The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :
- A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.
(CVE-2017-8631)
- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)
- An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.
The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.
(CVE-2017-8695)
- A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.
Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)
- A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.
Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.
(CVE-2017-8742)
- An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)
{"id": "SMB_NT_MS17_SEP_OFFICE_VIEWERS.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Security Updates for Microsoft Office Viewers (September 2017)", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "published": "2017-09-12T00:00:00", "modified": "2019-11-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/103135", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?60960496", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8682", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8696", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8695", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8742", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8676", "http://www.nessus.org/u?a90e90a1", "http://www.nessus.org/u?d857f2e2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8631", "http://www.nessus.org/u?60ba21b6"], "cvelist": ["CVE-2017-8631", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742"], "immutableFields": [], "lastseen": "2023-01-11T14:35:39", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2017-0746"]}, {"type": "cve", "idList": ["CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742", "CVE-2017-8743"]}, {"type": "kaspersky", "idList": ["KLA11099", "KLA11100", "KLA11899"]}, {"type": "mscve", "idList": ["MS:CVE-2017-8631", "MS:CVE-2017-8676", "MS:CVE-2017-8682", "MS:CVE-2017-8695", "MS:CVE-2017-8696", "MS:CVE-2017-8742"]}, {"type": "mskb", "idList": ["KB3128027", "KB3128030", "KB3191831", "KB3212225", "KB3213560", "KB3213562", "KB3213631", "KB3213632", "KB3213638", "KB3213641", "KB3213642", "KB3213644", "KB3213649", "KB3213658", "KB4011040", "KB4011041", "KB4011050", "KB4011056", "KB4011061", "KB4011062", "KB4011064", "KB4011065", "KB4011069", "KB4011107", "KB4011108", "KB4011125", "KB4011127", "KB4011134", "KB4025865", "KB4025866", "KB4025867", "KB4025868", "KB4025869", "KB4039384"]}, {"type": "nessus", "idList": ["MACOSX_MS17_SEP_OFFICE.NASL", "SMB_NT_MS17_SEP_4038777.NASL", "SMB_NT_MS17_SEP_4038781.NASL", "SMB_NT_MS17_SEP_4038782.NASL", "SMB_NT_MS17_SEP_4038783.NASL", "SMB_NT_MS17_SEP_4038788.NASL", "SMB_NT_MS17_SEP_4038792.NASL", "SMB_NT_MS17_SEP_4038799.NASL", "SMB_NT_MS17_SEP_EXCEL.NASL", "SMB_NT_MS17_SEP_OFFICE.NASL", "SMB_NT_MS17_SEP_OFFICE_COMPATIBILITY.NASL", "SMB_NT_MS17_SEP_OFFICE_SHAREPOINT.NASL", "SMB_NT_MS17_SEP_OFFICE_WEB.NASL", "SMB_NT_MS17_SEP_POWERPOINT.NASL", "SMB_NT_MS17_SEP_SKYPE.NASL", "SMB_NT_MS17_SEP_WIN2008.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811327", "OPENVAS:1361412562310811329", "OPENVAS:1361412562310811330", "OPENVAS:1361412562310811661", "OPENVAS:1361412562310811663", "OPENVAS:1361412562310811665", "OPENVAS:1361412562310811669", "OPENVAS:1361412562310811671", "OPENVAS:1361412562310811673", "OPENVAS:1361412562310811679", "OPENVAS:1361412562310811680", "OPENVAS:1361412562310811690", "OPENVAS:1361412562310811697", "OPENVAS:1361412562310811742", "OPENVAS:1361412562310811743", "OPENVAS:1361412562310811744", "OPENVAS:1361412562310811745", "OPENVAS:1361412562310811746", "OPENVAS:1361412562310811748", "OPENVAS:1361412562310811749", "OPENVAS:1361412562310811750", "OPENVAS:1361412562310811753", "OPENVAS:1361412562310811754", "OPENVAS:1361412562310811755", "OPENVAS:1361412562310811757", "OPENVAS:1361412562310811759", "OPENVAS:1361412562310811762", "OPENVAS:1361412562310811765", "OPENVAS:1361412562310811812", "OPENVAS:1361412562310811813", "OPENVAS:1361412562310811814", "OPENVAS:1361412562310811818", "OPENVAS:1361412562310811820", "OPENVAS:1361412562310811822", "OPENVAS:1361412562310811823", "OPENVAS:1361412562310811825", "OPENVAS:1361412562310811826"]}, {"type": "symantec", "idList": ["SMNTC-100741", "SMNTC-100751", "SMNTC-100755", "SMNTC-100772", "SMNTC-100773", "SMNTC-100780"]}, {"type": "talosblog", "idList": ["TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28"]}, {"type": "zdi", "idList": ["ZDI-17-724", "ZDI-17-727"]}, {"type": "zdt", "idList": ["1337DAY-ID-28576"]}]}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2017-0746"]}, {"type": "cve", "idList": ["CVE-2017-8631", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742"]}, {"type": "kaspersky", "idList": ["KLA11099", "KLA11100"]}, {"type": "mscve", "idList": ["MS:CVE-2017-8631", "MS:CVE-2017-8676", "MS:CVE-2017-8682", "MS:CVE-2017-8695", "MS:CVE-2017-8696", "MS:CVE-2017-8742"]}, {"type": "mskb", "idList": ["KB4011040", "KB4011064"]}, {"type": "nessus", "idList": ["MACOSX_MS17_SEP_OFFICE.NASL", "SMB_HOTFIXES.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811327", "OPENVAS:1361412562310811329", "OPENVAS:1361412562310811330", "OPENVAS:1361412562310811661", "OPENVAS:1361412562310811663", "OPENVAS:1361412562310811665", "OPENVAS:1361412562310811669", "OPENVAS:1361412562310811671", "OPENVAS:1361412562310811673", "OPENVAS:1361412562310811679", "OPENVAS:1361412562310811680", "OPENVAS:1361412562310811690", "OPENVAS:1361412562310811697", "OPENVAS:1361412562310811742", "OPENVAS:1361412562310811743", "OPENVAS:1361412562310811744", "OPENVAS:1361412562310811745", "OPENVAS:1361412562310811746", "OPENVAS:1361412562310811748", "OPENVAS:1361412562310811749", "OPENVAS:1361412562310811750", "OPENVAS:1361412562310811753", "OPENVAS:1361412562310811754", "OPENVAS:1361412562310811755", "OPENVAS:1361412562310811757", "OPENVAS:1361412562310811759", "OPENVAS:1361412562310811762", "OPENVAS:1361412562310811765", "OPENVAS:1361412562310811812", "OPENVAS:1361412562310811813", "OPENVAS:1361412562310811814", "OPENVAS:1361412562310811818", "OPENVAS:1361412562310811820", "OPENVAS:1361412562310811822", "OPENVAS:1361412562310811823", "OPENVAS:1361412562310811825", "OPENVAS:1361412562310811826"]}, {"type": "talosblog", "idList": ["TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28"]}, {"type": "zdi", "idList": ["ZDI-17-724", "ZDI-17-727"]}, {"type": "zdt", "idList": ["1337DAY-ID-28576"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-8631", "epss": "0.091560000", "percentile": "0.936430000", "modified": "2023-03-14"}, {"cve": "CVE-2017-8676", "epss": "0.061300000", "percentile": "0.923760000", "modified": "2023-03-14"}, {"cve": "CVE-2017-8682", "epss": "0.116850000", "percentile": "0.943560000", "modified": "2023-03-14"}, {"cve": "CVE-2017-8695", "epss": "0.015060000", "percentile": "0.848960000", "modified": "2023-03-14"}, {"cve": "CVE-2017-8696", "epss": "0.078620000", "percentile": "0.931680000", "modified": "2023-03-14"}, {"cve": "CVE-2017-8742", "epss": "0.073070000", "percentile": "0.929800000", "modified": "2023-03-14"}], "vulnersScore": 0.2}, "_state": {"dependencies": 1673452425, "score": 1673449353, "epss": 1678838010}, "_internal": {"score_hash": "ff9068cfb0df2dd6e63dbcf6ad1de3a5"}, "pluginID": "103135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103135);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8631\",\n \"CVE-2017-8676\",\n \"CVE-2017-8682\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\"\n );\n script_bugtraq_id(\n 100741,\n 100751,\n 100755,\n 100772,\n 100773,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"3128030\");\n script_xref(name:\"MSKB\", value:\"4011065\");\n script_xref(name:\"MSKB\", value:\"4011125\");\n script_xref(name:\"MSKB\", value:\"4011134\");\n script_xref(name:\"MSFT\", value:\"MS17-3128030\");\n script_xref(name:\"MSFT\", value:\"MS17-4011065\");\n script_xref(name:\"MSFT\", value:\"MS17-4011125\");\n script_xref(name:\"MSFT\", value:\"MS17-4011134\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Viewers (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/3128030/descriptionofthesecurityupdateforpowerpointviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60ba21b6\");\n # https://support.microsoft.com/en-us/help/4011065/descriptionofthesecurityupdateforexcelviewer2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60960496\");\n # https://support.microsoft.com/en-us/help/4011125/descriptionofthesecurityupdateforwordviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a90e90a1\");\n # https://support.microsoft.com/en-us/help/4011134/descriptionofthesecurityupdateforwordviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d857f2e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB3128030\n -KB4011065\n -KB4011125\n -KB4011134\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_viewer\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3128030', # PowerPoint Viewer 2007\n '4011065', # Excel Viewer 2007 SP3\n '4011125', # Office Word Viewer\n '4011134' # Office Word Viewer\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Excel Viewer\n######################################################################\nfunction perform_excel_viewer_checks()\n{\n var excel_vwr_checks = make_array(\n \"12.0\", make_array(\"version\", \"12.0.6776.5000\", \"kb\", \"4011065\")\n );\n if (hotfix_check_office_product(product:\"ExcelViewer\", display_name:\"Excel Viewer\", checks:excel_vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# PowerPoint Viewer\n######################################################################\nfunction perform_powerpoint_viewer_checks()\n{\n var ppt_vwr_checks = make_array(\n \"14.0\", make_array(\"version\", \"14.0.7188.5000\", \"kb\", \"3128030\")\n );\n if (hotfix_check_office_product(product:\"PowerPointViewer\", display_name:\"PowerPoint Viewer\", checks:ppt_vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# Word Viewer\n######################################################################\nfunction perform_word_viewer_checks()\n{\n var install, installs, path;\n\n installs = get_kb_list(\"SMB/Office/WordViewer/*/ProductPath\");\n if(isnull(installs)) return NULL;\n\n foreach install (keys(installs))\n {\n path = installs[install];\n path = ereg_replace(pattern:'^(.+)\\\\\\\\[^\\\\\\\\]+\\\\.exe$', replace:\"\\1\\\", string:path, icase:TRUE);\n if(hotfix_check_fversion(path:path, file:\"gdiplus.dll\", version:\"11.0.8443.0\", kb:\"4011134\", product:\"Microsoft Word Viewer\") == HCF_OLDER)\n vuln = TRUE;\n }\n\n path = hotfix_get_officecommonfilesdir(officever:\"11.0\");\n path = hotfix_append_path(path:path, value:\"Microsoft Shared\\Office11\");\n if(hotfix_check_fversion(path:path, file:\"usp10.dll\", version:\"1.626.6002.24173\", kb:\"4011125\", product:\"Microsoft Word Viewer\") == HCF_OLDER)\n vuln = TRUE;\n}\n\n######################################################################\n# MAIN\n######################################################################\nperform_excel_viewer_checks();\nperform_powerpoint_viewer_checks();\nperform_word_viewer_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:microsoft:powerpoint_viewer", "cpe:/a:microsoft:word_viewer", "cpe:/a:microsoft:excel_viewer"], "solution": "Microsoft has released the following security updates to address this issue: \n -KB3128030\n -KB4011065\n -KB4011125\n -KB4011134", "nessusSeverity": "High", "cvssScoreSource": "CVE-2017-8742", "vendor_cvss2": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2017-09-12T00:00:00", "vulnerabilityPublicationDate": "2017-09-12T00:00:00", "exploitableWith": []}
{"nessus": [{"lastseen": "2023-01-11T14:34:12", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742", "CVE-2017-8744"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office", "cpe:/a:microsoft:powerpoint", "cpe:/a:microsoft:excel"], "id": "SMB_NT_MS17_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/103133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103133);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8630\",\n \"CVE-2017-8676\",\n \"CVE-2017-8682\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\",\n \"CVE-2017-8744\"\n );\n script_bugtraq_id(\n 100732,\n 100741,\n 100748,\n 100755,\n 100772,\n 100773,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"4011055\");\n script_xref(name:\"MSKB\", value:\"3213649\");\n script_xref(name:\"MSKB\", value:\"4011038\");\n script_xref(name:\"MSKB\", value:\"3213626\");\n script_xref(name:\"MSKB\", value:\"3213646\");\n script_xref(name:\"MSKB\", value:\"3213641\");\n script_xref(name:\"MSKB\", value:\"3213642\");\n script_xref(name:\"MSKB\", value:\"3213564\");\n script_xref(name:\"MSKB\", value:\"3203474\");\n script_xref(name:\"MSKB\", value:\"3213638\");\n script_xref(name:\"MSKB\", value:\"4011103\");\n script_xref(name:\"MSKB\", value:\"4011126\");\n script_xref(name:\"MSKB\", value:\"4011063\");\n script_xref(name:\"MSKB\", value:\"4011062\");\n script_xref(name:\"MSKB\", value:\"3213551\");\n script_xref(name:\"MSKB\", value:\"3213631\");\n script_xref(name:\"MSFT\", value:\"MS17-4011055\");\n script_xref(name:\"MSFT\", value:\"MS17-3213649\");\n script_xref(name:\"MSFT\", value:\"MS17-4011038\");\n script_xref(name:\"MSFT\", value:\"MS17-3213626\");\n script_xref(name:\"MSFT\", value:\"MS17-3213646\");\n script_xref(name:\"MSFT\", value:\"MS17-3213641\");\n script_xref(name:\"MSFT\", value:\"MS17-3213642\");\n script_xref(name:\"MSFT\", value:\"MS17-3213564\");\n script_xref(name:\"MSFT\", value:\"MS17-3203474\");\n script_xref(name:\"MSFT\", value:\"MS17-3213638\");\n script_xref(name:\"MSFT\", value:\"MS17-4011103\");\n script_xref(name:\"MSFT\", value:\"MS17-4011126\");\n script_xref(name:\"MSFT\", value:\"MS17-4011063\");\n script_xref(name:\"MSFT\", value:\"MS17-4011062\");\n script_xref(name:\"MSFT\", value:\"MS17-3213551\");\n script_xref(name:\"MSFT\", value:\"MS17-3213631\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/4011055/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d24309b\");\n # https://support.microsoft.com/en-us/help/3213649/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c95ea355\");\n # https://support.microsoft.com/en-us/help/4011038/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69c44d41\");\n # https://support.microsoft.com/en-us/help/3213626/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40a27f00\");\n # https://support.microsoft.com/en-us/help/3213646/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a714c54e\");\n # https://support.microsoft.com/en-us/help/3213641/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b84ca703\");\n # https://support.microsoft.com/en-us/help/3213642/descriptionofthesecurityupdateforpowerpoint2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?607de17a\");\n # https://support.microsoft.com/en-us/help/3213564/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f846aeb6\");\n # https://support.microsoft.com/en-us/help/3203474/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7601f27e\");\n # https://support.microsoft.com/en-us/help/3213638/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4928d07a\");\n # https://support.microsoft.com/en-us/help/4011103/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa6bb9d8\");\n # https://support.microsoft.com/en-us/help/4011126/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d1e5263\");\n # https://support.microsoft.com/en-us/help/4011063/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b27cd572\");\n # https://support.microsoft.com/en-us/help/4011062/descriptionofthesecurityupdateforexcel2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7194ec3f\");\n # https://support.microsoft.com/en-us/help/3213551/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ecdeba5\");\n # https://support.microsoft.com/en-us/help/3213631/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2751aff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for Microsoft Office Products.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213641', # Office 2007 SP3\n '3213646', # Office 2007 SP3\n '3213649', # Office 2007 SP3\n '4011063', # Office 2007 SP3\n '3213626', # Office 2010 SP2\n '3213631', # Office 2010 SP2\n '3213638', # Office 2010 SP2\n '4011055', # Office 2010 SP2\n '3213564', # Office 2013 SP1\n '4011103', # Office 2013 SP1\n '3203474', # Office 2016\n '3213551', # Office 2016\n '4011038', # Office 2016\n '4011126' # Office 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\noffice_vers = hotfix_check_office_version();\n\n####################################################################\n# Office 2007 SP3 Checks\n####################################################################\nif (office_vers[\"12.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n prod = \"Microsoft Office 2007 SP3\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"12.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2006.1200.6776.5000\", min_version:\"2006.1200.0.0\", path:path, kb:\"3213646\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office12\"\n );\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"12.0.6776.5000\", path:path, kb:\"3213641\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"12.0.6777.5000\", path:path, kb:\"4011063\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"12.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.626.6002.24173\", path:path, kb:\"3213649\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2010 SP2 Checks\n####################################################################\nif (office_vers[\"14.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n prod = \"Microsoft Office 2010 SP2\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"14.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office14\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"14.0.7188.5002\", path:path, kb:\"4011055\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"14.0.7188.5000\", path:path, kb:\"3213638\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2010.1400.7188.5000\", min_version:\"2010.1400.0.0\", path:path, kb:\"3213626\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"14.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.0626.7601.23883\", path:path, kb:\"3213631\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2013 SP1 Checks\n####################################################################\nif (office_vers[\"15.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2013/SP\");\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = \"Microsoft Office 2013 SP1\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"15.0\");\n\n path = hotfix_append_path(\n path : hotfix_get_officecommonfilesdir(officever:\"15.0\"),\n value : \"Microsoft Shared\\Office15\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"15.0.4963.1002\", path:path, kb:\"4011103\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2012.1500.4963.1000\", min_version:\"2012.1500.0.0\", path:path, kb:\"3213564\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2016 Checks\n####################################################################\nif (office_vers[\"16.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2016/SP\");\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = \"Microsoft Office 2016\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"16.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office16\"\n );\n kb = \"4011038\";\n file = \"mso99lwin32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"4011126\";\n file = \"mso30win32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1002\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"3213551\";\n file = \"wpft632.cnv\";\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\TextConv\"\n );\n if (\n hotfix_check_fversion(file:file, version:\"2012.1600.4588.1000\", min_version:\"2012.1600.0.0\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.7726.1057\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8201.2193\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8431.2079\", min_version:\"2012.1600.0.0\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8326.2107\", min_version:\"2012.1600.0.0\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"16.0\");\n kb = \"3203474\";\n file = \"igx.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:00", "description": "The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:live_meeting_console", "cpe:/a:microsoft:skype_for_business", "cpe:/a:microsoft:live_meeting", "cpe:/a:microsoft:lync"], "id": "SMB_NT_MS17_SEP_SKYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/103123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103123);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_bugtraq_id(100755, 100773, 100780);\n script_xref(name:\"MSKB\", value:\"4025865\");\n script_xref(name:\"MSKB\", value:\"4025866\");\n script_xref(name:\"MSKB\", value:\"4025867\");\n script_xref(name:\"MSKB\", value:\"4011040\");\n script_xref(name:\"MSKB\", value:\"3213568\");\n script_xref(name:\"MSKB\", value:\"4025868\");\n script_xref(name:\"MSKB\", value:\"4025869\");\n script_xref(name:\"MSFT\", value:\"MS17-4011107\");\n script_xref(name:\"MSFT\", value:\"MS17-4025865\");\n script_xref(name:\"MSFT\", value:\"MS17-4025866\");\n script_xref(name:\"MSFT\", value:\"MS17-4025867\");\n script_xref(name:\"MSFT\", value:\"MS17-4011040\");\n script_xref(name:\"MSFT\", value:\"MS17-3213568\");\n script_xref(name:\"MSFT\", value:\"MS17-4025868\");\n script_xref(name:\"MSFT\", value:\"MS17-4025869\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Skype for Business or Microsoft Lync or\nMicrosoft Live Meeting installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\");\n # https://support.microsoft.com/en-us/help/4011107/description-of-the-security-update-for-skype-for-business-2015-lync-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e352a51\");\n # https://support.microsoft.com/en-us/help/4025865/descriptionofthesecurityupdateforlync2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b9ff1ff\");\n # https://support.microsoft.com/en-us/help/4025866/descriptionofthesecurityupdateforlync2010attendeeseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56771a41\");\n # https://support.microsoft.com/en-us/help/4025867/descriptionofthesecurityupdateforlync2010attendeeseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1f4d2c3\");\n # https://support.microsoft.com/en-us/help/4011040/descriptionofthesecurityupdateforskypeforbusiness2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64c04506\");\n # https://support.microsoft.com/en-us/help/3213568/description-of-the-security-update-for-skype-for-business-2015-lync-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e876cd3b\");\n # https://support.microsoft.com/en-us/help/4025868/descriptionofthesecurityupdateforofficelivemeetingconsoleseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f49fe21\");\n # https://support.microsoft.com/en-us/help/4025869/descriptionofthesecurityupdateforofficelivemeetingadd-inseptember12-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e609f52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011107\n -KB4025865\n -KB4025866\n -KB4025867\n -KB4011040\n -KB3213568\n -KB4025868\n -KB4025869\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:live_meeting_console\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:skype_for_business\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:live_meeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:lync\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_lync_server_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '4025868', # Live Meeting 2007 Console\n '4011040', # Skype for Business 2016\n '4011107', # Lync 2013 SP1\n '3213568', # Lync 2013 SP1\n '4025866', # Lync 2010 Attendee (Admin level install)\n '4025865', # Lync 2010\n '4025867', # Lync 2010 Attendee (User level install)\n '4025869' # Live Meeting 2007 Add-in\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Skype for Business 2016 / Lync 2013 and 2010\n######################################################################\nfunction perform_skype_checks()\n{\n if (int(get_install_count(app_name:\"Microsoft Lync\")) <= 0)\n return NULL;\n\n var lync_install, lync_installs, kb, file, prod;\n var found, report, uninstall_key, uninstall_keys;\n\n lync_installs = get_installs(app_name:\"Microsoft Lync\");\n foreach lync_install (lync_installs[1])\n {\n\n if (\"Live Meeting 2007 Add-in\" >< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"lmaddins.dll\", version:\"8.0.6362.281\", min_version:\"8.