Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS14-035.NASL
HistoryJun 11, 2014 - 12:00 a.m.

MS14-035: Cumulative Security Update for Internet Explorer (2969262)

2014-06-1100:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
73
JSON

The remote host is missing Internet Explorer (IE) Security Update 2969262.

The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to visit a specially crafted web page.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74427);
  script_version("1.22");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id(
    "CVE-2014-0282",
    "CVE-2014-1762",
    "CVE-2014-1764",
    "CVE-2014-1766",
    "CVE-2014-1769",
    "CVE-2014-1770",
    "CVE-2014-1771",
    "CVE-2014-1772",
    "CVE-2014-1773",
    "CVE-2014-1774",
    "CVE-2014-1775",
    "CVE-2014-1777",
    "CVE-2014-1778",
    "CVE-2014-1779",
    "CVE-2014-1780",
    "CVE-2014-1781",
    "CVE-2014-1782",
    "CVE-2014-1783",
    "CVE-2014-1784",
    "CVE-2014-1785",
    "CVE-2014-1786",
    "CVE-2014-1788",
    "CVE-2014-1789",
    "CVE-2014-1790",
    "CVE-2014-1791",
    "CVE-2014-1792",
    "CVE-2014-1794",
    "CVE-2014-1795",
    "CVE-2014-1796",
    "CVE-2014-1797",
    "CVE-2014-1799",
    "CVE-2014-1800",
    "CVE-2014-1802",
    "CVE-2014-1803",
    "CVE-2014-1804",
    "CVE-2014-1805",
    "CVE-2014-2753",
    "CVE-2014-2754",
    "CVE-2014-2755",
    "CVE-2014-2756",
    "CVE-2014-2757",
    "CVE-2014-2758",
    "CVE-2014-2759",
    "CVE-2014-2760",
    "CVE-2014-2761",
    "CVE-2014-2763",
    "CVE-2014-2764",
    "CVE-2014-2765",
    "CVE-2014-2766",
    "CVE-2014-2767",
    "CVE-2014-2768",
    "CVE-2014-2769",
    "CVE-2014-2770",
    "CVE-2014-2771",
    "CVE-2014-2772",
    "CVE-2014-2773",
    "CVE-2014-2775",
    "CVE-2014-2776",
    "CVE-2014-2777",
    "CVE-2014-2782"
  );
  script_bugtraq_id(
    67295,
    67511,
    67518,
    67544,
    67827,
    67831,
    67833,
    67834,
    67835,
    67836,
    67838,
    67839,
    67840,
    67841,
    67842,
    67843,
    67845,
    67846,
    67847,
    67848,
    67849,
    67850,
    67851,
    67852,
    67854,
    67855,
    67856,
    67857,
    67858,
    67859,
    67860,
    67861,
    67862,
    67864,
    67866,
    67867,
    67869,
    67871,
    67873,
    67874,
    67875,
    67876,
    67877,
    67878,
    67879,
    67880,
    67881,
    67882,
    67883,
    67884,
    67885,
    67886,
    67887,
    67889,
    67890,
    67891,
    67892,
    67915,
    68101
  );
  script_xref(name:"CERT", value:"239151");
  script_xref(name:"EDB-ID", value:"33860");
  script_xref(name:"EDB-ID", value:"35213");
  script_xref(name:"MSFT", value:"MS14-035");
  script_xref(name:"MSKB", value:"2957689");
  script_xref(name:"MSKB", value:"2963950");

  script_name(english:"MS14-035: Cumulative Security Update for Internet Explorer (2969262)");
  script_summary(english:"Checks version of Mshtml.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2969262.

The version of Internet Explorer installed on the remote host is
affected by multiple vulnerabilities, the majority of which are remote
code execution vulnerabilities. An attacker could exploit these
vulnerabilities by convincing a user to visit a specially crafted web
page.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-035");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532798/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/532799/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-194/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-193/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-192/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-191/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-190/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-189/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-188/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-187/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-186/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-185/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-184/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-183/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-182/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-181/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-180/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-179/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-178/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-177/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-176/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-175/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-174/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-140/");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Internet Explorer 6, 7, 8,
9, 10, and 11.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1764");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-035';
kb = '2957689';

kbs = make_list(kb, '2963950');
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 8.1 / 2012 R2
  #
  # - Internet Explorer 11 with KB2919355 applied
  hotfix_is_vulnerable(os:"6.3", file:"Mshtml.dll", version:"11.0.9600.17126", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 11 without KB2919355 applied
  hotfix_is_vulnerable(os:"6.3", file:"Mshtml.dll", version:"11.0.9600.16668", min_version:"11.0.0.0", dir:"\system32", bulletin:bulletin, kb:'2963950') ||

