Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.SMB_NT_MS15-056.NASL
HistoryJun 09, 2015 - 12:00 a.m.

MS15-056: Cumulative Security Update for Internet Explorer (3058515)

2015-06-0900:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
40

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.867 High

EPSS

Percentile

98.6%

JSON

The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3058515. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website.

Note that the majority of the vulnerabilities addressed by Cumulative Security Update 3058515 are mitigated by the Enhanced Security Configuration (ESC) mode which is enabled by default on Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84053);
  script_version("1.11");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id(
    "CVE-2015-1687",
    "CVE-2015-1730",
    "CVE-2015-1731",
    "CVE-2015-1732",
    "CVE-2015-1735",
    "CVE-2015-1736",
    "CVE-2015-1737",
    "CVE-2015-1739",
    "CVE-2015-1740",
    "CVE-2015-1741",
    "CVE-2015-1742",
    "CVE-2015-1743",
    "CVE-2015-1744",
    "CVE-2015-1745",
    "CVE-2015-1747",
    "CVE-2015-1748",
    "CVE-2015-1750",
    "CVE-2015-1751",
    "CVE-2015-1752",
    "CVE-2015-1753",
    "CVE-2015-1754",
    "CVE-2015-1755",
    "CVE-2015-1765",
    "CVE-2015-1766"
  );
  script_bugtraq_id(
    74972,
    74973,
    74974,
    74975,
    74976,
    74978,
    74979,
    74981,
    74982,
    74983,
    74984,
    74985,
    74986,
    74987,
    74988,
    74989,
    74990,
    74991,
    74992,
    74993,
    74994,
    74995,
    74996,
    74997,
    75182
  );
  script_xref(name:"MSFT", value:"MS15-056");
  script_xref(name:"MSKB", value:"3058515");

  script_name(english:"MS15-056: Cumulative Security Update for Internet Explorer (3058515)");
  script_summary(english:"Checks the version of Mshtml.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser installed that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Internet Explorer installed on the remote host is
missing Cumulative Security Update 3058515. It is, therefore, affected
by multiple vulnerabilities, the majority of which are remote code
execution vulnerabilities. An attacker can exploit these
vulnerabilities by convincing a user to visit a specially crafted
website.

Note that the majority of the vulnerabilities addressed by Cumulative
Security Update 3058515 are mitigated by the Enhanced Security
Configuration (ESC) mode which is enabled by default on Windows Server
2003, 2008, 2008 R2, 2012, and 2012 R2.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-056");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Internet Explorer 6, 7, 8,
9, 10, and 11.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS15-056';
kb       = '3058515';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
# Some of the 2k3 checks could flag XP 64, which is unsupported
if ("Windows XP" >< productname) audit(AUDIT_OS_SP_NOT_VULN);

if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

vuln   = 0;

if (
  # Windows 8.1 / 2012 R2
  #
  # - Internet Explorer 11 with 3058515 applied
  hotfix_is_vulnerable(os:"6.3", file:"Mshtml.dll", version:"11.0.9600.17842", min_version:"11.0.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 8 / 2012
  #
  # - Internet Explorer 10
  hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.21489", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", file:"Mshtml.dll", version:"10.0.9200.17377", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 / 2008 R2
  # - Internet Explorer 11 with 3058515 applied
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"11.0.9600.17842", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 10
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.21489", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"10.0.9200.17377", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.20774", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"9.0.8112.16659", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.23073", min_version:"8.0.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.18870", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20774", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16659", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23687", min_version:"8.0.6001.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19632", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.23690", min_version:"7.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.19383", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23687", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7 64bit
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21466", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5624",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb)
) vuln++;

if( vuln )
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftiecpe:/a:microsoft:ie

References

Related

openvas 1
kaspersky 1
securityvulns 1
cve 24
prion 24
cvelist 24
nvd 24
symantec 24
checkpoint_advisories 22
hackerone 1
zdi 9
zdt 1
packetstorm 1
seebug 1
openvas
openvas
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3058515)
2015-06-10 00:00:00
kaspersky
kaspersky
KLA10594 Multiple vulnerabilities in Microsoft Internet Explorer
2015-06-09 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-06-13 00:00:00
cve
cve
CVE-2015-1742
2015-06-10 01:59:18
CVE-2015-1750
2015-06-10 01:59:23
CVE-2015-1745
2015-06-10 01:59:21
prion
prion
Memory corruption
2015-06-10 01:59:00
Memory corruption
2015-06-10 01:59:00
Memory corruption
2015-06-10 01:59:00
cvelist
cvelist
CVE-2015-1750
2015-06-10 01:00:00
CVE-2015-1740
2015-06-10 01:00:00
CVE-2015-1745
2015-06-10 01:00:00
nvd
nvd
CVE-2015-1740
2015-06-10 01:59:16
CVE-2015-1745
2015-06-10 01:59:21
CVE-2015-1732
2015-06-10 01:59:12
symantec
symantec
Microsoft Internet Explorer CVE-2015-1755 Remote Memory Corruption Vulnerability
2015-06-09 00:00:00
Microsoft Internet Explorer CVE-2015-1754 Remote Memory Corruption Vulnerability
2015-06-09 00:00:00
Microsoft Internet Explorer CVE-2015-1744 Remote Memory Corruption Vulnerability
2015-06-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1755)
2015-06-09 00:00:00
Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1744)
2015-06-09 00:00:00
Microsoft Internet Explorer Memory Corruption (MS15-056: CVE-2015-1751)
2015-06-09 00:00:00
hackerone
hackerone
Sandbox Escape: Microsoft Internet Explorer ActiveX Broker Allows EPM Bypass
2015-06-09 19:16:17
zdi
zdi
(Pwn2Own) Microsoft Internet Explorer ActiveX Install Broker Sandbox Escape Vulnerability
2015-07-09 00:00:00
(Pwn2Own) Microsoft Internet Explorer DataView Memory Corruption Remote Code Execution Vulnerability
2015-06-11 00:00:00
Microsoft Internet Explorer COptionElement Use-After-Free Remote Code Execution Vulnerability
2015-06-11 00:00:00
zdt
zdt
Microsoft Internet Explorer jscript9 - Java­Script­Stack­Walker Memory Corruption (MS15-056)
2016-12-06 00:00:00
packetstorm
packetstorm
Microsoft Internet Explorer 9 jscript9 JavaScriptStackWalker Memory Corruption
2016-12-06 00:00:00
seebug
seebug
One of my first sandbox escapes and bugs (CVE-2015-1743)
2017-06-14 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.867 High

EPSS

Percentile

98.6%

JSON
Related for SMB_NT_MS15-056.NASL
openvas1kaspersky1securityvulns1cve24prion24cvelist24nvd24symantec24checkpoint_advisories22hackerone1zdi9zdt1packetstorm1seebug1