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025869\", product:\"Live Meeting 2007 Add-in\") == HCF_OLDER)\n vuln = TRUE;\n }\n if (\"Live Meeting 2007 Console\" >< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"bgpubmgr.exe\", version:\"8.0.6362.281\", min_version:\"8.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025868\", product:\"Live Meeting 2007 Console\") == HCF_OLDER)\n vuln = TRUE;\n }\n # Lync 2010 checks\n if (lync_install[\"version\"] =~ \"^4\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n # Lync 2010\n if (\"Attendee\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025865\", product:\"Microsoft Lync 2010\") == HCF_OLDER)\n vuln = TRUE;\n }\n # Lync 2010 Attendee\n else if (\"Attendee\" >< lync_install[\"Product\"])\n {\n if (\"user level\" >< tolower(lync_install[\"Product\"])) # User\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025867\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln = TRUE;\n }\n else # Admin\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025866\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln = TRUE;\n }\n }\n }\n # Lync on Skype 2016\n else if (lync_install[\"version\"] =~ \"^16\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n file = \"Lync.exe\";\n prod = \"Skype for Business 2016\";\n kb = \"4011040\";\n\n # MSI\n if (lync_install['Channel'] == \"MSI\" || empty_or_null(lync_install['Channel']))\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n # Deferred\n else if (lync_install['Channel'] == \"Deferred\")\n {\n if (\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7766.2116\", channel:\"Deferred\", channel_version:\"1701\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n else if (lync_install['Channel'] == \"First Release for Deferred\")\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n else if (lync_install['Channel'] == \"Current\")\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n } # Lync 2013 \n else if (lync_install[\"version\"] =~ \"^15\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"lync.exe\", version:\"15.0.4963.1000\", min_version:\"15.0.4000.1000\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4011107\", product:\"Microsoft Lync 2013\") == HCF_OLDER)\n vuln = TRUE;\n\n }\n }\n}\n\nperform_skype_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:13", "description": "The Microsoft Office Online Server or Microsoft Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T00:00:00", "type": "nessus", "title": "Security Update for Microsoft Office Online Server and Office Web Apps (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8696", "CVE-2017-8742", "CVE-2017-8743"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office_web_apps", "cpe:/a:microsoft:office_online_server"], "id": "SMB_NT_MS17_SEP_OFFICE_WEB.NASL", "href": "https://www.tenable.com/plugins/nessus/103192", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103192);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8631\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\",\n \"CVE-2017-8743\"\n );\n script_bugtraq_id(\n 100741,\n 100746,\n 100751,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"3213562\");\n script_xref(name:\"MSFT\", value:\"MS17-3213562\");\n script_xref(name:\"MSKB\", value:\"3213632\");\n script_xref(name:\"MSFT\", value:\"MS17-3213632\");\n script_xref(name:\"MSKB\", value:\"3213658\");\n script_xref(name:\"MSFT\", value:\"MS17-3213658\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Update for Microsoft Office Online Server and Office Web Apps (September 2017)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Online Server or Microsoft Office Web\nApps installation on the remote host is missing security\nupdates. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\");\n # https://support.microsoft.com/en-us/help/3213658/descriptionofthesecurityupdateforofficeonlineserverseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f1bdca6\");\n # https://support.microsoft.com/en-us/help/3213632/descriptionofthesecurityupdateforsharepointserver2010officewebappssept\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ab979819\");\n # https://support.microsoft.com/en-us/help/3213562/descriptionofthesecurityupdateforofficewebappsserver2013september12-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75d14528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://portal.msrc.microsoft.com/en-us/security-guidance/summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft Office Online\nServer, Office Web Apps Server 2013, Office 2010 Web Apps, and Office\n2013 Web Apps.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_online_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_owa_installed.nbin\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n \"3213562\",\n \"3213632\",\n \"3213658\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\nglobal_var office_online_server_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office16.WacServer\\InstallLocation\"\n);\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\nport = kb_smb_transport();\n\n######################################################################\n# Office Web Apps 2010, 2013\n######################################################################\nfunction perform_owa_checks()\n{\n var owa_installs, owa_install;\n var owa_2010_path, owa_2010_sp;\n var owa_2013_path, owa_2013_sp;\n var path;\n var vuln;\n\n # Get installs of Office Web Apps\n owa_installs = get_installs(app_name:\"Microsoft Office Web Apps\");\n if (!empty_or_null(owa_installs))\n {\n foreach owa_install (owa_installs[1])\n {\n if (owa_install[\"Product\"] == \"2010\")\n {\n owa_2010_path = owa_install[\"path\"];\n owa_2010_sp = owa_install[\"SP\"];\n }\n else if (owa_install[\"Product\"] == \"2013\")\n {\n owa_2013_path = owa_install[\"path\"];\n owa_2013_sp = owa_install[\"SP\"];\n }\n }\n }\n\n ####################################################################\n # Office Web Apps 2010 SP2\n ####################################################################\n if (owa_2010_path && (!isnull(owa_2010_sp) && owa_2010_sp == \"2\"))\n {\n path = hotfix_append_path(path:owa_2010_path, value:\"14.0\\WebServices\\WordServer\\Core\");\n if (hotfix_check_fversion(file:\"msoserver.dll\", version:\"14.0.7188.5000\", min_version:\"14.0.0.0\", path:path, kb:\"3213632\", product:\"Office Web Apps 2010\") == HCF_OLDER)\n\n vuln = TRUE;\n }\n\n ####################################################################\n # Office Web Apps 2013 SP1\n ####################################################################\n if (owa_2013_path && (!isnull(owa_2013_sp) && owa_2013_sp == \"1\"))\n {\n path = hotfix_append_path(path:owa_2013_path, value:\"WordConversionService\\bin\\Converter\");\n if (hotfix_check_fversion(file:\"sword.dll\", version:\"15.0.4963.1000\", min_version:\"15.0.4569.1500\", path:path, kb:\"3213562\", product:\"Office Web Apps 2013\") == HCF_OLDER)\n\n vuln = TRUE;\n }\n return vuln;\n}\n\n\n######################################################################\n# Office Online Server\n######################################################################\nfunction perform_oos_checks()\n{\n var vuln, path;\n\n if (office_online_server_path)\n {\n path = hotfix_append_path(path:office_online_server_path, value:\"WordConversionService\\bin\\Converter\");\n if (hotfix_check_fversion(file:\"sword.dll\", version:\"16.0.7726.1056\", min_version:\"16.0.6000.0\", path:path, kb:\"3213658\", product:\"Office Online Server\") == HCF_OLDER)\n\n vuln = TRUE;\n }\n return vuln;\n}\n\nglobal_var vuln = 0;\nvuln += perform_owa_checks();\nvuln += perform_oos_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:35", "description": "Microsoft Office Compatibility Pack SP3 is missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Compatibility Pack SP3 (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8742"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS17_SEP_OFFICE_COMPATIBILITY.NASL", "href": "https://www.tenable.com/plugins/nessus/103134", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103134);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\", \"CVE-2017-8742\");\n script_bugtraq_id(100734, 100741, 100751);\n script_xref(name:\"MSKB\", value:\"4011064\");\n script_xref(name:\"MSFT\", value:\"MS17-3213644\");\n script_xref(name:\"MSFT\", value:\"MS17-4011064\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Compatibility Pack SP3 (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Microsoft Office Compatibility Pack SP3 is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Microsoft Office Compatibility Pack SP3 is missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\");\n # https://support.microsoft.com/en-us/help/3213644/descriptionofthesecurityupdateformicrosoftofficecompatibilitypackservi\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3021d13\");\n # https://support.microsoft.com/en-us/help/4011064/descriptionofthesecurityupdateformicrosoftofficecompatibilitypackservi\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5185a6eb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n -KB3213644\n -KB4011064\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213644',\n '4011064'\n);\n\nvuln = FALSE;\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nexcel_compat_check = make_array(\n \"12.0\", make_array(\"version\", \"12.0.6776.5000\", \"kb\", \"3213644\")\n);\n\nvuln = FALSE;\n######################################################################\n# Excel Compatibility pack\n######################################################################\nif (hotfix_check_office_product(product:\"ExcelCnv\",\n display_name:\"Office Compatibility Pack SP3\",\n checks:excel_compat_check,\n bulletin:bulletin))\n vuln = TRUE;\n\n######################################################################\n# PowerPoint Compatibility pack\n######################################################################\ninstalls = get_kb_list(\"SMB/Office/PowerPointCnv/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n path = installs[install];\n path = ereg_replace(pattern:'^(.+)\\\\\\\\[^\\\\\\\\]+\\\\.exe$', replace:\"\\1\\\", string:path, icase:TRUE);\n if(hotfix_check_fversion(path:path, file:\"ppcnv.dll\", version:\"12.0.6776.5000\", kb:\"4011064\", min_version:\"12.0.0.0\", product:\"PowerPoint Compatability Pack SP3\") == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n\nif(vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:19", "description": "The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by the following vulnerabilities:\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8567)\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Update for Microsoft Office (September 2017) (macOS)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8567", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8676"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "MACOSX_MS17_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/103126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103126);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8567\",\n \"CVE-2017-8631\",\n \"CVE-2017-8632\",\n \"CVE-2017-8676\"\n );\n script_bugtraq_id(\n 100719,\n 100734,\n 100751,\n 100755\n );\n script_xref(name:\"MSKB\", value:\"3212225\");\n script_xref(name:\"MSFT\", value:\"MS17-3212225\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Update for Microsoft Office (September 2017) (macOS)\");\n script_summary(english:\"Checks the version of Microsoft Office.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office application installed on the remote macOS or Mac\nOS X host is missing a security update. It is, therefore, affected by\nthe following vulnerabilities:\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8567)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/3212225/description-of-the-security-update-for-office-for-mac-2011-14-7-7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6eeb83f\");\n # https://support.office.com/en-us/article/Release-notes-for-Office-2016-for-Mac-ed2da564-6d53-4542-9954-7e3209681a41\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68489292\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8631\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b333387a\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8632\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52db4138\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8676\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9e41e2a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set patches for Microsoft Office for Mac 2011\nand Microsoft Office 2016 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_office_installed.nbin\");\n script_require_keys(\"Host/MacOSX/Version\");\n script_require_ports(\"installed_sw/Office for Mac 2011\", \"installed_sw/Microsoft Outlook\", \"installed_sw/Microsoft Excel\", \"installed_sw/Microsoft Word\", \"installed_sw/Microsoft PowerPoint\", \"installed_sw/Microsoft OneNote\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n# Office 2011\napps = make_list(\n \"Office for Mac 2011\",\n \"Microsoft Outlook\",\n \"Microsoft Excel\",\n \"Microsoft Word\",\n \"Microsoft PowerPoint\",\n \"Microsoft OneNote\"\n);\n\nreport = \"\";\n\nforeach app (apps)\n{\n installs = get_installs(app_name:app);\n if (isnull(installs[1])) continue;\n foreach install (installs[1])\n {\n version = install['version'];\n app_label = app;\n fix = NULL;\n fix_disp = NULL;\n\n if (version =~ \"^14\\.\")\n {\n if (app !~ \" for Mac 2011$\") app_label += \" for Mac 2011\";\n fix = '14.7.7';\n }\n else\n {\n if (version =~ \"^15\\.\") app_label += \" for Mac 2016\";\n fix = '15.38.0';\n fix_disp = '15.38 (17090200)';\n }\n\n if (fix && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Product : ' + app_label +\n '\\n Installed version : ' + version;\n\n if (!empty_or_null(fix_disp))\n {\n report += '\\n Fixed version : ' + fix_disp;\n fix_disp = '';\n }\n else report += '\\n Fixed version : ' + fix;\n\n if (os =~ \"^Mac OS X 10\\.[0-9](\\.|$)\" && app_label =~ \" for Mac 2016$\")\n report += '\\n Note : Update will require Mac OS X 10.10.0 or later.\\n';\n else report += '\\n';\n }\n }\n}\n\n# Report findings.\nif (!empty(report))\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\nelse\n audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-14T14:22:01", "description": "The Microsoft Sharepoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. (CVE-2017-8629)\n\n - A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. (CVE-2017-8745)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Sharepoint Server (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8629", "CVE-2017-8631", "CVE-2017-8742", "CVE-2017-8743", "CVE-2017-8745"], "modified": "2021-01-28T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_foundation", "cpe:/a:microsoft:sharepoint_server", "cpe:/a:microsoft:office"], "id": "SMB_NT_MS17_SEP_OFFICE_SHAREPOINT.NASL", "href": "https://www.tenable.com/plugins/nessus/103141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103141);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\n \"CVE-2017-8629\",\n \"CVE-2017-8631\",\n \"CVE-2017-8742\",\n \"CVE-2017-8743\",\n \"CVE-2017-8745\"\n );\n script_bugtraq_id(\n 100725,\n 100741,\n 100746,\n 100751,\n 100753\n );\n script_xref(name:\"MSKB\", value:\"4011056\");\n script_xref(name:\"MSKB\", value:\"4011117\");\n script_xref(name:\"MSKB\", value:\"3213560\");\n script_xref(name:\"MSKB\", value:\"4011113\");\n script_xref(name:\"MSKB\", value:\"4011127\");\n script_xref(name:\"MSKB\", value:\"3191831\");\n script_xref(name:\"MSFT\", value:\"MS17-4011056\");\n script_xref(name:\"MSFT\", value:\"MS17-4011117\");\n script_xref(name:\"MSFT\", value:\"MS17-3213560\");\n script_xref(name:\"MSFT\", value:\"MS17-4011113\");\n script_xref(name:\"MSFT\", value:\"MS17-4011127\");\n script_xref(name:\"MSFT\", value:\"MS17-3191831\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Sharepoint Server (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Sharepoint Server installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Sharepoint Server installation on the remote\nhost is missing security updates. It is, therefore, affected\nby multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - An elevation of privilege vulnerability exists when\n Microsoft SharePoint Server does not properly sanitize a\n specially crafted web request to an affected SharePoint\n server. An authenticated attacker could exploit the\n vulnerability by sending a specially crafted request to\n an affected SharePoint server. The attacker who\n successfully exploited the vulnerability could then\n perform cross-site scripting attacks on affected systems\n and run script in the security context of the current\n user. These attacks could allow the attacker to read\n content that the attacker is not authorized to read, use\n the victim's identity to take actions on the SharePoint\n site on behalf of the user, such as change permissions\n and delete content, and inject malicious content in the\n browser of the user. The security update addresses the\n vulnerability by helping to ensure that SharePoint\n Server properly sanitizes web requests. (CVE-2017-8629)\n\n - A cross-site scripting (XSS) vulnerability exists when\n Microsoft SharePoint Server does not properly sanitize a\n specially crafted web request to an affected SharePoint\n server. An authenticated attacker could exploit the\n vulnerability by sending a specially crafted request to\n an affected SharePoint server. The attacker who\n successfully exploited the vulnerability could then\n perform cross-site scripting attacks on affected systems\n and run script in the security context of the current\n user. The attacks could allow the attacker to read\n content that the attacker is not authorized to read, use\n the victim's identity to take actions on the SharePoint\n site on behalf of the user, such as change permissions\n and delete content, and inject malicious content in the\n browser of the user. The security update addresses the\n vulnerability by helping to ensure that SharePoint\n Server properly sanitizes web requests. (CVE-2017-8745)\");\n # https://support.microsoft.com/en-us/help/4011056/descriptionofthesecurityupdateforsharepointserver2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?604636cb\");\n # https://support.microsoft.com/en-us/help/4011117/descriptionofthesecurityupdateforsharepointfoundation2013september12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a44abe21\");\n # https://support.microsoft.com/en-us/help/3213560/descriptionofthesecurityupdateforsharepointserver2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af7fb55b\");\n # https://support.microsoft.com/en-us/help/4011113/descriptionofthesecurityupdateforsharepointserver2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d79043bd\");\n # https://support.microsoft.com/en-us/help/4011127/descriptionofthesecurityupdateforsharepointserver2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5cbef33e\");\n # https://support.microsoft.com/en-us/help/3191831/descriptionofthesecurityupdateforsharepointserver2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb6ab180\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011056\n -KB4011117\n -KB3213560\n -KB4011113\n -KB4011127\n -KB3191831\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_foundation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_sharepoint_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3191831', # Excel Services for SharePoint Server 2007 SP3\n '4011056', # Excel Services for SharePoint Server 2010 SP2\n '3213560', # SharePoint Server 2013 SP1\n '4011113', # SharePoint Server 2013 SP1\n '4011117', # SharePoint Foundation 2013 SP1\n '4011127' # SharePoint Enterprise Server 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) \nhotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nregistry_init();\n\nvar sps_2007_path, sps_2007_sp, sps_2007_edition;\nvar sps_2010_path, sps_2010_sp, sps_2010_edition;\nvar sps_2013_path, sps_2013_sp, sps_2013_edition;\nvar sps_2016_path, sps_2016_sp, sps_2016_edition;\n\nxss = FALSE;\nvuln = FALSE;\nport = kb_smb_transport();\n\ninstalls = get_installs(app_name:\"Microsoft SharePoint Server\", exit_if_not_found:TRUE);\n\nforeach install (installs[1])\n{\n if (install[\"Product\"] == \"2007\")\n {\n sps_2007_path = install['path'];\n sps_2007_sp = install['SP'];\n sps_2007_edition = install['Edition'];\n }\n else if (install[\"Product\"] == \"2010\")\n {\n sps_2010_path = install['path'];\n sps_2010_sp = install['SP'];\n sps_2010_edition = install['Edition'];\n }\n else if (install[\"Product\"] == \"2016\")\n {\n sps_2016_path = install['path'];\n sps_2016_sp = install['SP'];\n sps_2016_edition = install['Edition'];\n }\n else if (install[\"Product\"] == \"2013\")\n {\n sps_2013_path = install['path'];\n sps_2013_sp = install['SP'];\n sps_2013_edition = install['Edition'];\n }\n\n}\n\n\n######################################################################\n# SharePoint Server 2007 SP3\n######################################################################\nif (sps_2007_path && sps_2007_sp == \"3\" && sps_2007_edition == \"Server\")\n{\n path = hotfix_append_path(path:sps_2007_path, value:\"Bin\");\n if (hotfix_check_fversion(file:\"xlsrv.dll\", version:\"12.0.6776.5000\", min_version:\"12.0.0.0\", path:path, kb:\"3191831\", product:\"Excel Services for SharePoint Server 2007 SP3\") == HCF_OLDER)\n {\n vuln = TRUE;\n }\n\n}\n\n######################################################################\n# SharePoint Server 2010 SP2\n######################################################################\nif (sps_2010_path && sps_2010_sp == \"2\" && sps_2010_edition == \"Server\")\n{\n path = hotfix_append_path(path:sps_2010_path, value:\"Bin\");\n if (hotfix_check_fversion(file:\"xlsrv.dll\", version:\"14.0.7188.5000\", min_version:\"14.0.0.0\", path:path, kb:\"4011056\", product:\"Excel Services for SharePoint Server 2010 SP2\") == HCF_OLDER)\n vuln = TRUE;\n}\n\n######################################################################\n# Sharepoint Server 2013 SP1\n######################################################################\nif (sps_2013_path && sps_2013_sp == \"1\")\n{\n if(sps_2013_edition == \"Server\")\n {\n path = hotfix_append_path(path:sps_2013_path, value:\"WebServices\\ConversionServices\");\n if (hotfix_check_fversion(file:\"ppserver.dll\", version:\"15.0.4961.1000\", min_version:\"15.0.0.0\", path:path, kb:\"3213560\", product:\"Microsoft SharePoint Server 2013 Service Pack 1 \") == HCF_OLDER)\n vuln = TRUE;\n\n if (hotfix_check_fversion(file:\"htmlutil.dll\", version:\"15.0.4936.1000\", min_version:\"15.0.0.0\", path:path, kb:\"4011113\", product:\"Microsoft SharePoint Server 2013 Service Pack 1\") == HCF_OLDER)\n {\n vuln = TRUE;\n xss = TRUE;\n }\n }\n\n if(sps_2013_edition == \"Foundation\")\n {\n commonfiles = hotfix_get_commonfilesdir();\n if (!commonfiles) commonfiles = hotfix_get_commonfilesdirx86();\n\n if(commonfiles) path = hotfix_append_path(path:commonfiles, value:\"Microsoft Shared\\Web Server Extensions\\15\\BIN\");\n else path = hotfix_append_path(path:sps_2013_path, value:\"BIN\");\n if (hotfix_check_fversion(file:\"onetutil.dll\", version:\"15.0.4963.1000\", min_version:\"15.0.0.0\", path:path, kb:\"4011117\", product:\"Microsoft Sharepoint Foundation 2013 Service Pack 1\") == HCF_OLDER)\n {\n vuln = TRUE;\n xss = TRUE;\n }\n }\n}\n######################################################################\n# SharePoint Server 2016\n######################################################################\nif (sps_2016_path && sps_2016_sp == \"0\" && sps_2016_edition == \"Server\")\n{\n path = hotfix_append_path(path:sps_2016_path, value:\"WebServices\\ConversionServices\");\n if (hotfix_check_fversion(file:\"sword.dll\", version:\"16.0.4588.1000\", min_version:\"16.0.0.0\", path:path, kb:\"4011127\", product:\"Microsoft SharePoint Server 2016\") == HCF_OLDER)\n vuln = TRUE;\n}\n\n\n\nif (vuln)\n{\n if(xss) replace_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:13", "description": "The Microsoft Powerpoint Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Powerpoint Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8742", "CVE-2017-8743"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:powerpoint"], "id": "SMB_NT_MS17_SEP_POWERPOINT.NASL", "href": "https://www.tenable.com/plugins/nessus/103136", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103136);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8742\", \"CVE-2017-8743\");\n script_bugtraq_id(100741, 100746);\n script_xref(name:\"MSKB\", value:\"4011041\");\n script_xref(name:\"MSKB\", value:\"3128027\");\n script_xref(name:\"MSKB\", value:\"4011069\");\n script_xref(name:\"MSFT\", value:\"MS17-3213642\");\n script_xref(name:\"MSFT\", value:\"MS17-4011041\");\n script_xref(name:\"MSFT\", value:\"MS17-3128027\");\n script_xref(name:\"MSFT\", value:\"MS17-4011069\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Powerpoint Products (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Powerpoint Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Powerpoint Products are missing security\nupdates. