Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS17_NOV_INTERNET_EXPLORER.NASL
HistoryNov 30, 2017 - 12:00 a.m.

Security Updates for Internet Explorer (November 2017)

2017-11-3000:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

  • A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11827, CVE-2017-11858)

  • A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
    (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843, CVE-2017-11846)

  • A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11855, CVE-2017-11856, CVE-2017-11869)

  • An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
    (CVE-2017-11834)

  • An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
    (CVE-2017-11791)

  • An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.
    (CVE-2017-11848)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include("compat.inc");

if (description)
{
  script_id(104894);
  script_version("1.10");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id(
    "CVE-2017-11791",
    "CVE-2017-11827",
    "CVE-2017-11834",
    "CVE-2017-11837",
    "CVE-2017-11838",
    "CVE-2017-11843",
    "CVE-2017-11846",
    "CVE-2017-11848",
    "CVE-2017-11855",
    "CVE-2017-11856",
    "CVE-2017-11858",
    "CVE-2017-11869"
  );
  script_bugtraq_id(
    101703,
    101709,
    101715,
    101716,
    101722,
    101725,
    101737,
    101740,
    101741,
    101742,
    101751,
    101753
  );
  script_xref(name:"MSKB", value:"4048957");
  script_xref(name:"MSKB", value:"4048959");
  script_xref(name:"MSKB", value:"4048958");
  script_xref(name:"MSKB", value:"4047206");
  script_xref(name:"MSFT", value:"MS17-4048957");
  script_xref(name:"MSFT", value:"MS17-4048959");
  script_xref(name:"MSFT", value:"MS17-4048958");
  script_xref(name:"MSFT", value:"MS17-4047206");

  script_name(english:"Security Updates for Internet Explorer (November 2017)");
  script_summary(english:"Checks for Microsoft security updates.");

  script_set_attribute(attribute:"synopsis", value:
"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Internet Explorer installation on the remote host is
missing security updates. It is, therefore, affected by
multiple vulnerabilities :

  - A remote code execution vulnerability exists in the way
    that Microsoft browsers access objects in memory. The
    vulnerability could corrupt memory in a way that could
    allow an attacker to execute arbitrary code in the
    context of the current user. An attacker who
    successfully exploited the vulnerability could gain the
    same user rights as the current user.  (CVE-2017-11827,
    CVE-2017-11858)

  - A remote code execution vulnerability exists in the way
    the scripting engine handles objects in memory in
    Microsoft browsers. The vulnerability could corrupt
    memory in such a way that an attacker could execute
    arbitrary code in the context of the current user. An
    attacker who successfully exploited the vulnerability
    could gain the same user rights as the current user.
    (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,
    CVE-2017-11846)

  - A remote code execution vulnerability exists when
    Internet Explorer improperly accesses objects in memory.
    The vulnerability could corrupt memory in such a way
    that an attacker could execute arbitrary code in the
    context of the current user. An attacker who
    successfully exploited the vulnerability could gain the
    same user rights as the current user.  (CVE-2017-11855,
    CVE-2017-11856, CVE-2017-11869)

  - An information disclosure vulnerability exists when the
    scripting engine does not properly handle objects in
    memory in Internet Explorer. An attacker who
    successfully exploited the vulnerability could obtain
    information to further compromise the users system.
    (CVE-2017-11834)

  - An information disclosure vulnerability exists when the
    scripting engine does not properly handle objects in
    memory in Microsoft browsers. An attacker who
    successfully exploited the vulnerability could obtain
    information to further compromise the users system.
    (CVE-2017-11791)

  - An information disclosure vulnerability exists when
    Internet Explorer improperly handles page content, which
    could allow an attacker to detect the navigation of the
    user leaving a maliciously crafted page.
    (CVE-2017-11848)");
  # https://support.microsoft.com/en-us/help/4048957/windows-7-update-kb4048957
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ad6eb38");
  # https://support.microsoft.com/en-us/help/4048959/windows-server-2012-update-kb4048959
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c6afa4db");
  # https://support.microsoft.com/en-us/help/4048958/windows-81-update-kb4048958
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6b7fa1d0");
  # https://support.microsoft.com/en-us/help/4047206/cumulative-security-update-for-internet-explorer
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?da0fd90f");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released security updates for the affected versions of Internet Explorer.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11827");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}



include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS17-11';
kbs = make_list(
  '4048957',
  '4048959',
  '4048958',
  '4047206'
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
os = get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0',  win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows 8" >< productname && "8.1" >!< productname)
 audit(AUDIT_OS_SP_NOT_VULN);
if ("Vista" >< productname) audit(AUDIT_OS_SP_NOT_VULN);

if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 8.1 / Windows Server 2012 R2
  # Internet Explorer 11
    hotfix_is_vulnerable(os:"6.3", sp:0, file:"mshtml.dll", version:"11.0.9600.18838", min_version:"11.0.9600.16000", dir:"\system32", bulletin:bulletin, kb:"4047206") ||

  # Windows Server 2012
  # Internet Explorer 10
    hotfix_is_vulnerable(os:"6.2", sp:0, file:"mshtml.dll", version:"10.0.9200.22297", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:"4047206") ||

  # Windows 7 / Server 2008 R2
  # Internet Explorer 11
    hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"11.0.9600.18838", min_version:"11.0.9600.16000", dir:"\system32", bulletin:bulletin, kb:"4047206") ||

