Lucene search
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.SMB_NT_MS15-112.NASLHistoryNov 10, 2015 - 12:00 a.m.
MS15-112: Cumulative Security Update for Internet Explorer (3104517)
2015-11-1000:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
83
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.939 High
EPSS
Percentile
99.1%
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3104517. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(86819);
script_version("1.12");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id(
"CVE-2015-2427",
"CVE-2015-6064",
"CVE-2015-6065",
"CVE-2015-6066",
"CVE-2015-6068",
"CVE-2015-6069",
"CVE-2015-6070",
"CVE-2015-6071",
"CVE-2015-6072",
"CVE-2015-6073",
"CVE-2015-6074",
"CVE-2015-6075",
"CVE-2015-6076",
"CVE-2015-6077",
"CVE-2015-6078",
"CVE-2015-6079",
"CVE-2015-6080",
"CVE-2015-6081",
"CVE-2015-6082",
"CVE-2015-6084",
"CVE-2015-6085",
"CVE-2015-6086",
"CVE-2015-6087",
"CVE-2015-6088",
"CVE-2015-6089"
);
script_bugtraq_id(
77439,
77440,
77441,
77442,
77443,
77444,
77445,
77446,
77447,
77448,
77449,
77450,
77451,
77452,
77453,
77454,
77455,
77456,
77457,
77459,
77461,
77467,
77468,
77469,
77470
);
script_xref(name:"MSFT", value:"MS15-112");
script_xref(name:"MSKB", value:"3100773");
script_xref(name:"MSKB", value:"3105213");
script_xref(name:"MSKB", value:"3105211");
script_name(english:"MS15-112: Cumulative Security Update for Internet Explorer (3104517)");
script_summary(english:"Checks the version of mshtml.dll.");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser installed that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Internet Explorer installed on the remote host is
missing Cumulative Security Update 3104517. It is, therefore, affected
by multiple vulnerabilities, the majority of which are remote code
execution vulnerabilities. An unauthenticated, remote attacker can
exploit these issues by convincing a user to visit a specially crafted
website, resulting in the execution of arbitrary code in the context
of the current user.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-112");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/10");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS15-112';
kbs = make_list('3100773', '3105213', '3105211');
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 10
hotfix_is_vulnerable(os:"10", sp:0, file:"mshtml.dll", version:"11.0.10586.3", min_version:"11.0.10586.0", dir:"\system32", bulletin:bulletin, kb:"3105211") ||
hotfix_is_vulnerable(os:"10", sp:0, file:"mshtml.dll", version:"11.0.10240.16590", min_version:"11.0.10240.16000", dir:"\system32", bulletin:bulletin, kb:"3105213") ||
# Windows 8.1 / Windows Server 2012 R2
# Internet Explorer 11
hotfix_is_vulnerable(os:"6.3", sp:0, file:"mshtml.dll", version:"11.0.9600.18098", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Windows 8 / Windows Server 2012
# Internet Explorer 10
hotfix_is_vulnerable(os:"6.2", sp:0, file:"mshtml.dll", version:"10.0.9200.21673", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
hotfix_is_vulnerable(os:"6.2", sp:0, file:"mshtml.dll", version:"10.0.9200.17556", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Windows 7 / Server 2008 R2
# Internet Explorer 10
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"10.0.9200.21673", min_version:"10.0.9200.21000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"10.0.9200.17556", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Internet Explorer 11
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"11.0.9600.18098", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Internet Explorer 8
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"8.0.7601.23244", min_version:"8.0.7601.22000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"8.0.7601.19038", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Internet Explorer 9
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"9.0.8112.20832", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"9.0.8112.16717", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Vista / Windows Server 2008
# Internet Explorer 7
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"7.0.6002.23830", min_version:"7.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"7.0.6002.19520", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Internet Explorer 8
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"8.0.6001.23758", min_version:"8.0.6001.23000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"8.0.6001.19698", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
# Internet Explorer 9
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"9.0.8112.20832", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:"3100773") ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"9.0.8112.16717", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:"3100773")
)
{
set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6069
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6085
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6089
docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-112
Related
mskb
mskb
MS15-113: Cumulative security update for Microsoft Edge: November 10, 2015
2015-11-10 00:00:00
kaspersky
kaspersky
KLA10697 Multiple vulnerabilities in Microsoft Internet Explorer
2015-11-10 00:00:00
KLA10694 Multiple vulnerabilities in Microsoft Windows
2015-11-10 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (3104517)
2015-11-11 00:00:00
Microsoft Edge Multiple Vulnerabilities (3104519)
2016-01-05 00:00:00
prion
prion
Memory corruption
2015-11-11 12:59:00
Memory corruption
2015-11-11 12:59:00
Memory corruption
2015-11-11 12:59:00
cve
cve
nvd
nvd
cvelist
cvelist
nessus
nessus
MS15-113: Cumulative Security Update for Microsoft Edge (3104519)
2015-11-10 00:00:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Scripting Engine Memory Corruption (MS15-112: CVE-2015-6089)
2015-11-10 00:00:00
Microsoft Internet Explorer ASLR Bypass (MS15-112: CVE-2015-6088)
2015-11-10 00:00:00
Microsoft Internet Explorer Memory Corruption (MS15-112: CVE-2015-6065)
2015-11-10 00:00:00
symantec
symantec
exploitpack
exploitpack
seebug
seebug
Internet Explorer Information Disclosure Vulnerability๏ผCVE-2015-6086๏ผ
2016-05-03 00:00:00
zdt
zdt
exploitdb
exploitdb
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.939 High
EPSS
Percentile
99.1%
Related for SMB_NT_MS15-112.NASL