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\");\n # https://support.microsoft.com/en-us/help/4011041/descriptionofthesecurityupdateforpowerpoint2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?acec2355\");\n # https://support.microsoft.com/en-us/help/3128027/descriptionofthesecurityupdateforpowerpoint2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d9bf308\");\n # https://support.microsoft.com/en-us/help/4011069/descriptionofthesecurityupdateforpowerpoint2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e2fc194\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011041\n -KB3128027\n -KB4011069\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213642', # PowerPoint 2007 SP3\n '3128027', # PowerPoint 2010 SP2\n '4011069', # PowerPoint 2013 SP1\n '4011041' # PowerPoint 2016\n);\n\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nport = kb_smb_transport();\n\nvuln = FALSE;\n\nchecks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6775.5000\", \"kb\", \"3213642\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7188.5000\", \"kb\", \"3128027\"),\n \"15.0\", make_array(\"sp\", 1, \"version\", \"15.0.4963.1000\", \"kb\", \"4011069\"),\n \"16.0\", make_nested_list(\n make_array(\"sp\", 0, \"version\", \"16.0.4588.1000\", \"kb\", \"4011041\", \"channel\", \"MSI\"),\n make_array(\"sp\", 0, \"version\", \"16.0.7766.2116\", \"kb\", \"4011041\", \"channel\", \"Deferred\", \"channel_version\", \"1701\"),\n make_array(\"sp\", 0, \"version\", \"16.0.8201.2193\", \"kb\", \"4011041\", \"channel\", \"Deferred\", \"channel_version\", \"1705\"),\n make_array(\"sp\", 0, \"version\", \"16.0.8431.2079\", \"kb\", \"4011041\", \"channel\", \"First Release for Deferred\"),\n make_array(\"sp\", 0, \"version\", \"16.0.8326.2107\", \"kb\", \"4011041\", \"channel\", \"Current\")\n )\n );\n\nif(hotfix_check_office_product(product:\"PowerPoint\", checks:checks, bulletin:bulletin))\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:21", "description": "The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Update for Microsoft Office Excel Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:excel"], "id": "SMB_NT_MS17_SEP_EXCEL.NASL", "href": "https://www.tenable.com/plugins/nessus/103138", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103138);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\");\n script_bugtraq_id(100734, 100751);\n script_xref(name:\"MSKB\", value:\"4011108\");\n script_xref(name:\"MSKB\", value:\"4011062\");\n script_xref(name:\"MSKB\", value:\"4011061\");\n script_xref(name:\"MSFT\", value:\"MS17-4011050\");\n script_xref(name:\"MSFT\", value:\"MS17-4011108\");\n script_xref(name:\"MSFT\", value:\"MS17-4011062\");\n script_xref(name:\"MSFT\", value:\"MS17-4011061\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Update for Microsoft Office Excel Products (September 2017)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Excel Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\");\n # https://support.microsoft.com/en-us/help/4011108/descriptionofthesecurityupdateforexcel2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d426bc7\");\n # https://support.microsoft.com/en-us/help/4011050/descriptionofthesecurityupdateforexcel2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2583452\");\n # https://support.microsoft.com/en-us/help/4011061/descriptionofthesecurityupdateforexcel2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8028c458\");\n # https://support.microsoft.com/en-us/help/4011062/descriptionofthesecurityupdateforexcel2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7194ec3f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011108\n -KB4011050\n -KB4011061\n -KB4011062\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '4011062', # Excel 2007 SP3\n '4011061', # Excel 2010 SP2\n '4011050', # Excel 2016\n '4011108' # Excel 2013 SP1\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n\n######################################################################\n# Excel 2007, 2010, 2013, 2016\n######################################################################\n\nkb16 = \"4011050\";\nexcel_checks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6776.5000\", \"kb\", \"4011062\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7188.5000\", \"kb\", \"4011061\"),\n \"15.0\", make_array(\"sp\", 1, \"version\", \"15.0.4963.1000\", \"kb\", \"4011108\"),\n \"16.0\", make_nested_list(\n make_array(\"sp\", 0, \"version\", \"16.0.4588.1000\", \"channel\", \"MSI\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.7766.2116\", \"channel\", \"Deferred\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8201.2193\", \"channel\", \"Deferred\", \"channel_version\", \"1705\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8431.2079\", \"channel\", \"First Release for Deferred\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8326.2107\", \"channel\", \"Current\", \"kb\", kb16)\n )\n);\nif (hotfix_check_office_product(product:\"Excel\", checks:excel_checks, bulletin:bulletin))\n vuln = TRUE;\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:26", "description": "The remote Windows host is missing multiple security updates released on 2017/09/12. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.\n (CVE-2017-8707)\n\n - An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. (CVE-2017-8683)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, a user must open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by helping to ensure that Windows Shell validates file copy destinations.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. (CVE-2017-8720)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.\n (CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI+ handles memory addresses. (CVE-2017-8688)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n To exploit the vulnerability, the attacker needs to be within the physical proximity of the targeted user, and the user's computer needs to have Bluetooth enabled. The attacker can then initiate a Bluetooth connection to the target computer without the user's knowledge. The security update addresses the vulnerability by correcting how Windows handles Bluetooth requests.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 2008 September 2017 Multiple Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8741", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/103140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103140);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8685\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8710\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8733\",\n \"CVE-2017-8741\",\n \"CVE-2017-8759\"\n );\n script_bugtraq_id(\n 100720,\n 100722,\n 100724,\n 100727,\n 100736,\n 100737,\n 100742,\n 100744,\n 100752,\n 100755,\n 100756,\n 100764,\n 100769,\n 100772,\n 100773,\n 100780,\n 100781,\n 100782,\n 100783,\n 100790,\n 100791,\n 100792,\n 100793,\n 100803,\n 100804\n );\n script_xref(name:\"MSKB\", value:\"4032201\");\n script_xref(name:\"MSFT\", value:\"MS17-4032201\");\n script_xref(name:\"MSKB\", value:\"4034786\");\n script_xref(name:\"MSFT\", value:\"MS17-4034786\");\n script_xref(name:\"MSKB\", value:\"4038874\");\n script_xref(name:\"MSFT\", value:\"MS17-4038874\");\n script_xref(name:\"MSKB\", value:\"4039038\");\n script_xref(name:\"MSFT\", value:\"MS17-4039038\");\n script_xref(name:\"MSKB\", value:\"4039266\");\n script_xref(name:\"MSFT\", value:\"MS17-4039266\");\n script_xref(name:\"MSKB\", value:\"4039325\");\n script_xref(name:\"MSFT\", value:\"MS17-4039325\");\n script_xref(name:\"MSKB\", value:\"4039384\");\n script_xref(name:\"MSFT\", value:\"MS17-4039384\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows 2008 September 2017 Multiple Security Updates\");\n script_summary(english:\"Checks the existence of Windows Server 2008 September 2017 Patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing multiple security updates released\non 2017/09/12. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. To exploit the vulnerability, an\n attacker on a guest operating system could run a\n specially crafted application that could cause the\n Hyper-V host operating system to disclose memory\n information. An attacker who successfully exploited the\n vulnerability could gain access to information on the\n Hyper-V host operating system. The security update\n addresses the vulnerability by correcting how Hyper-V\n validates guest operating system user input.\n (CVE-2017-8707)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. To exploit the\n vulnerability, an attacker could create a file\n containing specially crafted XML content and convince an\n authenticated user to open the file. The update\n addresses the vulnerability by modifying the way that\n the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The security update addresses the vulnerability by\n correcting how the Windows kernel handles memory\n addresses. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute\n code or to elevate user rights directly, but it could be\n used to obtain information that could be used to try to\n further compromise the affected system. The update\n addresses the vulnerability by correcting the way in\n which the Windows Graphics Component handles objects in\n memory. (CVE-2017-8683)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. To exploit the\n vulnerability, a user must open a specially crafted\n file. In an email attack scenario, an attacker could\n exploit the vulnerability by sending the specially\n crafted file to the user and then convincing the user to\n open the file. In a web-based attack scenario, an\n attacker could host a website (or leverage a compromised\n website that accepts or hosts user-provided content)\n that contains a specially crafted file designed to\n exploit the vulnerability. An attacker would have no way\n to force a user to visit the website. Instead, an\n attacker would have to convince a user to click a link,\n typically by way of an enticement in an email or Instant\n Messenger message, and then convince the user to open\n the specially crafted file. The security update\n addresses the vulnerability by helping to ensure that\n Windows Shell validates file copy destinations.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. To exploit this vulnerability, an attacker\n would have to log on to an affected system and run a\n specially crafted application. The security update\n addresses the vulnerability by correcting how the\n Windows kernel handles memory addresses. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. To exploit this vulnerability, an\n attacker would first have to log on to the system. An\n attacker could then run a specially crafted application\n that could exploit the vulnerability and take control of\n an affected system. The update addresses this\n vulnerability by correcting how Win32k handles objects\n in memory. (CVE-2017-8720)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute\n code or to elevate user rights directly, but it could be\n used to obtain information that could be used to try to\n further compromise the affected system. The security\n update addresses the vulnerability by correcting how the\n Windows GDI+ component handles objects in memory.\n (CVE-2017-8680, CVE-2017-8681, CVE-2017-8684,\n CVE-2017-8685)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. The security update\n addresses the vulnerability by correcting how GDI+\n handles memory addresses. (CVE-2017-8688)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n To exploit the vulnerability, the attacker needs to be\n within the physical proximity of the targeted user, and\n the user's computer needs to have Bluetooth enabled. The\n attacker can then initiate a Bluetooth connection to the\n target computer without the user's knowledge. The\n security update addresses the vulnerability by\n correcting how Windows handles Bluetooth requests.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. To exploit this vulnerability, an attacker would\n have to log on to an affected system and run a specially\n crafted application. The vulnerability would not allow\n an attacker to execute code or to elevate user rights\n directly, but it could be used to obtain information\n that could be used to try to further compromise the\n affected system. The update addresses the vulnerability\n by correcting how the Windows kernel handles objects in\n memory. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/4032201/windows-kernel-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b4cfaff8\");\n # https://support.microsoft.com/en-us/help/4034786/bluetooth-driver-spoofing-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a43fdc7\");\n # https://support.microsoft.com/en-us/help/4038874/windows-kernel-information-disclosure-vulnerability-in-windows-server\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c6e0c59\");\n # https://support.microsoft.com/en-us/help/4039038/information-disclosure-vulnerability-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?28782454\");\n # https://support.microsoft.com/en-us/help/4039266/windows-shell-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2d3ffe7\");\n # https://support.microsoft.com/en-us/help/4039325/hyper-v-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09206238\");\n # https://support.microsoft.com/en-us/help/4039384/windows-uniscribe-vulnerabilities\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d820c79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the following security updates :\n\n - KB4032201\n - KB4034786\n - KB4038874\n - KB4039038\n - KB4039266\n - KB4039325\n - KB4039384\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-08';\n\nkbs = make_list(\n \"4032201\",\n \"4034786\",\n \"4038874\",\n \"4039038\",\n \"4039266\",\n \"4039325\",\n \"4039384\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\n# 4032201\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"-usermodensi_31bf3856ad364e35\", file_pat:\"^nsisvc\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19858','6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4032201\", session:the_session);\n\n# 4034786 ; cannot locate on disk yet\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"bthpan.inf_31bf3856ad364e35\", file_pat:\"^bthpan\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19848','6.0.6002.24169'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4034786\", session:the_session);\n\n# 4038874\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"ntdll_31bf3856ad364e35\", file_pat:\"^ntdll\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19623','6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4038874\", session:the_session);\n\n# 4039038\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"m..-management-console_31bf3856ad364e35\", file_pat:\"^mmc\\.exe$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19858', '6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039038\", session:the_session);\n\n# 4039266\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"shell32_31bf3856ad364e35\", file_pat:\"^shell32\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19861', '6.0.6002.24182'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039266\", session:the_session);\n\n# 4039325 ; x64 only ; hyper-v\n#arch = get_kb_item_or_exit('SMB/ARCH');\n#if (arch == \"x64\")\n#{\n# files = list_dir(basedir:winsxs, level:0, dir_pat:\"vstack-vmwp_31bf3856ad364e35\", file_pat:\"^vmwp\\.exe$\", max_recurse:1);\n# vuln += hotfix_check_winsxs(os:'6.0',\n# sp:2,\n# files:files,\n# versions:make_list('6.0.6002.19858', '6.0.6002.24180'),\n# max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n# bulletin:bulletin,\n# kb:\"4039325\", session:the_session);\n#}\n\n# 4039384\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"win32k_31bf3856ad364e35\", file_pat:\"^win32k\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19836', '6.0.6002.24154'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039384\", session:the_session);\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:39", "description": "The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 7 and Windows Server 2008 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750"], "modified": "2020-11-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038777.NASL", "href": "https://www.tenable.com/plugins/nessus/103127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103127);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/02\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8685\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8710\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\"\n );\n script_bugtraq_id(\n 98953,\n 100720,\n 100722,\n 100724,\n 100727,\n 100728,\n 100736,\n 100737,\n 100742,\n 100743,\n 100744,\n 100752,\n 100755,\n 100756,\n 100764,\n 100765,\n 100766,\n 100767,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100780,\n 100781,\n 100782,\n 100783,\n 100790,\n 100791,\n 100792,\n 100793,\n 100803,\n 100804\n );\n\n script_xref(name:\"MSKB\", value:\"4038779\");\n script_xref(name:\"MSFT\", value:\"MS17-4038779\");\n script_xref(name:\"MSKB\", value:\"4038777\");\n script_xref(name:\"MSFT\", value:\"MS17-4038777\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038779\nor cumulative update 4038777. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. To exploit the\n vulnerability, an attacker could create a file\n containing specially crafted XML content and convince an\n authenticated user to open the file. The update\n addresses the vulnerability by modifying the way that\n the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038779/windows-7-update-kb4038779\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf7e8b94\");\n # https://support.microsoft.com/en-us/help/4038777/windows-7-update-kb4038777\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dbb18cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038779 or Cumulative update KB4038777\nas well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('smb_reg_query.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-09';\nkbs = make_list('4038779', '4038777');\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(\n os:'6.1',\n sp:1,\n rollup_date:'09_2017',\n bulletin:bulletin,\n rollup_kb_list:[4038779, 4038777]\n )\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:46", "description": "The remote Windows host is missing security update 4038786 or cumulative update 4038799. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows Server 2012 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8749", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038799.NASL", "href": "https://www.tenable.com/plugins/nessus/103132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103132);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8749\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038786\");\n script_xref(name:\"MSFT\", value:\"MS17-4038786\");\n script_xref(name:\"MSKB\", value:\"4038799\");\n script_xref(name:\"MSFT\", value:\"MS17-4038799\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows Server 2012 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038786\nor cumulative update 4038799. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038786/windows-server-2012-update-kb4038786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91b2bd74\");\n # https://support.microsoft.com/en-us/help/4038799/windows-server-2012-update-kb4038799\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35364720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038786 or Cumulative update KB4038799.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038786', '4038799');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038786, 4038799])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:07", "description": "The remote Windows host is missing security update 4038793 or cumulative update 4038792. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038792.NASL", "href": "https://www.tenable.com/plugins/nessus/103131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103131);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038792\");\n script_xref(name:\"MSFT\", value:\"MS17-4038792\");\n script_xref(name:\"MSKB\", value:\"4038793\");\n script_xref(name:\"MSFT\", value:\"MS17-4038793\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038793\nor cumulative update 4038792. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038792/windows-8-1-update-kb4038792\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085e4d22\");\n # https://support.microsoft.com/en-us/help/4038793/windows-8-1-update-kb4038793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf3ecec7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038793 or Cumulative update KB4038792.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038792', '4038793');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038792, 4038793])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:34:54", "description": "The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8738, CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8699) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "KB4038781: Windows 10 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038781.NASL", "href": "https://www.tenable.com/plugins/nessus/104385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104385);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_bugtraq_id(\n 98953,\n 100718,\n 100720,\n 100721,\n 100727,\n 100728,\n 100729,\n 100736,\n 100737,\n 100738,\n 100739,\n 100740,\n 100742,\n 100743,\n 100744,\n 100747,\n 100749,\n 100752,\n 100755,\n 100756,\n 100759,\n 100762,\n 100764,\n 100765,\n 100766,\n 100767,\n 100768,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100776,\n 100779,\n 100781,\n 100783,\n 100785,\n 100789,\n 100790,\n 100791,\n 100792,\n 100796,\n 100803,\n 100804\n );\n script_xref(name:\"MSKB\", value:\"4038781\");\n script_xref(name:\"MSFT\", value:\"MS17-4038781\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038781: Windows 10 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707,\n CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8738,\n CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8677,\n CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2017-8699)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038781/windows-10-update-kb4038781\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c29dee1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038781.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038781');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038781])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:07", "description": "The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038783.NASL", "href": "https://www.tenable.com/plugins/nessus/103129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103129);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038783\");\n script_xref(name:\"MSFT\", value:\"MS17-4038783\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. \n (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753,\n CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038783/windows-10-update-kb4038783\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15cd901b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038783.