  # Windows Server 2008
  # Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"9.0.8112.21073", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:"4047206")
)
{
  report =  '\nNote: The fix for this issue is available in either of the following updates:\n';
  report += '  - KB4047206 : Cumulative Security Update for Internet Explorer\n';
  if(os == "6.3")
  {
    report += '  - KB4048958 : Windows 8.1 / Server 2012 R2 Monthly Rollup\n';
    hotfix_add_report(bulletin:'MS17-11', kb:'4048958', report);
  }
  else if(os == "6.2")
  {
    report += '  - KB4048959 : Windows Server 2012 Monthly Rollup\n';
    hotfix_add_report(bulletin:'MS17-11', kb:'4048959', report);
  }
  else if(os == "6.1")
  {
    report += '  - KB4048957 : Windows 7 / Server 2008 R2 Monthly Rollup\n';
    hotfix_add_report(bulletin:'MS17-11', kb:'4048957', report);
  }
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftiecpe:/a:microsoft:ie

Related

mskb 10
openvas 9
nessus 8
cve 22
prion 22
kaspersky 2
github 3
veracode 2
osv 3
zdi 5
symantec 12
krebs 1
zdt 1
mscve 12
packetstorm 1
seebug 1
checkpoint_advisories 8
qualysblog 1
thn 1
talosblog 1
trendmicroblog 1
threatpost 2
cert 1
mskb
mskb
Cumulative security update for Internet Explorer: November 14, 2017
2017-11-14 08:00:00
November 14, 2017—KB4048958 (Monthly Rollup)
2017-11-14 08:00:00
November 14, 2017—KB4048957 (Monthly Rollup)
2017-11-14 08:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (KB4047206)
2017-11-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4048958)
2017-11-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4048957)
2017-11-15 00:00:00
nessus
nessus
Windows 7 and Windows Server 2008 R2 November 2017 Security Updates
2017-11-14 00:00:00
Windows 8.1 and Windows Server 2012 R2 November 2017 Security Updates
2017-11-14 00:00:00
KB4048956: Windows 10 LTSB November 2017 Cumulative Update
2017-11-14 00:00:00
cve
cve
CVE-2017-11791
2017-11-15 03:29:00
CVE-2017-11834
2017-11-15 03:29:00
CVE-2017-11855
2017-11-15 03:29:00
prion
prion
Memory corruption
2017-11-15 03:29:00
Information disclosure
2017-11-15 03:29:00
Memory corruption
2017-11-15 03:29:00
kaspersky
kaspersky
KLA11140 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
2017-11-14 00:00:00
KLA11855 Multiple vulnerabilities in Microsoft Products (ESU)
2017-11-14 00:00:00
github
github
Chakra Core vulnerable to privilege escalation due to reading an invalid pointer
2022-05-17 00:19:54
Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
2022-05-17 00:19:55
Chakra Core vulnerable to privilege escalation due to type confusion
2022-05-17 00:19:55
veracode
veracode
Remote Code Execution (RCE)
2018-12-03 05:21:16
Information Disclosure
2018-12-11 03:35:02
osv
osv
Chakra Core vulnerable to privilege escalation due to reading an invalid pointer
2022-05-17 00:19:54
Chakra Core vulnerable to privilege escalation due to type confusion
2022-05-17 00:19:55
Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
2022-05-17 00:19:55
zdi
zdi
Microsoft Windows JavaScript Array Use-After-Free Remote Code Execution Vulnerability
2017-11-20 00:00:00
Microsoft Chakra Regular Expression Integer Overflow Remote Code Execution Vulnerability
2017-11-20 00:00:00
Microsoft Windows JavaScript Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability
2018-03-23 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2017-11834 Information Disclosure Vulnerability
2017-11-14 00:00:00
Microsoft Internet Explorer CVE-2017-11856 Remote Memory Corruption Vulnerability
2017-11-14 00:00:00
Microsoft Internet Explorer and Edge CVE-2017-11791 Information Disclosure Vulnerability
2017-11-14 00:00:00
krebs
krebs
Adobe, Microsoft Patch Critical Cracks
2017-11-14 23:12:32
zdt
zdt
Microsoft Windows jscript!JsArraySlice Uninitialized Variable Exploit
2017-12-19 00:00:00
mscve
mscve
Internet Explorer Information Disclosure Vulnerability
2017-11-14 08:00:00
Microsoft Browser Memory Corruption Vulnerability
2017-11-14 08:00:00
Scripting Engine Information Disclosure Vulnerability
2017-11-14 08:00:00
packetstorm
packetstorm
WIndows jscript!JsArraySlice Uninitialized Variable
2017-12-18 00:00:00
seebug
seebug
Windows: Uninitialized variable in jscript!JsArraySlice(CVE-2017-11855)
2017-12-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11846)
2017-11-14 00:00:00
Microsoft Browser Scripting Engine Information Disclosure (CVE-2017-11791)
2017-11-14 00:00:00
Microsoft Internet Explorer Memory Corruption (CVE-2017-11856)
2017-11-14 00:00:00
qualysblog
qualysblog
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update
2017-11-14 19:37:26
thn
thn
Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities
2017-11-14 20:46:00
talosblog
talosblog
Microsoft Patch Tuesday - November 2017
2017-11-14 11:54:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017
2017-11-17 16:46:19
threatpost
threatpost
Microsoft November Patch Tuesday Fixes 20 Critical Vulnerabilities
2017-11-14 17:10:48
Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10
2017-12-19 11:00:13
cert
cert
Automatic DNS registration and proxy autodiscovery allow spoofing of network services
2018-09-05 00:00:00
JSON
Related for SMB_NT_MS17_NOV_INTERNET_EXPLORER.NASL
mskb10openvas9nessus8cve22prion22kaspersky2github3veracode2osv3zdi5symantec12krebs1zdt1mscve12packetstorm1seebug1checkpoint_advisories8qualysblog1thn1talosblog1trendmicroblog1threatpost2cert1