Lucene search
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS16-051.NASLHistoryMay 10, 2016 - 12:00 a.m.
MS16-051: Cumulative Security Update for Internet Explorer (3155533)
2016-05-1000:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
101
The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3155533. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(91001);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/29");
script_cve_id(
"CVE-2016-0187",
"CVE-2016-0188",
"CVE-2016-0189",
"CVE-2016-0192",
"CVE-2016-0194"
);
script_bugtraq_id(
90004,
90007,
90011,
90012
);
script_xref(name:"MSFT", value:"MS16-051");
script_xref(name:"MSKB", value:"3154070");
script_xref(name:"MSKB", value:"3156387");
script_xref(name:"MSKB", value:"3156421");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/18");
script_name(english:"MS16-051: Cumulative Security Update for Internet Explorer (3155533)");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser installed that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Internet Explorer installed on the remote host is
missing Cumulative Security Update 3155533. It is, therefore, affected
by multiple vulnerabilities, the majority of which are remote code
execution vulnerabilities. An unauthenticated, remote attacker can
exploit these issues by convincing a user to visit a specially crafted
website, resulting in the execution of arbitrary code in the context
of the current user.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-051");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Internet Explorer 9, 10,
and 11.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0188");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Internet Explorer 11 VBScript Engine Memory Corruption');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/10");
script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS16-051';
kbs = make_list('3154070', '3156387', '3156421');
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows 8" >< productname && "8.1" >!< productname)
audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 10
hotfix_is_vulnerable(os:"10", sp:0, file:"mshtml.dll", version:"11.0.10586.306", min_version:"11.0.10586.0", dir:"\system32", bulletin:bulletin, kb:"3156421") ||
hotfix_is_vulnerable(os:"10", sp:0, file:"mshtml.dll", version:"11.0.10240.16847", min_version:"11.0.10240.16000", dir:"\system32", bulletin:bulletin, kb:"3156387") ||
# Windows 8.1 / Windows Server 2012 R2
# Internet Explorer 11
hotfix_is_vulnerable(os:"6.3", sp:0, file:"mshtml.dll", version:"11.0.9600.18321", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:"3154070") ||
# Windows Server 2012
# Internet Explorer 10
hotfix_is_vulnerable(os:"6.2", sp:0, file:"mshtml.dll", version:"10.0.9200.21841", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:"3154070") ||
# Windows 7 / Server 2008 R2
# Internet Explorer 11
hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"11.0.9600.18315", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:"3154070") ||
# Vista / Windows Server 2008
# Internet Explorer 9
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"9.0.8112.20896", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:"3154070") ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"9.0.8112.16781", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:"3154070")
)
{
set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0194
docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-051
Related
mskb
mskb
MS16-051: Cumulative Security update for Internet Explorer: May 10, 2016
2016-05-10 00:00:00
MS16-051: Security update for Internet Explorer: May 10, 2016
2016-05-10 07:00:00
MS16-053: Cumulative security update for JScript and VBScript: May 10, 2016
2016-05-10 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (3155533)
2016-05-11 00:00:00
Microsoft Windows JScript and VBScript Remote Code Execution Vulnerabilities (3156764)
2016-05-11 00:00:00
Microsoft Edge Multiple Vulnerabilities (3155538)
2016-05-11 00:00:00
kaspersky
kaspersky
KLA10806 Multiple vulnerabilities in Microsoft Internet Explorer and Edge
2016-05-10 00:00:00
KLA10805 Multiple vulnerabilities in the JScript and VBScript
2016-05-10 00:00:00
KLA11914 Multiple vulnerability in Microsoft Products (ESU)
2016-05-10 00:00:00
prion
prion
Memory corruption
2016-05-11 01:59:00
Memory corruption
2016-05-11 01:59:00
Information disclosure
2016-05-11 01:59:00
attackerkb
attackerkb
CVE-2016-0189
2016-05-11 00:00:00
CVE-2016-0187
2016-05-11 00:00:00
nessus
nessus
MS16-053: Cumulative Security Update for JScript and VBScript (3156764)
2016-05-10 00:00:00
MS16-052: Cumulative Security Update for Microsoft Edge (3155538)
2016-05-10 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2016-05-10 07:00:00
Scripting Engine Memory Corruption Vulnerability
2016-05-10 07:00:00
Internet Explorer Information Disclosure Vulnerability
2016-05-10 07:00:00
cve
cve
threatpost
threatpost
May 2016 Microsoft Patch Tuesday Security Bulletins
2016-05-10 15:03:31
New Magniber Ransomware Targets South Korea, Asia Pacific
2017-10-21 10:00:04
Neutrino EK Spotted Leveraging Patched IE Zero Day
2016-07-15 16:16:39
checkpoint_advisories
checkpoint_advisories
packetstorm
packetstorm
Internet Explorer 11 VBScript Engine Memory Corruption
2016-08-06 00:00:00
myhack58
myhack58
metasploit
metasploit
Internet Explorer 11 VBScript Engine Memory Corruption
2016-08-01 18:26:35
exploitpack
exploitpack
symantec
symantec
seebug
seebug
Internet Explorer 11 VBScript engine memory corruption vulnerability
2016-08-08 00:00:00
fireeye
fireeye
Magniber Ransomware Wants to Infect Only the Right People
2017-10-19 16:06:00
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
2018-06-28 12:00:00
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
2018-06-28 16:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Memory Corruption Vulnerability
2022-03-28 00:00:00
zdi
zdi
exploitdb
exploitdb
malwarebytes
malwarebytes
Exploit kits: Winter 2018 review
2018-03-29 15:00:00
Magnitude exploit kit switches to GandCrab ransomware
2018-04-17 16:58:26
βHidden Beeβ miner delivered via improved drive-by download toolkit
2018-07-26 21:00:22
thn
thn
mmpc
mmpc
securelist
securelist
The King is dead. Long live the King!
2018-05-09 06:00:56
Related for SMB_NT_MS16-051.NASL