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038783');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038783])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:45", "description": "The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when Microsoft Edge does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network. The update addresses the bypass by correcting how the Edge CSP validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038788.NASL", "href": "https://www.tenable.com/plugins/nessus/103130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103130);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8597\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8648\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8716\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8724\",\n \"CVE-2017-8728\",\n \"CVE-2017-8729\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8739\",\n \"CVE-2017-8740\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8751\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038788\");\n script_xref(name:\"MSFT\", value:\"MS17-4038788\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707, \n CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when\n Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content. To\n exploit the bypass, an attacker must trick a user into\n either loading a page containing malicious content or\n visiting a malicious website. The attacker could also\n inject the malicious page into either a compromised\n website or an advertisement network. The update\n addresses the bypass by correcting how the Edge CSP\n validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740,\n CVE-2017-8752, CVE-2017-8753, CVE-2017-8755,\n CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038788/windows-10-update-kb4038788\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb942e3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038788.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038788');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038788])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-13T17:06:48", "description": "The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038782.NASL", "href": "https://www.tenable.com/plugins/nessus/103128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103128);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8704\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8711\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8731\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038782\");\n script_xref(name:\"MSFT\", value:\"MS17-4038782\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711,\n CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752,\n CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038782/windows-10-update-kb4038782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62a3aab5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:24:23", "description": "This host is missing a critical security\n update according to Microsoft KB3213638", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office 2010 Service Pack 2 Multiple Vulnerabilities (KB3213638)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811663", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office 2010 Service Pack 2 Multiple Vulnerabilities (KB3213638)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811663\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8682\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100772, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:42:17 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office 2010 Service Pack 2 Multiple Vulnerabilities (KB3213638)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB3213638\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory, allowing an attacker to retrieve information from a targeted system.\n\n - The Windows font library improperly handles specially crafted embedded\n fonts.\n\n - Windows Uniscribe improperly discloses the contents of its memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system. By itself, the information\n disclosure does not allow arbitrary code execution. However, it could allow\n arbitrary code to be run if the attacker uses it in combination with another\n vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2010 Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213638\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\n## MS Office 2010\nOfficeVer = get_kb_item(\"MS/Office/Ver\");\nif(!OfficeVer || OfficeVer !~ \"^(14\\.)\"){\n exit(0);\n}\n\nmsPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(msPath)\n{\n offPath = msPath + \"\\Microsoft Shared\\OFFICE14\" ;\n msdllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n if(!msdllVer){\n exit(0);\n }\n\n if(msdllVer =~ \"^(14\\.)\" && version_is_less(version:msdllVer, test_version:\"14.0.7188.5000\"))\n {\n report = 'File checked: ' + offPath + \"\\Ogl.dll\" + '\\n' +\n 'File version: ' + msdllVer + '\\n' +\n 'Vulnerable range: ' + \"14.0 - 14.0.7188.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:24:43", "description": "This host is missing a critical security\n update according to Microsoft KB3213641", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Multiple Vulnerabilities (KB3213641)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811330", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Multiple Vulnerabilities (KB3213641)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811330\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8682\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100772, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:53:34 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Multiple Vulnerabilities (KB3213641)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB3213641\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists in,\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects\n in memory.\n\n - The Windows font library improperly handles specially crafted embedded\n fonts.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\");\n\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information and execute\n arbitrary code in the context of current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213641\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## MS Office 2007\nOfficeVer = get_kb_item(\"MS/Office/Ver\");\nif(!OfficeVer || OfficeVer !~ \"^(12\\.)\"){\n exit(0);\n}\n\nmsPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(msPath)\n{\n offPath = msPath + \"\\Microsoft Shared\\OFFICE12\" ;\n msdllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n if(!msdllVer){\n exit(0);\n }\n\n if(msdllVer =~ \"^(12\\.)\" && version_is_less(version:msdllVer, test_version:\"12.0.6776.5000\"))\n {\n report = 'File checked: ' + offPath + \"\\Ogl.dll\" + '\\n' +\n 'File version: ' + msdllVer + '\\n' +\n 'Vulnerable range: ' + \"12.0 - 12.0.6776.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:22:56", "description": "This host is missing a critical security\n update according to Microsoft KB4011134", "cvss3": {}, "published": "2017-09-14T00:00:00", "type": "openvas", "title": "Microsoft Office Word Viewer Multiple Vulnerabilities (KB4011134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811697", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Viewer Multiple Vulnerabilities (KB4011134)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811697\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8682\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100772, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-14 16:41:31 +0530 (Thu, 14 Sep 2017)\");\n script_name(\"Microsoft Office Word Viewer Multiple Vulnerabilities (KB4011134)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4011134\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in the way Windows Graphics Device Interface (GDI) handles objects\n in memory,\n\n - An error in the Windows font library which improperly handles specially\n crafted embedded fonts.\n\n - An error when Windows Uniscribe improperly discloses the contents of its\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system. By itself, the information\n disclosure does not allow arbitrary code execution. However, it could allow\n arbitrary code to be run if the attacker uses it in combination with another\n vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Word Viewer.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011134\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordView/Version\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(!wordviewPath = get_kb_item(\"SMB/Office/WordView/Install/Path\")){\n exit(0);\n}\n\nif(!dllVer = fetch_file_version(sysPath:wordviewPath, file_name:\"gdiplus.dll\")){\n exit(0);\n}\n\nif(version_is_less(version:dllVer, test_version:\"11.0.8443\"))\n{\n report = 'File checked: ' + wordviewPath + \"gdiplus.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: Less than 11.0.8443\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:33", "description": "This host is missing an important security\n update according to Microsoft KB4025869", "cvss3": {}, "published": "2017-09-14T00:00:00", "type": "openvas", "title": "Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811765", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811765", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811765\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8696\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100780, 100773);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-14 15:14:00 +0530 (Thu, 14 Sep 2017)\");\n script_name(\"Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4025869\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - The way Windows Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information and take complete control\n of system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Live Meeting 2007 Add-in.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025869\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/Office/Outlook/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\")){\n exit(0);\n}\n\nfilepath = path + \"\\Microsoft Office\\Live Meeting 8\\Addins\";\n\nif(!liveVer = fetch_file_version(sysPath:filepath, file_name:\"lmaddins.dll\")){\n exit(0);\n}\n\nif(version_is_less(version:liveVer, test_version:\"8.0.6362.281\"))\n{\n report = 'File checked: ' + filepath + \"\\lmaddins.dll\\n\" +\n 'File version: ' + liveVer + '\\n' +\n 'Vulnerable range: Less than 8.0.6362.281\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:21:03", "description": "This host is missing a critical security\n updates according to Microsoft KB4025866 and KB4025867.", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Lync Attendee Multiple Remote Code Execution Vulnerabilities (KB4025866 and KB4025867)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811327", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Lync Attendee Multiple Remote Code Execution Vulnerabilities (KB4025866 and KB4025867)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811327\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 15:57:23 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Lync Attendee Multiple Remote Code Execution Vulnerabilities (KB4025866 and KB4025867)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n updates according to Microsoft KB4025866 and KB4025867.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to the windows font\n library which improperly handles specially crafted embedded fonts.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Lync Attendee 2010.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025867\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025866\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_lync_detect_win.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Lync/Attendee/Ver\", \"MS/Lync/Attendee/path\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025867\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"secpod_smb_func.inc\");\ninclude(\"version_func.inc\");\n\n## For Microsoft Lync 2010 Attendee (admin level install)\n## For Microsoft Lync 2010 Attendee (user level install)\nlyncPath = get_kb_item(\"MS/Lync/Attendee/path\");\nif(lyncPath)\n{\n dllVer = fetch_file_version(sysPath:lyncPath, file_name:\"Rtmpltfm.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.7577.4539\"))\n {\n\n report = 'File checked: ' + lyncPath + \"Rtmpltfm.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: 4.0 - 4.0.7577.4539' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:24:08", "description": "This host is missing an important security\n update according to Microsoft KB4025868", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Live Meeting 2007 Console Multiple Vulnerabilities (KB4025868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Live Meeting 2007 Console Multiple Vulnerabilities (KB4025868)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:office_live_meeting\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811690\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_bugtraq_id(100755, 100773, 100780);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:16:50 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Live Meeting 2007 Console Multiple Vulnerabilities (KB4025868)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4025868\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory, allowing an attacker to retrieve information from a targeted system.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - The way Windows Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system. By itself, the information\n disclosure does not allow arbitrary code execution. However, it could allow\n arbitrary code to be run if the attacker uses it in combination with another\n vulnerability.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Live Meeting 2007 Console.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025868\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_live_meeting_detect.nasl\");\n script_mandatory_keys(\"MS/OfficeLiveMeeting/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nappPath = get_app_location(cpe:CPE, skip_port:TRUE);\nif(!appPath || \"Couldn find the install location\" >< appPath){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:appPath, file_name:\"Ogl.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif(version_is_less(version:dllVer, test_version:\"12.0.6776.5000\"))\n{\n report = 'File checked: ' + appPath + \"Ogl.dll\"+ '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: Less than 12.0.6776.5000\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:49", "description": "This host is missing an important security\n update according to Microsoft KB4025865", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Lync 2010 Multiple Vulnerabilities (KB4025865)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8676"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811755", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Lync 2010 Multiple Vulnerabilities (KB4025865)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811755\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8696\", \"CVE-2017-8695\");\n script_bugtraq_id(100755, 100780, 100773);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:33:44 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Lync 2010 Multiple Vulnerabilities (KB4025865)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4025865\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory.\n\n - An error when Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to retrieve information from a targeted system to further compromise the user's\n system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Lync 2010 (32-bit and 64-bit).\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4025865\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"secpod_ms_lync_detect_win.nasl\");\n script_mandatory_keys(\"MS/Lync/Installed\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(get_kb_item(\"MS/Lync/Ver\"))\n{\n lyncPath = get_kb_item(\"MS/Lync/path\");\n\n ## For MS Lync Basic\n if(!lyncPath){\n lyncPath = get_kb_item(\"MS/Lync/Basic/path\");\n }\n\n if(lyncPath)\n {\n lyncPath1 = lyncPath + \"OFFICE14\";\n\n commVer = fetch_file_version(sysPath:lyncPath1, file_name:\"Rtmpltfm.dll\");\n if(commVer)\n {\n if(commVer =~ \"^4\" && version_in_range(version:commVer, test_version:\"4.0\", test_version2:\"4.0.7577.4539\"))\n {\n report = 'File checked: ' + lyncPath1 + \"\\Rtmpltfm.dll\" + '\\n' +\n 'File version: ' + commVer + '\\n' +\n 'Vulnerable range: ' + \"4.0 - 4.0.7577.4539\" + '\\n' ;\n security_message(data:report);\n }\n }\n }\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:41:43", "description": "This host is missing an important security\n update according to Microsoft KB3213562", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Web Apps 2013 Service Pack 1 Multiple Vulnerabilities (KB3213562)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742", "CVE-2017-8631"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Web Apps 2013 Service Pack 1 Multiple Vulnerabilities (KB3213562)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811745\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8742\");\n script_bugtraq_id(100751, 100741);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:24:52 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Web Apps 2013 Service Pack 1 Multiple Vulnerabilities (KB3213562)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3213562\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to error in Microsoft\n Office software when the software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user and use a specially\n crafted file to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Office Web Apps 2013 Service Pack 1\n\n - Microsoft Excel Web App 2013 Service Pack 1\n\n - Microsoft Office Web Apps Server 2013 Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213562\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_office_web_apps_detect.nasl\");\n script_mandatory_keys(\"MS/Office/Web/Apps/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:\"cpe:/a:microsoft:office_web_apps\", exit_no_version:TRUE ) ) exit( 0 );\nwebappVer = infos['version'];\npath = infos['location'];\nif(!path || \"Could not find the install location\" >< path){\n exit(0);\n}\n\n## Microsoft Office Web Apps 2013\nif(webappVer =~ \"^15\\.\")\n{\n path = path + \"\\PPTConversionService\\bin\\Converter\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"msoserver.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"15.0\", test_version2:\"15.0.4963.0999\"))\n {\n report = 'File checked: ' + path + \"\\msoserver.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + \"15.0 - 15.0.4963.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:18:56", "description": "This host is missing a critical security\n update according to Microsoft KB3213632", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Web Apps 2010 Service Pack 2 Multiple Vulnerabilities (KB3213632)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742", "CVE-2017-8696"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Web Apps 2010 Service Pack 2 Multiple Vulnerabilities (KB3213632)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811749\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\", \"CVE-2017-8696\");\n script_bugtraq_id(100741, 100780);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 10:49:10 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Web Apps 2010 Service Pack 2 Multiple Vulnerabilities (KB3213632)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB3213632\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to an error\n in Microsoft Office software when the software fails to properly handle\n objects in memory and due to the way Windows Uniscribe handles objects\n in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to run arbitrary code in the context\n of the current user and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Web Apps 2010 Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213632\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_office_web_apps_detect.nasl\");\n script_mandatory_keys(\"MS/Office/Web/Apps/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:\"cpe:/a:microsoft:office_web_apps\", exit_no_version:TRUE ) ) exit( 0 );\nwebappVer = infos['version'];\npath = infos['location'];\nif(!path || \"Could not find the install location\" >< path){\n exit(0);\n}\n\n## Microsoft Office Web Apps 2010\nif(webappVer =~ \"^14\\.\")\n{\n path = path + \"\\PPTConversionService\\bin\\Converter\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"msoserver.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.7188.4999\"))\n {\n report = 'File checked: ' + path + \"\\msoserver.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + \"14.0 - 14.0.7188.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:42:24", "description": "This host is missing an important security\n update according to Microsoft KB3212225", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Mac 2011 Multiple Vulnerabilities (KB3212225)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8567", "CVE-2017-8631", "CVE-2017-8676", "CVE-2017-8632"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811812", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811812", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Mac 2011 Multiple Vulnerabilities (KB3212225)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811812\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-8567\", \"CVE-2017-8631\", \"CVE-2017-8632\", \"CVE-2017-8676\");\n script_bugtraq_id(100719, 100751, 100734, 100755);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 08:47:40 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Mac 2011 Multiple Vulnerabilities (KB3212225)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3212225\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists when,\n\n - Microsoft Office software fails to properly handle objects in memory.\n\n - The Windows Graphics Device Interface (GDI) improperly handles objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to run arbitrary code in the context of the current user,\n perform actions in the security context of the current user and retrieve\n information from a targeted system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Excel for Mac 2011\n\n - Microsoft Office for Mac 2011\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3212225\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Office/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n\nif(!offVer = get_kb_item(\"MS/Office/MacOSX/Ver\")){\n exit(0);\n}\n\nif(offVer =~ \"^(14\\.)\")\n{\n if(version_is_less(version:offVer, test_version:\"14.1.7\"))\n {\n report = 'File version: ' + offVer + '\\n' +\n 'Vulnerable range: 14.1.0 - 14.1.6' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:55", "description": "This host is missing an important security\n update according to Microsoft KB3213560", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft SharePoint Server 2013 Service Pack 1 Remote Code Execution Vulnerability (KB3213560)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811669", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811669", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Server 2013 Service Pack 1 Remote Code Execution Vulnerability (KB3213560)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811669\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\");\n script_bugtraq_id(100741);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:21:36 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft SharePoint Server 2013 Service Pack 1 Remote Code Execution Vulnerability (KB3213560)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3213560\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to Microsoft Office software\n fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Server 2013 Service Pack 1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213560\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_mandatory_keys(\"MS/SharePoint/Server/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:\"cpe:/a:microsoft:sharepoint_server\", exit_no_version:TRUE ) ) exit( 0 );\n\nshareVer = infos['version'];\nif(!shareVer || shareVer !