The remote host is missing Internet Explorer (IE) Security Update 2838727.
The installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(66863);
script_version("1.13");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id(
"CVE-2013-3110",
"CVE-2013-3111",
"CVE-2013-3112",
"CVE-2013-3113",
"CVE-2013-3114",
"CVE-2013-3116",
"CVE-2013-3117",
"CVE-2013-3118",
"CVE-2013-3119",
"CVE-2013-3120",
"CVE-2013-3121",
"CVE-2013-3122",
"CVE-2013-3123",
"CVE-2013-3124",
"CVE-2013-3125",
"CVE-2013-3126",
"CVE-2013-3139",
"CVE-2013-3141",
"CVE-2013-3142"
);
script_bugtraq_id(
60374,
60376,
60377,
60378,
60379,
60380,
60381,
60382,
60383,
60384,
60385,
60386,
60387,
60388,
60389,
60390,
60391,
60392,
60393
);
script_xref(name:"MSFT", value:"MS13-047");
script_xref(name:"MSKB", value:"2838727");
script_name(english:"MS13-047: Cumulative Security Update for Internet Explorer (2838727)");
script_summary(english:"Checks version of Mshtml.dll");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple code execution
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2838727.
The installed version of IE is affected by multiple vulnerabilities that
could allow an attacker to execute arbitrary code on the remote host.");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-133/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-134/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-135/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-136/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-137/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-138/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-139/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-140/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-141/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-143/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-144/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-145/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-146/");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-047");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
2008 R2, 8, and 2012.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/11");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS13-047';
kb = '2838727';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 8 / 2012
#
# - Internet Explorer 10
hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.20717", min_version:"10.0.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.16612", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 7 / 2008 R2
#
# - Internet Explorer 10
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.20719", min_version:"10.0.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.16614", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.20600", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.16490", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22326", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18156", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Vista / 2008
#
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20600", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16490", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23501", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19437", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.23109", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18837", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003 / XP 64-bit
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23501", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21337", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5161", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows XP x86
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23501", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21337", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6391", min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3142
docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-047
www.zerodayinitiative.com/advisories/ZDI-13-133/
www.zerodayinitiative.com/advisories/ZDI-13-134/
www.zerodayinitiative.com/advisories/ZDI-13-135/
www.zerodayinitiative.com/advisories/ZDI-13-136/
www.zerodayinitiative.com/advisories/ZDI-13-137/
www.zerodayinitiative.com/advisories/ZDI-13-138/
www.zerodayinitiative.com/advisories/ZDI-13-139/
www.zerodayinitiative.com/advisories/ZDI-13-140/
www.zerodayinitiative.com/advisories/ZDI-13-141/
www.zerodayinitiative.com/advisories/ZDI-13-143/
www.zerodayinitiative.com/advisories/ZDI-13-144/
www.zerodayinitiative.com/advisories/ZDI-13-145/
www.zerodayinitiative.com/advisories/ZDI-13-146/