The remote host is missing Internet Explorer (IE) Security Update 2976627.
The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these by convincing a user to visit a specially crafted web page.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(77169);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");
script_cve_id(
"CVE-2014-2774",
"CVE-2014-2784",
"CVE-2014-2796",
"CVE-2014-2808",
"CVE-2014-2810",
"CVE-2014-2811",
"CVE-2014-2817",
"CVE-2014-2818",
"CVE-2014-2819",
"CVE-2014-2820",
"CVE-2014-2821",
"CVE-2014-2822",
"CVE-2014-2823",
"CVE-2014-2824",
"CVE-2014-2825",
"CVE-2014-2826",
"CVE-2014-2827",
"CVE-2014-4050",
"CVE-2014-4051",
"CVE-2014-4052",
"CVE-2014-4055",
"CVE-2014-4056",
"CVE-2014-4057",
"CVE-2014-4058",
"CVE-2014-4063",
"CVE-2014-4067",
"CVE-2014-4145",
"CVE-2014-6354",
"CVE-2014-8985"
);
script_bugtraq_id(
69090,
69092,
69095,
69100,
69101,
69103,
69104,
69106,
69115,
69116,
69117,
69118,
69119,
69120,
69121,
69122,
69124,
69125,
69126,
69127,
69128,
69129,
69130,
69131,
69132,
69134,
72593,
99810
);
script_xref(name:"MSFT", value:"MS14-051");
script_xref(name:"MSKB", value:"2976627");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");
script_name(english:"MS14-051: Cumulative Security Update for Internet Explorer (2976627)");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2976627.
The version of Internet Explorer installed on the remote host is
affected by multiple vulnerabilities, the majority of which are remote
code execution vulnerabilities. An attacker could exploit these by
convincing a user to visit a specially crafted web page.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-051");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-285/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-15-032/");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-14-292/");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Internet Explorer 6, 7, 8,
9, 10, and 11.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4067");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-8985");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/07");
script_set_attribute(attribute:"patch_publication_date", value:"2014/08/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS14-051';
kb = '2976627';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 8.1 / 2012 R2
#
# - Internet Explorer 11 with KB2919355 applied
hotfix_is_vulnerable(os:"6.3", file:"Mshtml.dll", version:"11.0.9600.17239", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 8 / 2012
#
# - Internet Explorer 10
hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.21173", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.17054", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 7 / 2008 R2
# - Internet Explorer 11 with KB2929437 applied
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"11.0.9600.17239", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 10
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.21173", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.17054", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.20674", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.16563", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22745", min_version:"8.0.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18534", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Vista / 2008
#
# - Internet Explorer 9
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20674", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16563", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 8
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23611", min_version:"8.0.6001.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19553", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.23446", min_version:"7.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.19143", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
# Windows 2003
#
# - Internet Explorer 8
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23611", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 7
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21397", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
# - Internet Explorer 6
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5392", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2826
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2827
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8985
docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-051
www.zerodayinitiative.com/advisories/ZDI-14-285/
www.zerodayinitiative.com/advisories/ZDI-14-292/
www.zerodayinitiative.com/advisories/ZDI-15-032/