~ \"^15\\.\"){\n exit(0);\n}\n\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office15.OSERVER\",\n item:\"InstallLocation\");\nif(path)\n{\n path = path + \"\\15.0\\WebServices\\ConversionServices\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"microsoft.office.server.native.dll\");\n if(dllVer && dllVer =~ \"^15\\.\")\n {\n if(version_is_less(version:dllVer, test_version:\"15.0.4919.1000\"))\n {\n report = 'File checked: ' + path + \"\\microsoft.office.server.native.dll\"+ '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + \"15.0 - 15.0.4919.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:23:17", "description": "This host is missing an important security\n update according to Microsoft KB4011069", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft PowerPoint 2013 Service Pack 1 Remote Code Execution Vulnerability (KB4011069)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811661", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft PowerPoint 2013 Service Pack 1 Remote Code Execution Vulnerability (KB4011069)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811661\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\");\n script_bugtraq_id(100741);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 08:40:06 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft PowerPoint 2013 Service Pack 1 Remote Code Execution Vulnerability (KB4011069)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011069\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the software fails to\n properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft PowerPoint 2013 Service Pack 1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011069\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/PowerPnt/Version\", \"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\npptVer = get_kb_item(\"SMB/Office/PowerPnt/Version\");\nif(!pptVer){\n exit(0);\n}\n\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\nif(!path){\n exit(0);\n}\n\n## Office Path\noffPath = path + \"\\Microsoft Office\\OFFICE15\" ;\n\nexeVer = fetch_file_version(sysPath:offPath, file_name:\"ppcore.dll\");\nif(!exeVer){\n exit(0);\n}\n\nif(exeVer =~ \"^15\\.\" && version_is_less(version:exeVer, test_version:\"15.0.4963.1000\"))\n{\n report = 'File checked: ' + offPath + \"\\ppcore.dll\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: ' + \"15.0 - 15.0.4963.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:27:26", "description": "This host is missing an important security\n update according to Microsoft KB3128030", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft PowerPoint Viewer 2007 Remote Code Execution Vulnerability (KB3128030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft PowerPoint Viewer 2007 Remote Code Execution Vulnerability (KB3128030)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811826\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\");\n script_bugtraq_id(100741);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 13:59:24 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft PowerPoint Viewer 2007 Remote Code Execution Vulnerability (KB3128030)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3128030\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to Microsoft Office\n software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited the vulnerability could run arbitrary\n code in the context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft PowerPoint Viewer 2007.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3128030\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\", \"SMB/Office/PPView/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nppviewVer = get_kb_item(\"SMB/Office/PPView/Version\");\nif(!ppviewVer){\n exit(0);\n}\n\nppviewPath = get_kb_item(\"SMB/Office/PPView/FilePath\");\nif(!ppviewPath){\n ppviewPath = \"Unable to get installation path\";\n}\n\nif(ppviewVer =~ \"^(14\\.)\" && version_is_less(version:ppviewVer, test_version:\"14.0.7188.5000\"))\n{\n report = 'File checked: ' + ppviewPath + \"\\pptview.exe\" + '\\n' +\n 'File version: ' + ppviewVer + '\\n' +\n 'Vulnerable range: 14.0 - 14.0.7188.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:38", "description": "This host is missing an important security\n update according to Microsoft KB3213642", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft PowerPoint 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3213642)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft PowerPoint 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3213642)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811744\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\");\n script_bugtraq_id(100741);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:12:03 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft PowerPoint 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3213642)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3213642\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in Microsoft\n Office software when the software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to run arbitrary code in the context\n of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft PowerPoint 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213642\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/PowerPnt/Version\", \"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\npptVer = get_kb_item(\"SMB/Office/PowerPnt/Version\");\nif(!pptVer){\n exit(0);\n}\n\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\nif(!path){\n exit(0);\n}\n\n## Office Path\noffPath = path + \"\\Microsoft Office\\OFFICE12\" ;\n\nexeVer = fetch_file_version(sysPath:offPath, file_name:\"ppcore.dll\");\nif(!exeVer){\n exit(0);\n}\n\nif(exeVer =~ \"^12\\.\" && version_is_less(version:exeVer, test_version:\"12.0.6776.5000\"))\n{\n report = 'File checked: ' + offPath + \"\\ppcore.dll\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: ' + \"12.0 - 12.0.6776.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:23:52", "description": "This host is missing an important security\n update according to Microsoft KB3128027", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft PowerPoint 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3128027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft PowerPoint 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3128027)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811679\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\");\n script_bugtraq_id(100741);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 10:43:17 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft PowerPoint 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3128027)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3128027\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to Microsoft Office software\n fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft PowerPoint 2010 Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3128027\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/PowerPnt/Version\", \"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\npptVer = get_kb_item(\"SMB/Office/PowerPnt/Version\");\nif(!pptVer){\n exit(0);\n}\n\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\nif(!path){\n exit(0);\n}\n\n## Office Path\noffPath = path + \"\\Microsoft Office\\OFFICE14\" ;\n\nexeVer = fetch_file_version(sysPath:offPath, file_name:\"ppcore.dll\");\nif(!exeVer){\n exit(0);\n}\n\nif(exeVer =~ \"^14\\.\" && version_is_less(version:exeVer, test_version:\"14.0.7188.5000\"))\n{\n report = 'File checked: ' + offPath + \"\\ppcore.dll\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: ' + \"14.0 - 14.0.7188.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:26:23", "description": "This host is missing an important security\n update according to Microsoft KB3213644", "cvss3": {}, "published": "2017-09-14T00:00:00", "type": "openvas", "title": "Microsoft Office Compatibility Pack Service Pack 3 Remote Code Execution Vulnerability (KB3213644)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811762", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811762", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Compatibility Pack Service Pack 3 Remote Code Execution Vulnerability (KB3213644)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811762\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\");\n script_bugtraq_id(100741);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-14 11:43:13 +0530 (Thu, 14 Sep 2017)\");\n script_name(\"Microsoft Office Compatibility Pack Service Pack 3 Remote Code Execution Vulnerability (KB3213644)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3213644\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to error in Microsoft\n Office software when the software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability could run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Compatibility Pack Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213644\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/ComptPack/Version\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Program Files Directory\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\nif(!path){\n exit(0);\n}\n\n## Path for 'Ppcnv.dll'\npath = path + \"\\Microsoft Office\\Office12\";\ndllVer = fetch_file_version(sysPath:path, file_name:\"Ppcnv.dll\");\nif(dllVer)\n{\n if(version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6776.4999\"))\n {\n report = 'File checked: ' + path + \"\\Ppcnv.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6776.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:51", "description": "This host is missing a critical security\n update according to Microsoft KB4039384", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4039384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8685", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8696", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8675"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811673", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811673", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4039384)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811673\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8720\", \"CVE-2017-8678\",\n \"CVE-2017-8680\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8683\",\n \"CVE-2017-8684\", \"CVE-2017-8685\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_bugtraq_id(100752, 100755, 100769, 100722, 100727, 100772, 100781, 100782,\n 100724, 100736, 100756, 100773, 100780);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:37:18 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4039384)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4039384\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way Windows Uniscribe handles objects in memory.\n\n - The Windows kernel improperly handles objects in memory.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - When the Windows GDI+ component improperly discloses kernel memory addresses.\n\n - When the Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n - When the Windows font library improperly handles specially crafted embedded\n fonts.\n\n - The way that the Windows Graphics Device Interface (GDI) handles objects in\n memory, allowing an attacker to retrieve information from a targeted system.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to take control of the affected system and obtain access to information to further\n compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4039384\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.0.6002.19862\"))\n{\n Vulnerable_range = \"Less than 6.0.6002.19862\";\n VULN = TRUE ;\n}\n\nelse if(version_in_range(version:fileVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.24182\"))\n{\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.24182\";\n VULN = TRUE ;\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\win32k.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:23:17", "description": "This host is missing an important security\n update according to Microsoft KB4011062", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Excel 2007 Service Pack 3 Remote Code Execution Vulnerability (KB4011062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811754", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Excel 2007 Service Pack 3 Remote Code Execution Vulnerability (KB4011062)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811754\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\");\n script_bugtraq_id(100751);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:19:30 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Excel 2007 Service Pack 3 Remote Code Execution Vulnerability (KB4011062)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011062\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in Microsoft\n Office software when it fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to use a specially crafted file\n to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Excel 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011062\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Excel/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexcelVer = get_kb_item(\"SMB/Office/Excel/Version\");\nif(!excelVer){\n exit(0);\n}\n\nexcelPath = get_kb_item(\"SMB/Office/Excel/Install/Path\");\nif(!excelPath){\n excelPath = \"Unable to fetch the install path\";\n}\n\nif(excelVer =~ \"^(12\\.)\" && version_is_less(version:excelVer, test_version:\"12.0.6776.5000\"))\n{\n report = 'File checked: ' + excelPath + \"Excel.exe\" + '\\n' +\n 'File version: ' + excelVer + '\\n' +\n 'Vulnerable range: ' + \"12.0 - 12.0.6776.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:24", "description": "This host is missing an important security\n update according to Microsoft KB4011065", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Excel Viewer 2007 Service Pack 3 Remote Code Execution Vulnerability (KB4011065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811750", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Excel Viewer 2007 Service Pack 3 Remote Code Execution Vulnerability (KB4011065)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811750\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\");\n script_bugtraq_id(100751);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 10:54:13 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Excel Viewer 2007 Service Pack 3 Remote Code Execution Vulnerability (KB4011065)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011065\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an arror in Microsoft\n Office software when it fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to use a specially crafted file to\n perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Excel Viewer 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011065\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/XLView/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nexcelviewVer = get_kb_item(\"SMB/Office/XLView/Version\");\nif(!excelviewVer){\n exit(0);\n}\nif(excelviewVer =~ \"^(12\\.)\" && version_is_less(version:excelviewVer, test_version:\"12.0.6776.5000\"))\n{\n report = 'File checked: Xlview.exe' + '\\n' +\n 'File version: ' + excelviewVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6776.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:27:26", "description": "This host is missing an important security\n update according to Microsoft KB3191831.", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft SharePoint Server 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3191831)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Server 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3191831)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:sharepoint_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811813\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\");\n script_bugtraq_id(100751);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:04:38 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft SharePoint Server 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3191831)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3191831.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to Microsoft Office\n software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited the vulnerability to use a specially\n crafted file to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Server 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3191831\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_mandatory_keys(\"MS/SharePoint/Server/Ver\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(!path || \"Could not find the install location\" >< path)\n exit(0);\n\n# nb: SharePoint Server 2007\nif(vers =~ \"^12\\.\") {\n check_path = path + \"\\12.0\\Bin\";\n check_file = \"xlsrv.dll\";\n\n dllVer = fetch_file_version(sysPath:check_path, file_name:check_file);\n if(dllVer) {\n if(version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6776.4999\")) {\n report = report_fixed_ver(file_checked:check_path + \"\\\" + check_file, file_version:dllVer, vulnerable_range:\"12.0 - 12.0.6776.4999\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:20:33", "description": "This host is missing an important security\n update according to Microsoft KB4011056", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft SharePoint Server 2010 Excel Services Remote Code Execution Vulnerability (KB4011056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811825", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811825", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Server 2010 Excel Services Remote Code Execution Vulnerability (KB4011056)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811825\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\");\n script_bugtraq_id(100751);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 13:36:50 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft SharePoint Server 2010 Excel Services Remote Code Execution Vulnerability (KB4011056)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011056\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to Microsoft Office software\n fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited the vulnerability to use a specially\n crafted file to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Server 2010 Service Pack 2 Excel Services.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011056\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_mandatory_keys(\"MS/SharePoint/Server/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:'cpe:/a:microsoft:sharepoint_server', exit_no_version:TRUE ) ) exit( 0 );\nshareVer = infos['version'];\npath = infos['location'];\nif(!path || \"Could not find the install location\" >< path){\n exit(0);\n}\n\nif(shareVer =~ \"^(14\\.)\")\n{\n path = path + \"\\14.0\\Bin\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"xlsrv.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.7188.4999\"))\n {\n report = 'File checked: ' + path + \"\\xlsrv.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + \"14.0 - 14.0.7188.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:49", "description": "This host is missing a critical security\n update according to Microsoft KB3213649", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Graphics Component Remote Code Execution Vulnerability (KB3213649)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8696"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811329", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Graphics Component Remote Code Execution Vulnerability (KB3213649)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811329\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8696\");\n script_bugtraq_id(100780);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:39:23 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Graphics Component Remote Code Execution Vulnerability (KB3213649)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB3213649\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the way Windows\n Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information and execute\n arbitrary code in the context of current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2007 Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213649\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\noffVer = get_kb_item(\"MS/Office/Ver\");\nif(!offVer || offVer !~ \"^12\\.\"){\n exit(0);\n}\n\noffPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Office\\12.0\\Common\\InstallRoot\",\n item:\"Path\");\nif(!offPath){\n exit(0);\n}\n\nmsdllVer = fetch_file_version(sysPath:offPath, file_name:\"Usp10.dll\");\nif(!msdllVer){\n exit(0);\n}\n\nif(version_is_less(version:msdllVer, test_version:\"1.626.6002.24173\"))\n{\n report = 'File checked: ' + offPath + \"Usp10.dll\" + '\\n' +\n 'File version: ' + msdllVer + '\\n' +\n 'Vulnerable range: ' + \"Less than 1.626.6002.24173\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:26:10", "description": "This host is missing a critical security\n update according to Microsoft KB3213631", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3213631)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8696"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811743", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811743", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3213631)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811743\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8696\");\n script_bugtraq_id(100780);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:02:09 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office 2010 Service Pack 2 Remote Code Execution Vulnerability (KB3213631)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB3213631\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to the way Windows Uniscribe\n handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker who\n successfully exploited this vulnerability to take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2010 Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3213631\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\noffVer = get_kb_item(\"MS/Office/Ver\");\nif(!offVer || offVer !~ \"^14\\.\"){\n exit(0);\n}\n\nmsPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(msPath)\n{\n msPath = msPath + \"\\Microsoft Office\\OFFICE14\";\n msdllVer = fetch_file_version(sysPath:msPath, file_name:\"Usp10.dll\");\n if(!msdllVer){\n exit(0);\n }\n\n if(version_is_less(version:msdllVer, test_version:\"1.0626.7601.23883\"))\n {\n report = 'File checked: ' + msPath + \"\\Usp10.dll\" + '\\n' +\n 'File version: ' + msdllVer + '\\n' +\n 'Vulnerable range: ' + \"Less than 1.0626.7601.23883\" + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:26:29", "description": "This host is missing a critical security\n update according to Microsoft KB4011125", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Word Viewer Remote Code Execution Vulnerability (KB4011125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8696"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Viewer Remote Code Execution Vulnerability (KB4011125)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811822\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8696\");\n script_bugtraq_id(100780);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 12:26:27 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Word Viewer Remote Code Execution Vulnerability (KB4011125)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4011125\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to due to the way Windows\n Uniscribe handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited this vulnerability to take control\n of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Word Viewer.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011125\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordView/Version\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nwordviewVer = get_kb_item(\"SMB/Office/WordView/Version\");\nif(!wordviewVer){\n exit(0);\n}\n\nwordviewPath = get_kb_item(\"SMB/Office/WordView/Install/Path\");\nif(!wordviewPath){\n wordviewPath = \"Unable to fetch the install path\";\n}\n\noffPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(offPath)\n{\n offPath += \"\\Microsoft Shared\\OFFICE11\";\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"usp10.dll\");\n if(dllVer)\n {\n if(version_is_less(version:dllVer, test_version:\"1.626.6002.24173\"))\n {\n report = 'File checked: ' + offPath + \"\\Usp10.