The remote host is missing Internet Explorer (IE) Security Update 2969262.
The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to visit a specially crafted web page.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(74427);
script_version("1.22");
script_cvs_date("Date: 2019/11/26");
script_cve_id(
"CVE-2014-0282",
"CVE-2014-1762",
"CVE-2014-1764",
"CVE-2014-1766",
"CVE-2014-1769",
"CVE-2014-1770",
"CVE-2014-1771",
"CVE-2014-1772",
"CVE-2014-1773",
"CVE-2014-1774",
"CVE-2014-1775",
"CVE-2014-1777",
"CVE-2014-1778",
"CVE-2014-1779",
"CVE-2014-1780",
"CVE-2014-1781",
"CVE-2014-1782",
"CVE-2014-1783",
"CVE-2014-1784",
"CVE-2014-1785",
"CVE-2014-1786",
"CVE-2014-1788",
"CVE-2014-1789",
"CVE-2014-1790",
"CVE-2014-1791",
"CVE-2014-1792",
"CVE-2014-1794",
"CVE-2014-1795",
"CVE-2014-1796",
"CVE-2014-1797",
"CVE-2014-1799",
"CVE-2014-1800",
"CVE-2014-1802",
"CVE-2014-1803",
"CVE-2014-1804",
"CVE-2014-1805",
"CVE-2014-2753",
"CVE-2014-2754",
"CVE-2014-2755",
"CVE-2014-2756",
"CVE-2014-2757",
"CVE-2014-2758",
"CVE-2014-2759",
"CVE-2014-2760",
"CVE-2014-2761",
"CVE-2014-2763",
"CVE-2014-2764",
"CVE-2014-2765",
"CVE-2014-2766",
"CVE-2014-2767",
"CVE-2014-2768",
"CVE-2014-2769",
"CVE-2014-2770",
"CVE-2014-2771",
"CVE-2014-2772",
"CVE-2014-2773",
"CVE-2014-2775",
"CVE-2014-2776",
"CVE-2014-2777",
"CVE-2014-2782"
);
script_bugtraq_id(
67295,
67511,
67518,
67544,
67827,
67831,
67833,
67834,
67835,
67836,
67838,
67839,
67840,
67841,
67842,
67843,
67845,
67846,
67847,
67848,
67849,
67850,
67851,
67852,
67854,
67855,
67856,
67857,
67858,
67859,
67860,
67861,
67862,
67864,
67866,
67867,
67869,
67871,
67873,
67874,
67875,
67876,
67877,
67878,
67879,
67880,
67881,
67882,
67883,
67884,
67885,
67886,
67887,
67889,
67890,
67891,
67892,
67915,
68101
);
script_xref(name:"CERT", value:"239151");
script_xref(name:"EDB-ID", value:"33860");
script_xref(name:"EDB-ID", value:"35213");
script_xref(name:"MSFT", value:"MS14-035");
script_xref(name:"MSKB", value:"2957689");
script_xref(name:"MSKB", value:"2963950");
script_name(english:"MS14-035: Cumulative Security Update for Internet Explorer (2969262)");
script_summary(english:"Checks version of Mshtml.dll.");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2969262.
The version of Internet Explorer installed on the remote host is
affected by multiple vulnerabilities, the majority of which are remote
code execution vulnerabilities. An attacker could exploit these
vulnerabilities by convincing a user to visit a specially crafted web
page.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-035");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532798/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532799/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-194/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-193/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-192/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-191/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-190/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-189/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-188/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-187/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-186/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-185/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-184/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-183/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-182/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-181/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-180/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-179/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-178/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-177/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-176/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-175/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-174/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-140/");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Internet Explorer 6, 7, 8,
9, 10, and 11.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1764");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/21");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS14-035';
kb = '2957689';
kbs = make_list(kb, '2963950');
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 8.1 / 2012 R2
#
# - Internet Explorer 11 with KB2919355 applied
hotfix_is_vulnerable(os:"6.3", file:"Mshtml.dll", version:"11.0.9600.17126", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 11 without KB2919355 applied
hotfix_is_vulnerable(os:"6.3", file:"Mshtml.dll", version:"11.0.9600.16668", min_version:"11.0.0.0", dir:"\system32", bulletin:bulletin, kb:'2963950') ||
# Windows 8 / 2012
#
# - Internet Explorer 10
hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.21044", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.16921", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 7 / 2008 R2
# - Internet Explorer 11 with KB2929437 applied
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"11.0.9600.17126", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 11 without KB2929437 applied
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"11.0.9600.16668", min_version:"11.0.0.0", dir:"\system32", bulletin:bulletin, kb:'2963950') ||
# - Internet Explorer 10
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.21044", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.16921", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.20666", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.16555", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22686", min_version:"8.0.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18472", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Vista / 2008
#
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20666", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16555", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23598", min_version:"8.0.6001.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19539", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.23389", min_version:"7.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.19098", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23598", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21389", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5341", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0282
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1779
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1780
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1782
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1783
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1785
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1788
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1789
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1790
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1791
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1795
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1800
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2782
docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-035
www.securityfocus.com/archive/1/532798/30/0/threaded
www.securityfocus.com/archive/1/532799/30/0/threaded
www.zerodayinitiative.com/advisories/ZDI-14-140/
www.zerodayinitiative.com/advisories/ZDI-14-174/
www.zerodayinitiative.com/advisories/ZDI-14-175/
www.zerodayinitiative.com/advisories/ZDI-14-176/
www.zerodayinitiative.com/advisories/ZDI-14-177/
www.zerodayinitiative.com/advisories/ZDI-14-178/
www.zerodayinitiative.com/advisories/ZDI-14-179/
www.zerodayinitiative.com/advisories/ZDI-14-180/
www.zerodayinitiative.com/advisories/ZDI-14-181/
www.zerodayinitiative.com/advisories/ZDI-14-182/
www.zerodayinitiative.com/advisories/ZDI-14-183/
www.zerodayinitiative.com/advisories/ZDI-14-184/
www.zerodayinitiative.com/advisories/ZDI-14-185/
www.zerodayinitiative.com/advisories/ZDI-14-186/
www.zerodayinitiative.com/advisories/ZDI-14-187/
www.zerodayinitiative.com/advisories/ZDI-14-188/
www.zerodayinitiative.com/advisories/ZDI-14-189/
www.zerodayinitiative.com/advisories/ZDI-14-190/
www.zerodayinitiative.com/advisories/ZDI-14-191/
www.zerodayinitiative.com/advisories/ZDI-14-192/
www.zerodayinitiative.com/advisories/ZDI-14-193/
www.zerodayinitiative.com/advisories/ZDI-14-194/