B-0034");
script_name(english:"MS13-033: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2820917)");
script_summary(english:"Checks the version of Winsrv.dll");
script_set_attribute(
attribute:"synopsis",
value:"The remote Windows host has a privilege escalation vulnerability."
);
script_set_attribute(
attribute:"description",
value:
"The Windows Client/Server Run-time Subsystem (CSRSS) on the remote host
has a privilege escalation vulnerability due to an improper handling of
objects in memory. An attacker who successfully exploits this
vulnerability can execute arbitrary code in the context of the local
system. The attacker could then install or modify applications as well
as create new accounts with full user rights."
);
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-033");
script_set_attribute(
attribute:"solution",
value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista,
and 2008."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/09");
script_set_attribute(attribute:"patch_publication_date", value:"2013/04/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS13-033';
kb = "2820917";
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows Vista / 2008
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Winsrv.dll", version:"6.0.6002.23075", min_version:"6.0.6002.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Winsrv.dll", version:"6.0.6002.18804", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003 / XP 64-bit
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Winsrv.dll", version:"5.2.3790.5138", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows XP 32-bit
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Winsrv.dll", version:"5.1.2600.6368", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
cvelist
cvelist
CVE-2013-1295
2013-04-09 22:00:00
nvd
nvd
CVE-2013-1295
2013-04-09 22:55:01
symantec
symantec
openvas
openvas
cve
cve
CVE-2013-1295
2013-04-09 22:55:01
prion
prion
Memory corruption
2013-04-09 22:55:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-04-12 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
14.4%
Related for SMB_NT_MS13-033.NASL