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: Less than 1.626.6002.24173 \\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:13", "description": "This host is missing an important security\n update according to Microsoft KB4011041", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft PowerPoint 2016 Multiple RCE Vulnerabilities (KB4011041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8743", "CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811753", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft PowerPoint 2016 Multiple RCE Vulnerabilities (KB4011041)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811753\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\", \"CVE-2017-8743\");\n script_bugtraq_id(100741, 100746);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:16:30 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft PowerPoint 2016 Multiple RCE Vulnerabilities (KB4011041)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011041\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to an error in\n Microsoft Office software when the software fails to properly handle objects\n in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to run arbitrary code in the context\n of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft PowerPoint 2016.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011041\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/PowerPnt/Version\", \"MS/Office/Ver\");\n script_require_ports(139, 445);\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011041\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\npptVer = get_kb_item(\"SMB/Office/PowerPnt/Version\");\nif(!pptVer){\n exit(0);\n}\n\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\nif(!path){\n exit(0);\n}\n\n## Office Path\noffPath = path + \"\\Microsoft Office\\OFFICE16\" ;\n\n\nexeVer = fetch_file_version(sysPath:offPath, file_name:\"ppcore.dll\");\nif(!exeVer){\n exit(0);\n}\n\nif(exeVer =~ \"^16\\.\" && version_is_less(version:exeVer, test_version:\"16.0.4588.1000\"))\n{\n report = 'File checked: ' + offPath + \"\\ppcore.dll\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: ' + \"16.0 - 16.0.4588.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:46", "description": "This host is missing an important security\n update according to Microsoft KB4011127", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft SharePoint Enterprise Server 2016 Multiple Vulnerabilities (KB4011127)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8743", "CVE-2017-8742"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811742", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Enterprise Server 2016 Multiple Vulnerabilities (KB4011127)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811742\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8742\", \"CVE-2017-8743\");\n script_bugtraq_id(100741, 100746);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 08:55:50 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft SharePoint Enterprise Server 2016 Multiple Vulnerabilities (KB4011127)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011127\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to error in Microsoft\n Office software when the software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited the vulnerability to run arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Enterprise Server 2016.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011127\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_mandatory_keys(\"MS/SharePoint/Server/Ver\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:'cpe:/a:microsoft:sharepoint_server', exit_no_version:TRUE ) ) exit( 0 );\nshareVer = infos['version'];\npath = infos['location'];\nif(!path || \"Could not find the install location\" >< path){\n exit(0);\n}\n\nif(shareVer =~ \"^16\\..*\")\n{\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\n if(path)\n {\n path = path + \"\\microsoft shared\\Web Server Extensions\\16\\BIN\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"Onetutil.dll\");\n\n if(dllVer && version_in_range(version:dllVer, test_version:\"16.0\", test_version2:\"16.0.4588.0999\"))\n {\n report = 'File checked: ' + path + \"\\Onetutil.dll\"+ '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: 16.0 - 16.0.4588.0999' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:02", "description": "This host is missing an important security\n update according to Microsoft KB4011108", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB4011108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811680", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811680", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB4011108)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811680\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\");\n script_bugtraq_id(100751, 100734);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 10:45:48 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB4011108)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011108\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to Microsoft Office\n fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to use a specially crafted file to perform actions in the security context of the\n current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Excel 2013 Service Pack 1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011108\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Excel/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexcelVer = get_kb_item(\"SMB/Office/Excel/Version\");\nif(!excelVer){\n exit(0);\n}\n\nexcelPath = get_kb_item(\"SMB/Office/Excel/Install/Path\");\nif(!excelPath){\n excelPath = \"Unable to fetch the install path\";\n}\n\nif(excelVer =~ \"^(15\\.)\" && version_is_less(version:excelVer, test_version:\"15.0.4963.1000\"))\n{\n report = 'File checked: ' + excelPath + \"Excel.exe\" + '\\n' +\n 'File version: ' + excelVer + '\\n' +\n 'Vulnerable range: ' + \"15.0 - 15.0.4963.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:27:57", "description": "This host is missing an important security\n update according to Microsoft KB4011061", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Excel 2010 Service Pack 2 Multiple Vulnerabilities (KB4011061)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811814", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Excel 2010 Service Pack 2 Multiple Vulnerabilities (KB4011061)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811814\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\");\n script_bugtraq_id(100751, 100734);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:14:26 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Excel 2010 Service Pack 2 Multiple Vulnerabilities (KB4011061)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011061\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to Microsoft Office\n software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited the vulnerability to use a specially\n crafted file to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Excel 2010 Service Pack 2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011061\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Excel/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nexcelVer = get_kb_item(\"SMB/Office/Excel/Version\");\nif(!excelVer){\n exit(0);\n}\n\nexcelPath = get_kb_item(\"SMB/Office/Excel/Install/Path\");\nif(!excelPath){\n excelPath = \"Unable to fetch the install path\";\n}\n\nif(excelVer =~ \"^(14\\.)\" && version_is_less(version:excelVer, test_version:\"14.0.7188.5000\"))\n{\n report = 'File checked: ' + excelPath + \"Excel.exe\" + '\\n' +\n 'File version: ' + excelVer + '\\n' +\n 'Vulnerable range: ' + \"14.0 - 14.0.7188.4999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:26:28", "description": "This host is missing an important security\n update according to Microsoft KB4011050", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Excel 2016 Multiple Vulnerabilities (KB4011050)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Excel 2016 Multiple Vulnerabilities (KB4011050)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811748\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\");\n script_bugtraq_id(100751, 100734);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 10:41:45 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Excel 2016 Multiple Vulnerabilities (KB4011050)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011050\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to an error in\n Microsoft Office software when it fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited the vulnerability could use a specially\n crafted file to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Excel 2016.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011050\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Excel/Version\");\n\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexcelVer = get_kb_item(\"SMB/Office/Excel/Version\");\nif(!excelVer){\n exit(0);\n}\n\nexcelPath = get_kb_item(\"SMB/Office/Excel/Install/Path\");\nif(!excelPath){\n excelPath = \"Unable to fetch the install path\";\n}\n\nif(excelVer =~ \"^(16\\.)\" && version_is_less(version:excelVer, test_version:\"16.0.4588.1000\"))\n{\n report = 'File checked: ' + excelPath + \"Excel.exe\" + '\\n' +\n 'File version: ' + excelVer + '\\n' +\n 'Vulnerable range: ' + \"16.0 - 16.0.4588.0999\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:18:55", "description": "This host is missing an important security\n update according to Microsoft KB4011064", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office Compatibility Pack Service Pack 3 Multiple Vulnerabilities (KB4011064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811818", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811818", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Compatibility Pack Service Pack 3 Multiple Vulnerabilities (KB4011064)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811818\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\");\n script_bugtraq_id(100751, 100734);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 10:13:27 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office Compatibility Pack Service Pack 3 Multiple Vulnerabilities (KB4011064)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4011064\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists when\n Microsoft Office software fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker who successfully exploited the vulnerability to use a specially\n crafted file to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Compatibility Pack Service Pack 3.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4011064\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/ComptPack/Version\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\npath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"ProgramFilesDir\");\nif(!path){\n exit(0);\n}\n\ncmpPckVer = get_kb_item(\"SMB/Office/ComptPack/Version\");\nif(cmpPckVer && cmpPckVer =~ \"^12\\.\")\n{\n xlcnvVer = get_kb_item(\"SMB/Office/XLCnv/Version\");\n if(xlcnvVer && xlcnvVer =~ \"^12\\.\")\n {\n offpath = path + \"\\Microsoft Office\\Office12\";\n sysVer = fetch_file_version(sysPath:offpath, file_name:\"xl12cnv.exe\");\n if(sysVer && sysVer =~ \"^12\\.\")\n {\n if(version_in_range(version:sysVer, test_version:\"12.0\", test_version2:\"12.0.6776.4999\"))\n {\n report = 'File checked: ' + offpath + \"\\xl12cnv.exe\" + '\\n' +\n 'File version: ' + sysVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6776.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:54", "description": "This host is missing a critical security\n update according to Microsoft KB4038777", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8741", "CVE-2017-8707", "CVE-2017-8685", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-8710", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8699", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8696", "CVE-2017-8677", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8675"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811746", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811746", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038777)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811746\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8628\",\n \"CVE-2017-8733\", \"CVE-2017-8736\", \"CVE-2017-8675\", \"CVE-2017-8676\",\n \"CVE-2017-8741\", \"CVE-2017-8677\", \"CVE-2017-8678\", \"CVE-2017-8747\",\n \"CVE-2017-8748\", \"CVE-2017-8679\", \"CVE-2017-8680\", \"CVE-2017-8681\",\n \"CVE-2017-8749\", \"CVE-2017-8750\", \"CVE-2017-8682\", \"CVE-2017-8683\",\n \"CVE-2017-8684\", \"CVE-2017-8685\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8696\", \"CVE-2017-8699\", \"CVE-2017-8707\", \"CVE-2017-8708\",\n \"CVE-2017-8709\", \"CVE-2017-8710\", \"CVE-2017-8695\");\n script_bugtraq_id(100728, 100744, 100737, 100743, 100752, 100755, 100764, 100767,\n 100769, 100765, 100766, 100720, 100722, 100727, 100770, 100771,\n 100772, 100781, 100782, 100724, 100736, 100756, 100780, 100783,\n 100790, 100791, 100792, 100793, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:34:11 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038777)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038777\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error when Windows Hyper-V on a host operating system fails to properly\n validate input from an authenticated user on a guest operating system.\n\n - An issue when the Windows kernel fails to properly initialize a memory address.\n\n - An error when the Windows kernel improperly handles objects in memory.\n\n - An error in Microsoft's implementation of the Bluetooth stack.\n\n - An error in the way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - An error when Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\n\n - An error when Microsoft browsers improperly access objects in memory.\n\n - An error when Internet Explorer improperly handles specific HTML content.\n\n - An error in Microsoft browsers due to improper parent domain verification in\n certain functionality.\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - An error when the Windows GDI+ component improperly discloses kernel memory\n addresses.\n\n - An error in Windows when the Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - An error when Windows Shell does not properly validate file copy destinations.\n\n - An error in Windows kernel.\n\n - An error when the Windows font library improperly handles specially crafted\n embedded fonts.\n\n - An error in the Microsoft Common Console Document.\n\n - An error in Windows when the Win32k component fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain access to potentially sensitive information, perform a\n man-in-the-middle attack and force a user's computer to unknowingly route\n traffic through the attacker's computer, execute arbitrary code on the target,\n embed an ActiveX control marked safe for initialization, take complete control\n of the affected system and read arbitrary files on the affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038777\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32spl.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.23889\"))\n{\n report = 'File checked: ' + sysPath + \"\\win32spl.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.1.7601.23889\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:50", "description": "This host is missing a critical security\n update according to Microsoft KB4038799", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8749", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8714", "CVE-2017-8728", "CVE-2017-8686", "CVE-2017-8677", "CVE-2017-8747", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8733", "CVE-2017-8675"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811823", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811823\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8728\",\n \"CVE-2017-8733\", \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\",\n \"CVE-2017-8741\", \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8680\",\n \"CVE-2017-8749\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8683\",\n \"CVE-2017-8684\", \"CVE-2017-8686\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8692\", \"CVE-2017-8695\", \"CVE-2017-8699\", \"CVE-2017-8707\",\n \"CVE-2017-8708\", \"CVE-2017-8709\", \"CVE-2017-8713\", \"CVE-2017-8714\",\n \"CVE-2017-8677\", \"CVE-2017-8747\");\n script_bugtraq_id(100728, 100739, 100737, 100752, 100755, 100749, 100764, 100769,\n 100720, 100722, 100770, 100727, 100772, 100781, 100782, 100730,\n 100736, 100756, 100762, 100773, 100783, 100790, 100791, 100792,\n 100796, 100767, 100765);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 12:55:59 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038799\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists. Please see the references for more information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to execute arbitrary code, escalate privileges and obtain sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038799\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"glcndfilter.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.2.9200.22257\"))\n{\n report = 'File checked: ' + sysPath + \"\\glcndfilter.dll\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.2.9200.22257\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:42:37", "description": "This host is missing a critical security\n update according to Microsoft KB4038792", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038792)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8682", "CVE-2017-8684", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8680", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8714", "CVE-2017-8728", "CVE-2017-8686", "CVE-2017-8677", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8675"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811665", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038792)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811665\");\n script_version(\"2019-12-20T12:42:55+0000\");\n script_cve_id(\"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8741\",\n \"CVE-2017-0161\", \"CVE-2017-8720\", \"CVE-2017-8728\", \"CVE-2017-8628\",\n \"CVE-2017-8733\", \"CVE-2017-8736\", \"CVE-2017-8677\", \"CVE-2017-8678\",\n \"CVE-2017-8747\", \"CVE-2017-8748\", \"CVE-2017-8749\", \"CVE-2017-8679\",\n \"CVE-2017-8680\", \"CVE-2017-8681\", \"CVE-2017-8750\", \"CVE-2017-8682\",\n \"CVE-2017-8683\", \"CVE-2017-8684\", \"CVE-2017-8686\", \"CVE-2017-8687\",\n \"CVE-2017-8688\", \"CVE-2017-8692\", \"CVE-2017-8695\", \"CVE-2017-8699\",\n \"CVE-2017-8707\", \"CVE-2017-8708\", \"CVE-2017-8709\", \"CVE-2017-8713\",\n \"CVE-2017-8714\", \"CVE-2017-8719\");\n script_bugtraq_id(100752, 100755, 100749, 100764, 100728, 100739, 100744, 100737,\n 100743, 100767, 100769, 100765, 100766, 100770, 100720, 100722,\n 100727, 100771, 100772, 100781, 100782, 100730, 100736, 100756,\n 100762, 100773, 100783, 100790, 100791, 100792, 100796);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:42:55 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:14:23 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038792)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038792\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update includes improvements and\n fixes that resolves,\n\n - Internet Explorer 11's navigation bar with search box.\n\n - Internet Explorer where undo is broken if character conversion is canceled\n using IME.\n\n - Internet Explorer where graphics render incorrectly.\n\n - Internet Explorer where the Delete key functioned improperly.\n\n - NPS server where EAP TLS authentication was broken.\n\n - Security updates to Microsoft Graphics Component, Windows kernel-mode drivers,\n Windows shell, Microsoft Uniscribe, Microsoft Windows PDF Library, Windows TPM,\n Windows Hyper-V, Windows kernel, Windows DHCP Server, and Internet Explorer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to get information on the Hyper-V host operating system, could\n retrieve the base address of the kernel driver from a compromised process, could\n obtain information to further compromise the users system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038792\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"drivers\\vpcivsp.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.18790\"))\n{\n report = 'File checked: ' + sysPath + \"drivers\\vpcivsp.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.3.9600.18790\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:02", "description": "This host is missing a critical security\n update according to Microsoft KB4038781", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038781)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8756", "CVE-2017-8682", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8738", "CVE-2017-8728", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8702", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8675", "CVE-2017-8723"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811757", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811757", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038781)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811757\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8723\",\n \"CVE-2017-8728\", \"CVE-2017-11766\", \"CVE-2017-8628\", \"CVE-2017-8643\",\n \"CVE-2017-8733\", \"CVE-2017-8734\", \"CVE-2017-8735\", \"CVE-2017-8736\",\n \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8738\",\n \"CVE-2017-8741\", \"CVE-2017-8677\", \"CVE-2017-8747\", \"CVE-2017-8748\",\n \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8749\", \"CVE-2017-8750\",\n \"CVE-2017-8753\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8754\",\n \"CVE-2017-8756\", \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8683\",\n \"CVE-2017-8687\", \"CVE-2017-8688\", \"CVE-2017-8699\", \"CVE-2017-8702\",\n \"CVE-2017-8706\", \"CVE-2017-8707\", \"CVE-2017-8708\", \"CVE-2017-8709\",\n \"CVE-2017-8713\", \"CVE-2017-8692\", \"CVE-2017-8695\");\n script_bugtraq_id(100728, 100768, 100739, 100729, 100744, 100747, 100737, 100738,\n 100740, 100743, 100752, 100755, 100749, 100759, 100764, 100767,\n 100765, 100766, 100769, 100720, 100770, 100771, 100776, 100727,\n 100772, 100779, 100718, 100721, 100742, 100781, 100736, 100756,\n 100783, 100785, 100789, 100790, 100791, 100792, 100796, 100762,\n 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:02:14 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038781)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038781\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - When Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error in Windows Error Reporting (WER) when WER handles and executes files.\n\n - When the Windows kernel fails to properly initialize a memory address,\n allowing an attacker to retrieve information that could lead to a Kernel Address\n Space Layout Randomization (KASLR) bypass.\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Microsoft Edge improperly handles clipboard events.\n\n - An error in Microsoft's implementation of the Bluetooth stack.\n\n - An error in the way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\n\n - When the Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n - When Microsoft browsers improperly access objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content\n Security Policy (CSP) fails to properly validate certain specially crafted\n documents.\n\n - An error in the way Microsoft Edge handles objects in memory.\n\n - When Internet Explorer improperly handles specific HTML content.\n\n - When Microsoft Windows PDF Library improperly handles objects in memory.\n\n - An error in Microsoft browsers due to improper parent domain verification in\n certain functionality.\n\n - When Microsoft Edge does not properly parse HTTP content.