Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS15-063.NASL
HistoryJun 09, 2015 - 12:00 a.m.

MS15-063: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)

2015-06-0900:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

17.8%

JSON

The remote Windows host is affected by a privilege escalation vulnerability due to improper validation of user-supplied input to the Microsoft Windows LoadLibrary. A remote attacker can exploit this vulnerability by convincing a user to place a specially crafted dynamic linked library (dll) file in a local directory or network share, and then by convincing a user to run an application that uses the malicious library, resulting in an elevation of privilege to full administrative rights.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84057);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id("CVE-2015-1758");
  script_bugtraq_id(75004);
  script_xref(name:"MSFT", value:"MS15-063");
  script_xref(name:"MSKB", value:"3063858");
  script_xref(name:"IAVA", value:"2015-A-0122");

  script_name(english:"MS15-063: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (3063858)");
  script_summary(english:"Checks the version of kernel32.dll or kernelbase.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by a privilege escalation
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by a privilege escalation
vulnerability due to improper validation of user-supplied input to the
Microsoft Windows LoadLibrary. A remote attacker can exploit this
vulnerability by convincing a user to place a specially crafted
dynamic linked library (dll) file in a local directory or network
share, and then by convincing a user to run an application that uses
the malicious library, resulting in an elevation of privilege to full
administrative rights.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-063");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 8, and 2012.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1758");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS15-063';
kb = "3063858";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 8 / 2012
  hotfix_is_vulnerable(os:"6.2", file:"kernelbase.dll", version:"6.2.9200.21478", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", file:"kernelbase.dll", version:"6.2.9200.17366", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 / 2008 R2
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"kernel32.dll", version:"6.1.7601.23049", min_version:"6.1.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"kernel32.dll", version:"6.1.7601.18847", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"kernel32.dll", version:"6.0.6002.23688", min_version:"6.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"kernel32.dll", version:"6.0.6002.19381", min_version:"6.0.6002.16000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

prion 1
symantec 1
openvas 1
cve 1
nvd 1
jvn 1
cvelist 1
kaspersky 1
securityvulns 1
prion
prion
Design/Logic Flaw
2015-06-10 01:59:00
symantec
symantec
Microsoft Windows LoadLibrary CVE-2015-1758 Remote Privilege Escalation Vulnerability
2015-06-09 00:00:00
openvas
openvas
Microsoft Windows Kernel Privilege Elevation Vulnerability (3063858)
2015-06-10 00:00:00
cve
cve
CVE-2015-1758
2015-06-10 01:59:30
nvd
nvd
CVE-2015-1758
2015-06-10 01:59:30
jvn
jvn
JVN#18146081: LoadLibrary function in Microsoft Windows fails to validate input properly
2015-06-12 00:00:00
cvelist
cvelist
CVE-2015-1758
2015-06-10 01:00:00
kaspersky
kaspersky
KLA10599 Multiple vulnerabilities in Microsoft Products
2015-06-09 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-06-13 00:00:00

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

17.8%

JSON
Related for SMB_NT_MS15-063.NASL
prion1symantec1openvas1cve1nvd1jvn1cvelist1kaspersky1securityvulns1