  # Windows 8 / 2012
  #
  # - Internet Explorer 10
  hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.21044", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.16921", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 / 2008 R2
  # - Internet Explorer 11 with KB2929437 applied
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"11.0.9600.17126", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 11 without KB2929437 applied
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"11.0.9600.16668", min_version:"11.0.0.0", dir:"\system32", bulletin:bulletin, kb:'2963950') ||
  # - Internet Explorer 10
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.21044", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.16921", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.20666", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.16555", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22686", min_version:"8.0.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18472", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20666", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16555", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23598", min_version:"8.0.6001.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19539", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.23389", min_version:"7.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.19098", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # Windows 2003
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23598", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21389", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5341",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftiecpe:/a:microsoft:ie

References

Related

mskb 1
kaspersky 1
openvas 1
cve 56
prion 57
securityvulns 3
checkpoint_advisories 12
zdi 25
symantec 36
zdt 3
nessus 1
thn 2
packetstorm 1
mskb
mskb
MS14-035: Cumulative security update for Internet Explorer: June 10, 2014
2014-06-10 00:00:00
kaspersky
kaspersky
KLA10010 Multiple vulnerabilities at Microsoft Internet Explorer
2014-06-10 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2969262)
2014-06-11 00:00:00
cve
cve
CVE-2014-2782
2014-06-19 10:50:00
CVE-2014-1795
2014-06-11 04:56:00
CVE-2014-2765
2014-06-11 04:56:00
prion
prion
Memory corruption
2014-06-19 10:50:00
Memory corruption
2014-06-11 04:56:00
Memory corruption
2014-06-11 04:56:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-07-21 00:00:00
VUPEN Security Research - Microsoft Internet Explorer &quot;Request&quot; Object Confusion Sandbox Bypass &#40;Pwn2Own 2014&#41;
2014-07-21 00:00:00
VUPEN Security Research - Microsoft Internet Explorer &quot;ShowSaveFileDialog&#40;&#41;&quot; Sandbox Bypass &#40;Pwn2Own 2014&#41;
2014-07-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1800)
2014-06-10 00:00:00
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1795)
2014-06-10 00:00:00
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1804)
2014-06-10 00:00:00
zdi
zdi
Microsoft Internet Explorer textContent Heap Buffer Overflow Remote Code Execution Vulnerability
2014-06-11 00:00:00
Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
2014-06-11 00:00:00
(Pwn2Own) Microsoft Internet Explorer CDispNodeBase Use-After-Free Remote Code Execution Vulnerability
2014-06-11 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2014-2772 Remote Memory Corruption Vulnerability
2014-06-10 00:00:00
Microsoft Internet Explorer CVE-2014-1800 Remote Memory Corruption Vulnerability
2014-06-10 00:00:00
Microsoft Internet Explorer CVE-2014-1778 Remote Privilege Escalation Vulnerability
2014-06-10 00:00:00
zdt
zdt
Internet Explorer 8 MS14-035 Use-After-Free Exploit
2014-11-10 00:00:00
Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)
2016-12-21 00:00:00
Internet Explorer 8, 9, 10 - CInput Use-After-Free (MS14-035) - Crash PoC
2014-06-30 00:00:00
nessus
nessus
Microsoft Internet Explorer 8 CMarkup Use-After-Free Remote Code Execution
2014-05-22 00:00:00
thn
thn
Microsoft to Patch Critical Internet Explorer Zero-Day Vulnerability Next Tuesday
2014-06-05 20:52:00
Exploit-Selling Firm Kept Internet Explorer Zero-Day Vulnerability Hidden for 3 Years
2014-07-24 03:57:00
packetstorm
packetstorm
Internet Explorer 8 MS14-035 Use-After-Free
2014-11-11 00:00:00
JSON
Related for SMB_NT_MS14-035.NASL
mskb1kaspersky1openvas1cve56prion57securityvulns3checkpoint_advisories12zdi25symantec36zdt3nessus1thn2packetstorm1