\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - When the Windows GDI+ component improperly discloses kernel memory addresses.\n\n - An error in Windows when the Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - An error in the way that the Windows Graphics Device Interface+ (GDI+) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - An error when Windows Shell does not properly validate file copy destinations.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error in Windows kernel that could allow an attacker to retrieve information\n that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When the Windows font library improperly handles specially crafted embedded\n fonts.\n\n - An error in Windows when the Win32k component fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n gain access to potentially sensitive information, perform a man-in-the-middle\n attack and force a user's computer to unknowingly route traffic through the\n attacker's computer, embed an ActiveX control, execute arbitrary code, take control\n of the affected system, gain the same user rights as the current user, conduct\n phishing attack and conduct redirect attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038781\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17608\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10240.0 - 11.0.10240.17608\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:25:32", "description": "This host is missing a critical security\n update according to Microsoft KB4038783", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038783)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8756", "CVE-2017-8682", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8752", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8738", "CVE-2017-8728", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8660", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8702", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8755", "CVE-2017-8675", "CVE-2017-8723"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811759", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811759", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038783)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811759\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-11766\", \"CVE-2017-8720\", \"CVE-2017-8723\",\n \"CVE-2017-8728\", \"CVE-2017-8628\", \"CVE-2017-8643\", \"CVE-2017-8733\",\n \"CVE-2017-8734\", \"CVE-2017-8735\", \"CVE-2017-8736\", \"CVE-2017-8660\",\n \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8738\",\n \"CVE-2017-8741\", \"CVE-2017-8677\", \"CVE-2017-8678\", \"CVE-2017-8747\",\n \"CVE-2017-8748\", \"CVE-2017-8679\", \"CVE-2017-8749\", \"CVE-2017-8750\",\n \"CVE-2017-8752\", \"CVE-2017-8753\", \"CVE-2017-8754\", \"CVE-2017-8681\",\n \"CVE-2017-8682\", \"CVE-2017-8683\", \"CVE-2017-8755\", \"CVE-2017-8756\",\n \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8692\", \"CVE-2017-8699\", \"CVE-2017-8702\", \"CVE-2017-8706\",\n \"CVE-2017-8707\", \"CVE-2017-8708\", \"CVE-2017-8709\", \"CVE-2017-8713\",\n \"CVE-2017-8719\", \"CVE-2017-8695\");\n script_bugtraq_id(100728, 100729, 100768, 100739, 100744, 100747, 100737, 100738,\n 100740, 100743, 100757, 100752, 100755, 100749, 100759, 100764,\n 100767, 100769, 100765, 100766, 100720, 100770, 100771, 100775,\n 100776, 100779, 100727, 100772, 100781, 100778, 100718, 100721,\n 100742, 100736, 100756, 100762, 100783, 100785, 100789, 100790,\n 100791, 100792, 100796, 100773);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 15:18:56 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038783)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038783\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - When Windows Hyper-V on a host operating system fails to properly validate\n input from an authenticated user on a guest operating system.\n\n - An error in Windows Error Reporting (WER) when WER handles and executes files.\n\n - When the Windows kernel fails to properly initialize a memory address,\n allowing an attacker to retrieve information that could lead to a Kernel Address\n Space Layout Randomization (KASLR) bypass.\n\n - When the Windows kernel improperly handles objects in memory.\n\n - When Microsoft Edge improperly handles clipboard events.\n\n - An error in Microsoft's implementation of the Bluetooth stack.\n\n - An error in the way that Microsoft browser JavaScript engines render content when\n handling objects in memory.\n\n - When Microsoft Edge improperly accesses objects in memory.\n\n - An error due to the way Windows Uniscribe handles objects in memory.\n\n - When the Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n - When Microsoft browsers improperly access objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content\n Security Policy (CSP) fails to properly validate certain specially crafted\n documents.\n\n - An error in the way Microsoft Edge handles objects in memory.\n\n - When Internet Explorer improperly handles specific HTML content.\n\n - When Microsoft Windows PDF Library improperly handles objects in memory.\n\n - An error in Microsoft browsers due to improper parent domain verification in\n certain functionality.\n\n - When Microsoft Edge does not properly parse HTTP content.\n\n - An error in the way that the Windows Graphics Device Interface (GDI) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - When the Windows GDI+ component improperly discloses kernel memory addresses.\n\n - An error in Windows when the Windows kernel-mode driver fails to properly handle\n objects in memory.\n\n - An error in the way that the Windows Graphics Device Interface+ (GDI+) handles\n objects in memory, allowing an attacker to retrieve information from a targeted\n system.\n\n - An error when Windows Shell does not properly validate file copy destinations.\n\n - When Windows Uniscribe improperly discloses the contents of its memory.\n\n - An error in Windows kernel that could allow an attacker to retrieve information\n that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.\n\n - When Internet Explorer improperly accesses objects in memory.\n\n - When the Windows font library improperly handles specially crafted embedded\n fonts.\n\n - An error in Windows when the Win32k component fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to\n gain access to potentially sensitive information, perform a man-in-the-middle\n attack and force a user's computer to unknowingly route traffic through the\n attacker's computer, embed an ActiveX control, execute arbitrary code, take control\n of the affected system, gain the same user rights as the current user, conduct\n phishing attack and conduct redirect attacks.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038783\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1105\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10586.0 - 11.0.10586.1105\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:48:47", "description": "This host is missing a critical security\n update according to Microsoft KB4038782", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8704", "CVE-2017-8746", "CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8756", "CVE-2017-8731", "CVE-2017-8682", "CVE-2017-11764", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-9417", "CVE-2017-8750", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8752", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8738", "CVE-2017-8714", "CVE-2017-8728", "CVE-2017-8686", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8649", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8660", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8711", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8702", "CVE-2017-8712", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8755", "CVE-2017-8675", "CVE-2017-8723"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811820", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038782)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811820\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-0161\", \"CVE-2017-11764\", \"CVE-2017-8719\", \"CVE-2017-8720\",\n \"CVE-2017-8723\", \"CVE-2017-8728\", \"CVE-2017-11766\", \"CVE-2017-8628\",\n \"CVE-2017-8643\", \"CVE-2017-8731\", \"CVE-2017-8733\", \"CVE-2017-8734\",\n \"CVE-2017-8735\", \"CVE-2017-8736\", \"CVE-2017-8649\", \"CVE-2017-8660\",\n \"CVE-2017-8675\", \"CVE-2017-8676\", \"CVE-2017-8737\", \"CVE-2017-8738\",\n \"CVE-2017-8741\", \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8748\",\n \"CVE-2017-8749\", \"CVE-2017-8750\", \"CVE-2017-8752\", \"CVE-2017-8753\",\n \"CVE-2017-8754\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8755\",\n \"CVE-2017-8756\", \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8683\",\n \"CVE-2017-8686\", \"CVE-2017-9417\", \"CVE-2017-8687\", \"CVE-2017-8688\",\n \"CVE-2017-8692\", \"CVE-2017-8695\", \"CVE-2017-8699\", \"CVE-2017-8702\",\n \"CVE-2017-8704\", \"CVE-2017-8706\", \"CVE-2017-8707\", \"CVE-2017-8708\",\n \"CVE-2017-8709\", \"CVE-2017-8711\", \"CVE-2017-8712\", \"CVE-2017-8713\",\n \"CVE-2017-8714\", \"CVE-2017-8677\", \"CVE-2017-8746\", \"CVE-2017-8747\");\n\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 11:47:09 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038782)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038782\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update includes quality improvements.\n\n - Windows Error Reporting doesn't clean up temporary files when there is a\n redirection on a folder.\n\n - Internet Explorer 11's navigation bar with search box.\n\n - Internet Explorer where undo is broken if character conversion is canceled\n using IME.\n\n - Internet Explorer where graphics render incorrectly.\n\n - Windows clients receive a 0xc0000005 ACCESS_VIOLATION error when trying to\n install drivers.\n\n - A race condition may cause a blue screen on the server when Windows Server\n uses IPSec.\n\n - Internet Explorer sometimes fails to display webpages correctly when a user\n installs Windows with the CopyProfile unattend setting.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n an attacker to run arbitrary code, conduct spoofing attack, escalate privileges,\n and also to obtian sensitive information.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038782\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1714\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.14393.0 - 11.0.14393.1714\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:39", "description": "This host is missing a critical security\n update according to Microsoft KB4038788", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4038788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8746", "CVE-2017-8681", "CVE-2017-8643", "CVE-2017-8713", "CVE-2017-8724", "CVE-2017-8741", "CVE-2017-8757", "CVE-2017-8707", "CVE-2017-8695", "CVE-2017-8751", "CVE-2017-8756", "CVE-2017-8682", "CVE-2017-11764", "CVE-2017-0161", "CVE-2017-8719", "CVE-2017-8737", "CVE-2017-8699", "CVE-2017-8753", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8739", "CVE-2017-8709", "CVE-2017-8683", "CVE-2017-8752", "CVE-2017-8678", "CVE-2017-8628", "CVE-2017-8754", "CVE-2017-8735", "CVE-2017-8728", "CVE-2017-8597", "CVE-2017-8677", "CVE-2017-11766", "CVE-2017-8729", "CVE-2017-8649", "CVE-2017-8747", "CVE-2017-8740", "CVE-2017-8748", "CVE-2017-8679", "CVE-2017-8660", "CVE-2017-8687", "CVE-2017-8734", "CVE-2017-8759", "CVE-2017-8676", "CVE-2017-8708", "CVE-2017-8688", "CVE-2017-8720", "CVE-2017-8692", "CVE-2017-8706", "CVE-2017-8716", "CVE-2017-8648", "CVE-2017-8712", "CVE-2017-8736", "CVE-2017-8733", "CVE-2017-8755", "CVE-2017-8675", "CVE-2017-8723"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811671", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4038788)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811671\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8649\", \"CVE-2017-8660\", \"CVE-2017-8675\", \"CVE-2017-8737\",\n \"CVE-2017-8739\", \"CVE-2017-8740\", \"CVE-2017-8741\", \"CVE-2017-0161\",\n \"CVE-2017-11764\", \"CVE-2017-8719\", \"CVE-2017-8720\", \"CVE-2017-8723\",\n \"CVE-2017-8724\", \"CVE-2017-8728\", \"CVE-2017-8729\", \"CVE-2017-11766\",\n \"CVE-2017-8597\", \"CVE-2017-8628\", \"CVE-2017-8643\", \"CVE-2017-8648\",\n \"CVE-2017-8733\", \"CVE-2017-8734\", \"CVE-2017-8735\", \"CVE-2017-8736\",\n \"CVE-2017-8676\", \"CVE-2017-8677\", \"CVE-2017-8746\", \"CVE-2017-8747\",\n \"CVE-2017-8748\", \"CVE-2017-8678\", \"CVE-2017-8679\", \"CVE-2017-8749\",\n \"CVE-2017-8750\", \"CVE-2017-8751\", \"CVE-2017-8752\", \"CVE-2017-8753\",\n \"CVE-2017-8754\", \"CVE-2017-8681\", \"CVE-2017-8682\", \"CVE-2017-8755\",\n \"CVE-2017-8756\", \"CVE-2017-8757\", \"CVE-2017-8759\", \"CVE-2017-8683\",\n \"CVE-2017-8687\", \"CVE-2017-8688\", \"CVE-2017-8692\", \"CVE-2017-8695\",\n \"CVE-2017-8699\", \"CVE-2017-8706\", \"CVE-2017-8707\", \"CVE-2017-8708\",\n \"CVE-2017-8709\", \"CVE-2017-8712\", \"CVE-2017-8713\", \"CVE-2017-8716\");\n script_bugtraq_id(100754, 100757, 100752, 100749, 100761, 100763, 100764, 100728,\n 100726, 100768, 100777, 100739, 100733, 100729, 100745, 100744,\n 100747, 100750, 100737, 100738, 100740, 100743, 100755, 100767,\n 100760, 100765, 100766, 100769, 100720, 100770, 100771, 100775,\n 100776, 100779, 100727, 100772, 100778, 100718, 100721, 100742,\n 100781, 100736, 100756, 100762, 100773, 100783, 100789, 100790,\n 100791, 100792, 100795, 100796);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:31:28 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4038788)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4038788\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update includes improvements and\n fixes that resolves,\n\n - Internet Explorer 11's navigation bar with search box.\n\n - Internet Explorer where undo is broken if character conversion is canceled\n using IME.\n\n - Internet Explorer where graphics render incorrectly.\n\n - Internet Explorer where the Delete key functioned improperly.\n\n - NPS server where EAP TLS authentication was broken.\n\n - Security updates to Microsoft Graphics Component, Windows kernel-mode drivers,\n Windows shell, Microsoft Uniscribe, Microsoft Windows PDF Library, Windows TPM,\n Windows Hyper-V, Windows kernel, Windows DHCP Server, and Internet Explorer.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to get information on the Hyper-V host operating system, could\n retrieve the base address of the kernel driver from a compromised process, could\n obtain information to further compromise the users system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4038788\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.607\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.15063.0 - 11.0.15063.607\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2022-08-24T11:05:35", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 2 for Office 2010](<http://support.microsoft.com/kb/2687455>) installed on the computer.**Note** This security update does not apply on systems running Windows Vista, Windows Server 2008, or later versions of Windows.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213638>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213638 for the 32-bit version of Office 2010](<http://www.microsoft.com/download/details.aspx?familyid=eed7d070-3dc7-4e28-883f-fc6019711a90>)\n * [Download the security update KB3213638 for the 64-bit version of Office 2010](<http://www.microsoft.com/download/details.aspx?familyid=8edba895-537d-4be9-908b-d8626d021961>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nogl2010-kb3213638-fullfile-x86-glb.exe| 99102DB40319F4BFCC8211863422EBF99B34E0F3| 105190E0182C4DD9B7FC0FEC61E8BA38C0A060DF176DE4EDD96F81354C474EF1 \nogl2010-kb3213638-fullfile-x64-glb.exe| 3786A8FB0E1E5884A055B4F5AB3E36B4D8FF81F1| C9C6DD21464D4755EFA089C6C753EEA4236AACA1FF2C71D31630C17F29B5BA18 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Office 2010| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nogl.dll| ogl.dll| 14.0.7188.5000| 1,601,760| 26-Aug-2017| 01:04 \nFor all supported x64-based versions of Office 2010File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nogl.dll.x86| ogl.dll| 14.0.7188.5000| 1,601,760| 26-Aug-2017| 01:04 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office 2010: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB3213638", "href": "https://support.microsoft.com/en-us/help/3213638", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:06:32", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 3 for Microsoft Word Viewer 2003](<http://www.microsoft.com/en-us/download/details.aspx?id=7176>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011134>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011134 for the 32-bit version of Word Viewer](<http://www.microsoft.com/download/details.aspx?familyid=08cec781-2b87-44e9-bbf7-ca0579015b66>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 3203484](<http://support.microsoft.com/kb/3203484>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \noffice2003-kb4011134-fullfile-enu.exe| 75343BA6CF3FE0E3F4A03D9C2A5ACE69C47CFC2F| 70B3ADF002B5E17046BE7FFF8CC460FB1AB6E6D3CAC1E000C4FFF7E03F247976 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Word Viewer| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \n_3c144d0d917c41e981e59d9c18e43e88.40d5ce2532074296b6dd2138d9286013| 11.0.8443.0| 1,715,968| 24-Aug-2017| 20:21| Not applicable \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Word Viewer: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB4011134", "href": "https://support.microsoft.com/en-us/help/4011134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:35", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 3 for the 2007 Microsoft Office Suite](<http://support.microsoft.com/kb/949585>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213641>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213641 for the 32-bit version of 2007 Microsoft Office Suite](<http://www.microsoft.com/download/details.aspx?familyid=1cb6ed3b-e7b0-48e0-8316-f65b173d44f9>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nogl2007-kb3213641-fullfile-x86-glb.exe| D13D019186B930C8A3E3072195597A4D9ACF53A7| BBCDAFCA1F8E970BBFAC8046BBFF5992728A58B9C730CE01D3D2135CB3316F54 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of 2007 Microsoft Office Suite| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nOgl.dll| 12.0.6776.5000| 1,591,008| 24-Aug-2017| 13:25| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for 2007 Microsoft Office Suite: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB3213641", "href": "https://support.microsoft.com/en-us/help/3213641", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:24", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Lync 2010 Attendee (user level install) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4025867 for the 32-bit version of Lync 2010 Attendee (user level install)](<http://www.microsoft.com/download/details.aspx?familyid=76de234f-ebf5-4294-b6e2-577d7dcf9e3d>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020734](<http://support.microsoft.com/kb/4020734>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nAttendeeUser.msp| 4B51BF482E3D4642E7F5E17EEC681DF3F9E26279| 7209C500965202DCA1ABE2CD952EE7B90AC97036C4E0BC1D83CA0B8A6A8607E7 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.For all supported x86-based versions of Lync 2010 Attendee (user level install)| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAgcore.dll| 4.0.60831.0| 5,969,224| 18-Jul-2017| 16:14| x86 \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nCoreclr.dll| 4.0.60831.0| 3,525,448| 18-Jul-2017| 16:14| x86 \nFile_attendeecommunicator.exe.manifest| Not applicable| 1,193| 24-May-2013| 05:22| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxaoc| 4.0.7577.4540| 52,800| 15-Aug-2017| 20:46| Not applicable \nFile_npmeetingjoinpluginaoc.dll| 4.0.7577.4540| 91,224| 15-Aug-2017| 20:46| x86 \nMscorlib.dll| 4.0.60831.0| 1,595,216| 18-Jul-2017| 16:14| x86 \nMscorrc.dll| 4.0.60831.0| 10,056| 18-Jul-2017| 16:14| x86 \nNpctrl.dll| 4.0.60831.0| 1,025,864| 18-Jul-2017| 16:14| x86 \nNpctrlui.dll| 4.0.60831.0| 766,800| 18-Jul-2017| 16:14| x86 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPrivacystatement.rtf| Not applicable| 47| 01-Apr-2011| 07:44| Not applicable \nProgramexe| 4.0.7577.4540| 12,008,520| 15-Aug-2017| 20:47| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSlmsprbootstrap.dll| 1.5.5000.0| 426,840| 18-Jul-2017| 16:14| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nSystem.core.dll| 4.0.60831.0| 542,544| 18-Jul-2017| 16:14| x86 \nSystem.dll| 4.0.60831.0| 239,432| 18-Jul-2017| 16:14| x86 \nSystem.net.dll| 4.0.60831.0| 231,248| 18-Jul-2017| 16:14| x86 \nSystem.runtime.serialization.dll| 4.0.60831.0| 419,704| 18-Jul-2017| 16:14| x86 \nSystem.servicemodel.dll| 4.0.60831.0| 526,176| 18-Jul-2017| 16:14| x86 \nSystem.servicemodel.web.dll| 4.0.60831.0| 79,720| 18-Jul-2017| 16:14| x86 \nSystem.windows.browser.dll| 8.0.60831.0| 149,352| 18-Jul-2017| 16:14| x86 \nSystem.windows.dll| 4.0.60831.0| 1,484,632| 18-Jul-2017| 16:14| x86 \nSystem.xml.dll| 4.0.60831.0| 325,456| 18-Jul-2017| 16:14| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Lync 2010 Attendee (user level install): September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025867", "href": "https://support.microsoft.com/en-us/help/4025867", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:24", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>) \n \n**Note** To apply this security update, you must have the release version of Office Live Meeting 2007 installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Live Meeting website\n\nTo get the stand-alone package for this update, go to the [Live Meeting](<https://support.office.com/en-us/article/Download-the-Microsoft-Office-Live-Meeting-Console-8a432d04-45ac-4762-8e7f-e715dcd0f167?CorrelationId=57e0bf9f-836c-4a73-95b3-461ec149c610&ui=en-US&rs=en-US&ad=US>) website.\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020735](<http://support.microsoft.com/kb/4020735>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nLMSetup.exe| 518F47F145EEBB141915272103CB9DBF8AABB99A| 48D38A53A7096592CC71C104821BC05491F4DBEFF8F15A24C05B34935421024A \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Live Meeting Console| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nArrow.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 5,058| 12-Jul-2017| 18:39| Not applicable \nBottom_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nBottom_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 635| 12-Jul-2017| 18:39| Not applicable \nBottom_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 635| 12-Jul-2017| 18:39| Not applicable \nBrandarc.jpg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 5,942| 12-Jul-2017| 18:39| Not applicable \nButton_click_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_click_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nButton_click_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_hover_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_hover_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nButton_hover_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nButton_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nCc_background.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 11,778| 12-Jul-2017| 18:39| Not applicable \nCc_default_image.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,817| 12-Jul-2017| 18:39| Not applicable \nCheck.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 4,394| 12-Jul-2017| 18:39| Not applicable \nDialogue_selected.gi.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 216| 12-Jul-2017| 18:39| Not applicable \nDownload_animation.g.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 2,991| 12-Jul-2017| 18:39| Not applicable \nDownload_pg_separato.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,177| 12-Jul-2017| 18:39| Not applicable \nDropdown_arrow.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 46| 12-Jul-2017| 18:39| Not applicable \nDummy.jpg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,664| 12-Jul-2017| 18:39| Not applicable \nDummy_slide_corner_g.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,728| 12-Jul-2017| 18:39| Not applicable \nDummy_thumbnail.