Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2022 Tenable Network Security, Inc.SMB_NT_MS13-037.NASL
HistoryMay 15, 2013 - 12:00 a.m.

MS13-037: Cumulative Security Update for Internet Explorer (2829530)

2013-05-1500:00:00
This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.
www.tenable.com
36
JSON

The remote host is missing Internet Explorer (IE) Security Update 2829530.

The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(66412);
  script_version("1.32");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/29");

  script_cve_id(
    "CVE-2013-0811",
    "CVE-2013-1297",
    "CVE-2013-1306",
    "CVE-2013-1307",
    "CVE-2013-1308",
    "CVE-2013-1309",
    "CVE-2013-1310",
    "CVE-2013-1311",
    "CVE-2013-1312",
    "CVE-2013-2551",
    "CVE-2013-3140"
  );
  script_bugtraq_id(
    58570,
    59734,
    59737,
    59745,
    59746,
    59747,
    59748,
    59751,
    59752,
    59753,
    59754
  );
  script_xref(name:"MSFT", value:"MS13-037");
  script_xref(name:"MSKB", value:"2829530");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/18");

  script_name(english:"MS13-037: Cumulative Security Update for Internet Explorer (2829530)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple code execution
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2829530.

The installed version of IE is affected by multiple vulnerabilities that
could allow an attacker to execute arbitrary code on the remote host.");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/526657/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/526659/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-081/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-082/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-083/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-084/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-085/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-102/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-103/");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-037");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
2008 R2, 8, and 2012.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-3140");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS13-037 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS13-037';
kb = '2829530';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 8 / 2012
  #
  # - Internet Explorer 10
  hotfix_is_vulnerable(os:"6.2",             file:"Mshtml.dll", version:"10.0.9200.20682", min_version:"10.0.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", arch:"x64", file:"Mshtml.dll", version:"10.0.9200.16579", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", arch:"x86", file:"Mshtml.dll", version:"10.0.9200.16578", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 / 2008 R2
  #
  # - Internet Explorer 10
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.20681", min_version:"10.0.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.16576", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.20593", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.16483", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22296", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18126", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20593", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16483", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23486", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19418", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.23095", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18823", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003 / XP 64-bit
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23486", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21335", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5149",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows XP x86
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23486", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21335", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6380",  min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftiecpe:/a:microsoft:ie
microsoftwindowscpe:/o:microsoft:windows

References

Related

openvas 2
securityvulns 2
mskb 1
prion 11
cve 11
attackerkb 2
packetstorm 4
cisa_kev 1
saint 8
symantec 10
threatpost 5
checkpoint_advisories 13
zdi 6
seebug 2
zdt 2
malwarebytes 1
thn 1
qualysblog 1
openvas
openvas
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)
2013-05-15 00:00:00
Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)
2013-05-15 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2013-05-27 00:00:00
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow &#40;MS13-037 / Pwn2Own&#41;
2013-05-27 00:00:00
mskb
mskb
MS13-037: Cumulative Security Update for Internet Explorer: May 14, 2013
2013-05-14 00:00:00
prion
prion
Design/Logic Flaw
2013-05-15 03:36:00
Design/Logic Flaw
2013-05-15 03:36:00
Design/Logic Flaw
2013-03-11 10:55:00
cve
cve
CVE-2013-1308
2013-05-15 03:36:00
CVE-2013-1309
2013-05-15 03:36:00
CVE-2013-2551
2013-03-11 10:55:00
attackerkb
attackerkb
CVE-2013-2551
2013-03-11 00:00:00
CVE-2013-1308
2013-05-15 00:00:00
packetstorm
packetstorm
MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow
2013-06-13 00:00:00
Microsoft Internet Explorer MSHTML CDispNode::InsertSiblingNode Use-After-Free
2016-12-09 00:00:00
Microsoft Internet Explorer 9 MSHTML CDispNode::InsertSiblingNode Use-After-Free
2016-12-08 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-03-28 00:00:00
saint
saint
Internet Explorer VML Dashstyle Attributes Integer Overflow
2013-06-03 00:00:00
Internet Explorer VML Dashstyle Attributes Integer Overflow
2013-06-03 00:00:00
Internet Explorer VML Dashstyle Attributes Integer Overflow
2013-06-03 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2013-2551 Use-After-Free Remote Code Execution Vulnerability
2013-03-11 00:00:00
Microsoft Internet Explorer CVE-2013-1310 Use-After-Free Remote Code Execution Vulnerability
2013-05-14 00:00:00
Microsoft Internet Explorer JSON Array CVE-2013-1297 Information Disclosure Vulnerability
2013-05-14 00:00:00
threatpost
threatpost
Terror Exploit Kit Evolves Into Larger Threat
2017-05-19 14:22:23
Inside the RIG Exploit Kit
2016-11-04 17:58:47
Malvertising Campaign Hits AOL Ad Network, Leads to Exploit Kit
2015-01-06 14:25:29
checkpoint_advisories
checkpoint_advisories
Internet Explorer VML Objects Use After Free (MS13-037; CVE-2013-2551)
2013-05-14 00:00:00
Suspicious Javascript Variable Names (CVE-2013-2551)
2013-12-10 00:00:00
Suspicious HTML Containing Overly Long Text (CVE-2013-2551)
2014-02-25 00:00:00
zdi
zdi
(Pwn2Own) Microsoft Internet Explorer VML Parsing Remote Code Execution Vulnerabillity
2013-05-29 00:00:00
Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
2013-05-29 00:00:00
Microsoft Internet Explorer CAnchorElement Use-After-Free Remote Code Execution Vulnerability
2013-05-29 00:00:00
seebug
seebug
Microsoft Internet Explorer 不明细节远程代码执行漏洞(CVE-2013-2551)
2013-03-20 00:00:00
Microsoft Internet Explorer 释放后重用远程代码执行漏洞(CVE-2013-0811)(MS13-037)
2013-05-17 00:00:00
zdt
zdt
Microsoft Internet Explorer 9 MSHTML - CDisp­Node::Insert­Sibling­Node Use-After-Free (MS13-037) (1)
2016-12-10 00:00:00
MS13-037 Microsoft Internet Explorer textNode Use-After-Free
2013-06-07 00:00:00
malwarebytes
malwarebytes
RIG exploit kit distributes Princess ransomware
2017-08-31 20:04:32
thn
thn
Researchers Share New Insights Into RIG Exploit Kit Malware's Operations
2023-02-27 15:33:00
qualysblog
qualysblog
The Rise of Ransomware
2021-10-05 12:50:00
JSON
Related for SMB_NT_MS13-037.NASL
openvas2securityvulns2mskb1prion11cve11attackerkb2packetstorm4cisa_kev1saint8symantec10threatpost5checkpoint_advisories13zdi6seebug2zdt2malwarebytes1thn1qualysblog1