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,207| 12-Jul-2017| 18:39| Not applicable \nFile_anno.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,975| 12-Jul-2017| 18:39| Not applicable \nFile_anno.svg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 660| 12-Jul-2017| 18:39| Not applicable \nFile_appshare.dll| 8.0.6362.264| 1,447,424| 06-Sep-2017| 07:51| x86 \nFile_asrecprofile.prx| Not applicable| 3,830| 12-Jul-2017| 18:39| Not applicable \nFile_bgpubmgr.exe| 8.0.6362.281| 240,800| 07-Sep-2017| 16:04| x86 \nFile_bgpubres_da_dk.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:21| x86 \nFile_bgpubres_de_de.dll| 8.0.6362.281| 30,880| 07-Sep-2017| 16:23| x86 \nFile_bgpubres_en_us.dll| 8.0.6362.281| 29,344| 07-Sep-2017| 16:08| x86 \nFile_bgpubres_es_es.dll| 8.0.6362.281| 30,880| 07-Sep-2017| 16:24| x86 \nFile_bgpubres_fi_fi.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:26| x86 \nFile_bgpubres_fr_fr.dll| 8.0.6362.281| 31,392| 07-Sep-2017| 16:27| x86 \nFile_bgpubres_it_it.dll| 8.0.6362.281| 30,880| 07-Sep-2017| 16:29| x86 \nFile_bgpubres_ja_jp.dll| 8.0.6362.281| 25,760| 07-Sep-2017| 16:31| x86 \nFile_bgpubres_ko_kr.dll| 8.0.6362.281| 25,760| 07-Sep-2017| 16:32| x86 \nFile_bgpubres_nl_nl.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:34| x86 \nFile_bgpubres_pt_br.dll| 8.0.6362.281| 30,368| 07-Sep-2017| 16:36| x86 \nFile_bgpubres_sv_se.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:38| x86 \nFile_bgpubres_zh_cn.dll| 8.0.6362.281| 23,712| 07-Sep-2017| 16:39| x86 \nFile_bgpubres_zh_tw.dll| 8.0.6362.281| 23,712| 07-Sep-2017| 16:41| x86 \nFile_blank.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 442| 12-Jul-2017| 18:39| Not applicable \nFile_blank.jpg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 631| 12-Jul-2017| 18:39| Not applicable \nFile_blank.swf.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,440| 12-Jul-2017| 18:39| Not applicable \nFile_blank.wmv.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 9,389| 12-Jul-2017| 18:39| Not applicable \nFile_blankwithcss.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 238| 12-Jul-2017| 18:39| Not applicable \nFile_clipwidget.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 692| 12-Jul-2017| 18:39| Not applicable \nFile_close.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 78| 12-Jul-2017| 18:39| Not applicable \nFile_collabhook.dll| 8.0.6362.264| 97,792| 06-Sep-2017| 07:51| x86 \nFile_collaborate.dll| 8.0.6362.264| 1,304,576| 06-Sep-2017| 07:51| x86 \nFile_confapi.dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 2,281,112| 07-Sep-2017| 16:04| Not applicable \nFile_da_dk_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 230,560| 07-Sep-2017| 16:21| Not applicable \nFile_default.css.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 11,787| 12-Jul-2017| 18:39| Not applicable \nFile_default.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 10,797| 12-Jul-2017| 18:39| Not applicable \nFile_de_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 245,408| 07-Sep-2017| 16:23| Not applicable \nFile_en_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 226,976| 07-Sep-2017| 16:08| Not applicable \nFile_es_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 242,848| 07-Sep-2017| 16:24| Not applicable \nFile_fi_fi_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 233,120| 07-Sep-2017| 16:26| Not applicable \nFile_fr_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 246,944| 07-Sep-2017| 16:27| Not applicable \nFile_gdiplus.dll| 5.2.3790.4377| 1,742,808| 12-Jul-2017| 18:29| x86 \nFile_importutil.dll| 8.0.6362.281| 367,264| 07-Sep-2017| 16:04| x86 \nFile_intldate.dll| 12.0.6413.1000| 79,224| 12-Jul-2017| 18:43| x86 \nFile_it_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 241,312| 07-Sep-2017| 16:29| Not applicable \nFile_ja_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 198,816| 07-Sep-2017| 16:31| Not applicable \nFile_ko_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 196,768| 07-Sep-2017| 16:32| Not applicable \nFile_lm8_product_icon.png| Not applicable| 765| 12-Jul-2017| 18:38| Not applicable \nFile_lm8_product_icon_large.png| Not applicable| 1,944| 12-Jul-2017| 18:38| Not applicable \nFile_lmasrecord.dll| 8.0.6362.281| 300,704| 07-Sep-2017| 16:04| x86 \nFile_lmclientrecord.dll| 8.0.6362.281| 286,376| 07-Sep-2017| 16:04| x86 \nFile_lmdicore.dll| 0.3.5611.0| 1,234,080| 07-Sep-2017| 16:04| x86 \nFile_lmdigraph.dll| 0.3.5611.0| 984,224| 07-Sep-2017| 16:04| x86 \nFile_lmdimon.dll| 0.3.5611.0| 82,592| 07-Sep-2017| 16:04| x86 \nFile_lmdippr.dll| 0.3.5611.0| 82,080| 07-Sep-2017| 16:04| x86 \nFile_lmdires_da_dk.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:21| x86 \nFile_lmdires_de_de.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:23| x86 \nFile_lmdires_en_us.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:08| x86 \nFile_lmdires_es_es.dll| 0.3.5611.0| 60,568| 07-Sep-2017| 16:24| x86 \nFile_lmdires_fi_fi.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:26| x86 \nFile_lmdires_fr_fr.dll| 0.3.5611.0| 60,568| 07-Sep-2017| 16:27| x86 \nFile_lmdires_it_it.dll| 0.3.5611.0| 60,568| 07-Sep-2017| 16:29| x86 \nFile_lmdires_ja_jp.dll| 0.3.5611.0| 59,544| 07-Sep-2017| 16:31| x86 \nFile_lmdires_ko_kr.dll| 0.3.5611.0| 59,544| 07-Sep-2017| 16:32| x86 \nFile_lmdires_nl_nl.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:34| x86 \nFile_lmdires_pt_br.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:36| x86 \nFile_lmdires_sv_se.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:38| x86 \nFile_lmdires_zh_cn.dll| 0.3.5611.0| 59,032| 07-Sep-2017| 16:39| x86 \nFile_lmdires_zh_tw.dll| 0.3.5611.0| 59,032| 07-Sep-2017| 16:41| x86 \nFile_lmdiui.dll| 0.3.5611.0| 159,896| 07-Sep-2017| 16:04| x86 \nFile_lmdiview.dll| 8.0.5611.0| 699,040| 07-Sep-2017| 16:04| x86 \nFile_lmpptview.dll| 8.0.6825.4| 2,045,088| 07-Sep-2017| 16:04| x86 \nFile_microsoft.vc80.crt.manifest| Not applicable| 1,869| 12-Jul-2017| 18:29| Not applicable \nFile_mmcrenderer.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 662| 12-Jul-2017| 18:39| Not applicable \nFile_msptls.dll| 12.0.6421.1000| 756,032| 12-Jul-2017| 18:43| x86 \nFile_msvcp80.dll| 8.0.50727.762| 548,864| 06-Sep-2017| 07:41| x86 \nFile_msvcr80.dll| 8.0.50727.762| 626,688| 06-Sep-2017| 07:41| x86 \nFile_nl_nl_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 240,288| 07-Sep-2017| 16:34| Not applicable \nFile_ogl.dll| 12.0.6776.5000| 1,591,008| 06-Sep-2017| 07:41| x86 \nFile_playback.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 6,750| 12-Jul-2017| 18:39| Not applicable \nFile_playback.js.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 738,064| 06-Sep-2017| 07:51| Not applicable \nFile_ppvwintl.dll| 8.0.6825.4| 337,568| 07-Sep-2017| 16:04| x86 \nFile_pt_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 238,240| 07-Sep-2017| 16:36| Not applicable \nFile_pubutil.dll| 8.0.6362.281| 754,328| 07-Sep-2017| 16:04| x86 \nFile_pwconsole.exe| 8.0.6362.281| 6,326,944| 07-Sep-2017| 16:04| x86 \nFile_pwresources_da_dk.dll| 8.0.6362.281| 259,232| 07-Sep-2017| 16:21| x86 \nFile_pwresources_de_de.dll| 8.0.6362.281| 285,856| 07-Sep-2017| 16:23| x86 \nFile_pwresources_en_us.dll| 8.0.6362.281| 250,528| 07-Sep-2017| 16:08| x86 \nFile_pwresources_es_es.dll| 8.0.6362.281| 276,128| 07-Sep-2017| 16:24| x86 \nFile_pwresources_fi_fi.dll| 8.0.6362.281| 261,792| 07-Sep-2017| 16:26| x86 \nFile_pwresources_fr_fr.dll| 8.0.6362.281| 287,392| 07-Sep-2017| 16:27| x86 \nFile_pwresources_it_it.dll| 8.0.6362.281| 277,664| 07-Sep-2017| 16:29| x86 \nFile_pwresources_ja_jp.dll| 8.0.6362.281| 187,552| 07-Sep-2017| 16:31| x86 \nFile_pwresources_ko_kr.dll| 8.0.6362.281| 181,920| 07-Sep-2017| 16:32| x86 \nFile_pwresources_nl_nl.dll| 8.0.6362.281| 275,104| 07-Sep-2017| 16:34| x86 \nFile_pwresources_pt_br.dll| 8.0.6362.281| 271,008| 07-Sep-2017| 16:36| x86 \nFile_pwresources_sv_se.dll| 8.0.6362.281| 255,136| 07-Sep-2017| 16:38| x86 \nFile_pwresources_zh_cn.dll| 8.0.6362.281| 155,808| 07-Sep-2017| 16:39| x86 \nFile_pwresources_zh_tw.dll| 8.0.6362.281| 157,344| 07-Sep-2017| 16:41| x86 \nFile_res_da_dk.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,965| 12-Jul-2017| 18:34| Not applicable \nFile_res_de_de.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,830| 12-Jul-2017| 18:34| Not applicable \nFile_res_en_us.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,487| 12-Jul-2017| 18:39| Not applicable \nFile_res_es_es.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,535| 12-Jul-2017| 18:34| Not applicable \nFile_res_fi_fi.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,011| 12-Jul-2017| 18:34| Not applicable \nFile_res_fr_fr.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,819| 12-Jul-2017| 18:34| Not applicable \nFile_res_it_it.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,527| 12-Jul-2017| 18:34| Not applicable \nFile_res_ja_jp.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 21,074| 12-Jul-2017| 18:34| Not applicable \nFile_res_ko_kr.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,908| 12-Jul-2017| 18:34| Not applicable \nFile_res_nl_nl.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,202| 12-Jul-2017| 18:34| Not applicable \nFile_res_pt_br.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,222| 12-Jul-2017| 18:34| Not applicable \nFile_res_sv_se.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,920| 12-Jul-2017| 18:34| Not applicable \nFile_res_zh_cn.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,176| 12-Jul-2017| 18:34| Not applicable \nFile_res_zh_tw.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,215| 12-Jul-2017| 18:34| Not applicable \nFile_rtcrouter.dll| 8.0.6362.281| 287,392| 07-Sep-2017| 16:04| x86 \nFile_rtyuv.dll| 1.0.3656.0| 30,872| 07-Sep-2017| 16:04| x86 \nFile_saext.dll| 12.0.4518.1014| 291,128| 12-Jul-2017| 18:43| x86 \nFile_scdec.dll| 8.0.6362.281| 151,704| 07-Sep-2017| 16:04| x86 \nFile_start.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 6,398| 12-Jul-2017| 18:39| Not applicable \nFile_sv_se_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 229,536| 07-Sep-2017| 16:38| Not applicable \nFile_transcoderprofile.prx| Not applicable| 7,202| 12-Jul-2017| 18:39| Not applicable \nFile_uccpres_da_dk.dll| 2.0.6362.281| 637,592| 07-Sep-2017| 16:21| x86 \nFile_uccpres_de_de.dll| 2.0.6362.281| 640,152| 07-Sep-2017| 16:23| x86 \nFile_uccpres_en_us.dll| 2.0.6362.281| 637,592| 07-Sep-2017| 16:08| x86 \nFile_uccpres_es_es.dll| 2.0.6362.281| 639,128| 07-Sep-2017| 16:24| x86 \nFile_uccpres_fi_fi.dll| 2.0.6362.281| 637,592| 07-Sep-2017| 16:26| x86 \nFile_uccpres_fr_fr.dll| 2.0.6362.281| 640,152| 07-Sep-2017| 16:27| x86 \nFile_uccpres_it_it.dll| 2.0.6362.281| 639,640| 07-Sep-2017| 16:29| x86 \nFile_uccpres_ja_jp.dll| 2.0.6362.281| 630,424| 07-Sep-2017| 16:31| x86 \nFile_uccpres_ko_kr.dll| 2.0.6362.281| 630,424| 07-Sep-2017| 16:32| x86 \nFile_uccpres_nl_nl.dll| 2.0.6362.281| 638,616| 07-Sep-2017| 16:34| x86 \nFile_uccpres_pt_br.dll| 2.0.6362.281| 638,616| 07-Sep-2017| 16:36| x86 \nFile_uccpres_sv_se.dll| 2.0.6362.281| 637,080| 07-Sep-2017| 16:38| x86 \nFile_uccpres_zh_cn.dll| 2.0.6362.281| 627,864| 07-Sep-2017| 16:39| x86 \nFile_uccpres_zh_tw.dll| 2.0.6362.281| 627,864| 07-Sep-2017| 16:41| x86 \nFile_uccp_dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 2.0.6362.281| 3,320,984| 07-Sep-2017| 16:04| Not applicable \nFile_wvc1.wmv.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 11,066| 12-Jul-2017| 18:39| Not applicable \nFile_zh_cn_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,016| 07-Sep-2017| 16:39| Not applicable \nFile_zh_tw_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,528| 07-Sep-2017| 16:41| Not applicable \nFrame_header.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 96| 12-Jul-2017| 18:39| Not applicable \nFrame_top_shadow.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 93| 12-Jul-2017| 18:39| Not applicable \nHeader_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 269| 12-Jul-2017| 18:39| Not applicable \nHeader_lmlogo.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 4,725| 12-Jul-2017| 18:39| Not applicable \nIndex_minus.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 177| 12-Jul-2017| 18:39| Not applicable \nIndex_playing.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 152| 12-Jul-2017| 18:39| Not applicable \nIndex_plus.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 179| 12-Jul-2017| 18:39| Not applicable \nIndex_selected_name..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 147| 12-Jul-2017| 18:39| Not applicable \nIndex_selected_time..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 147| 12-Jul-2017| 18:39| Not applicable \nInformation.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,557| 12-Jul-2017| 18:39| Not applicable \nMenu_button_view.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,172| 12-Jul-2017| 18:39| Not applicable \nMenu_left_back.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 226| 12-Jul-2017| 18:39| Not applicable \nMuted_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,149| 12-Jul-2017| 18:39| Not applicable \nMuted_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,151| 12-Jul-2017| 18:39| Not applicable \nMuted_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nMuted_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,151| 12-Jul-2017| 18:39| Not applicable \nNext_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nNext_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nNext_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nNext_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,155| 12-Jul-2017| 18:39| Not applicable \nPaused_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPaused_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPaused_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPaused_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPlay_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,164| 12-Jul-2017| 18:39| Not applicable \nPlay_back_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 570| 12-Jul-2017| 18:39| Not applicable \nPlay_back_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nPlay_back_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 586| 12-Jul-2017| 18:39| Not applicable \nPlay_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,166| 12-Jul-2017| 18:39| Not applicable \nPlay_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,166| 12-Jul-2017| 18:39| Not applicable \nPlay_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,165| 12-Jul-2017| 18:39| Not applicable \nPlay_sep.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 269| 12-Jul-2017| 18:39| Not applicable \nPrev_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,156| 12-Jul-2017| 18:39| Not applicable \nPrev_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,157| 12-Jul-2017| 18:39| Not applicable \nPrev_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,157| 12-Jul-2017| 18:39| Not applicable \nPrev_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,159| 12-Jul-2017| 18:39| Not applicable \nProgress_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 64| 12-Jul-2017| 18:39| Not applicable \nProgress_green.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 64| 12-Jul-2017| 18:39| Not applicable \nProgress_thumb.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 308| 12-Jul-2017| 18:39| Not applicable \nProgress_thumb_tail..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 601| 12-Jul-2017| 18:39| Not applicable \nRtmpltfm_dll| 3.0.6362.281| 5,449,888| 07-Sep-2017| 16:04| x86 \nStart_pg_background..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,245| 12-Jul-2017| 18:39| Not applicable \nStart_pg_lmlogo.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,804| 12-Jul-2017| 18:39| Not applicable \nStart_pg_logo.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 16,064| 12-Jul-2017| 18:39| Not applicable \nStop_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 700| 12-Jul-2017| 18:39| Not applicable \nStop_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 697| 12-Jul-2017| 18:39| Not applicable \nStop_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 705| 12-Jul-2017| 18:39| Not applicable \nStop_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 705| 12-Jul-2017| 18:39| Not applicable \nTab_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 45| 12-Jul-2017| 18:39| Not applicable \nTab_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 94| 12-Jul-2017| 18:39| Not applicable \nTab_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 52| 12-Jul-2017| 18:39| Not applicable \nTab_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 93| 12-Jul-2017| 18:39| Not applicable \nTab_unfocused_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nTab_unfocused_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 52| 12-Jul-2017| 18:39| Not applicable \nTab_unfocused_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 76| 12-Jul-2017| 18:39| Not applicable \nThumbnail_selection..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 530| 12-Jul-2017| 18:39| Not applicable \nUccp_dll| 2.0.6362.281| 3,320,984| 07-Sep-2017| 16:04| x86 \nUnmuted_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,160| 12-Jul-2017| 18:39| Not applicable \nUnmuted_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,161| 12-Jul-2017| 18:39| Not applicable \nUnmuted_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,162| 12-Jul-2017| 18:39| Not applicable \nUnmuted_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,161| 12-Jul-2017| 18:39| Not applicable \nVol_slider_active.gi.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 311| 12-Jul-2017| 18:39| Not applicable \nVol_slider_hoverclic.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 310| 12-Jul-2017| 18:39| Not applicable \nVol_slider_inactive..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 309| 12-Jul-2017| 18:39| Not applicable \nVol_track_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 131| 12-Jul-2017| 18:39| Not applicable \nVol_track_inactive.g.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 131| 12-Jul-2017| 18:39| Not applicable \nX.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 5,163| 12-Jul-2017| 18:39| Not applicable \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office Live Meeting Console: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025868", "href": "https://support.microsoft.com/en-us/help/4025868", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:24", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Office Live Meeting 2007 installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Live Meeting website\n\nTo get the stand-alone package for this update, go to the [Live Meeting](<https://support.office.com/en-us/article/Download-the-Conferencing-Add-in-for-Microsoft-Office-Outlook-60691b44-279d-4be6-a9b1-b78d9789bd4f?CorrelationId=062af222-c550-4850-a466-fa96487a6b74&ui=en-US&rs=en-US&ad=US>) website.\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020736](<http://support.microsoft.com/kb/4020736>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \n(X64) ConfAddins_Setup.exe| BC24079B5D51A2D094228777956851DB26830F9C| 71E2FE1D5E3899AE9F5729C5AC8BE31860FCCB6CC2E4A039F6C0B18051D2A065 \n(X86) ConfAddins_Setup.exe| 87ECC3CAE2C8A68796234A6FD161CCF1819DA98A| 23BCD9655B52FFD4087B0A4F870E6D5344D4BF0FC7EB34A4F1091E52503613E3 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Live Meeting Add-in| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nCatalog.8.0.50727.762.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nCatalog.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nFile_confapi.dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 2,281,112| 07-Sep-2017| 16:04| Not applicable \nFile_da_dk_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 230,560| 07-Sep-2017| 16:21| Not applicable \nFile_da_dk_lm_intsat| 8.0.6362.281| 432,800| 07-Sep-2017| 16:21| Not applicable \nFile_da_dk_outhlp| Not applicable| 313,958| 12-Jul-2017| 18:33| Not applicable \nFile_de_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 245,408| 07-Sep-2017| 16:23| Not applicable \nFile_de_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 16:23| Not applicable \nFile_de_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 240,008| 24-Nov-2008| 23:30| Not applicable \nFile_de_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 63,368| 24-Nov-2008| 23:30| Not applicable \nFile_de_outhlp| Not applicable| 316,074| 12-Jul-2017| 18:33| Not applicable \nFile_en_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 226,976| 07-Sep-2017| 16:08| Not applicable \nFile_en_lmintsat| 8.0.6362.281| 433,312| 07-Sep-2017| 16:08| Not applicable \nFile_en_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_en_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_en_outhlp| Not applicable| 311,266| 12-Jul-2017| 18:35| Not applicable \nFile_es_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 242,848| 07-Sep-2017| 16:24| Not applicable \nFile_es_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 16:24| Not applicable \nFile_es_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 237,960| 24-Nov-2008| 23:30| Not applicable \nFile_es_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 63,880| 24-Nov-2008| 23:30| Not applicable \nFile_es_outhlp| Not applicable| 315,534| 12-Jul-2017| 18:33| Not applicable \nFile_fi_fi_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 233,120| 07-Sep-2017| 16:26| Not applicable \nFile_fi_fi_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 16:26| Not applicable \nFile_fi_fi_outhlp| Not applicable| 314,259| 12-Jul-2017| 18:33| Not applicable \nFile_fr_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 246,944| 07-Sep-2017| 16:27| Not applicable \nFile_fr_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 16:27| Not applicable \nFile_fr_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 239,496| 24-Nov-2008| 23:30| Not applicable \nFile_fr_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 65,416| 24-Nov-2008| 23:30| Not applicable \nFile_fr_outhlp| Not applicable| 316,258| 12-Jul-2017| 18:33| Not applicable \nFile_it_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 241,312| 07-Sep-2017| 16:29| Not applicable \nFile_it_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 16:29| Not applicable \nFile_it_outhlp| Not applicable| 315,253| 12-Jul-2017| 18:33| Not applicable \nFile_ja_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 198,816| 07-Sep-2017| 16:31| Not applicable \nFile_ja_lmintsat| 8.0.6362.281| 408,224| 07-Sep-2017| 16:31| Not applicable \nFile_ja_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_ja_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_ja_outhlp| Not applicable| 320,539| 12-Jul-2017| 18:33| Not applicable \nFile_ko_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 196,768| 07-Sep-2017| 16:32| Not applicable \nFile_ko_lmintsat| 8.0.6362.281| 407,200| 07-Sep-2017| 16:32| Not applicable \nFile_ko_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_ko_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_ko_outhlp| Not applicable| 314,667| 12-Jul-2017| 18:33| Not applicable \nFile_lmaddins.dll| 8.0.6362.281| 1,736,352| 07-Sep-2017| 16:04| x86 \nFile_lmcapi.exe.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 782,216| 24-Nov-2008| 23:30| Not applicable \nFile_lmpapi.dll.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 658,312| 24-Nov-2008| 23:30| Not applicable \nFile_lmpreferences.dll.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 768,904| 24-Nov-2008| 23:30| Not applicable \nFile_lmxp32.dll| 8.0.6362.281| 1,619,608| 07-Sep-2017| 16:04| x86 \nFile_meetnowprefs.exe.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 500,616| 24-Nov-2008| 23:30| Not applicable \nFile_nl_nl_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 240,288| 07-Sep-2017| 16:34| Not applicable \nFile_nl_nl_lmintsat| 8.0.6362.281| 438,944| 07-Sep-2017| 16:34| Not applicable \nFile_nl_nl_outhlp| Not applicable| 314,015| 12-Jul-2017| 18:33| Not applicable \nFile_preferences.exe.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 494,984| 24-Nov-2008| 23:30| Not applicable \nFile_pt_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 238,240| 07-Sep-2017| 16:36| Not applicable \nFile_pt_lmintsat| 8.0.6362.281| 437,408| 07-Sep-2017| 16:36| Not applicable \nFile_pt_outhlp| Not applicable| 315,299| 12-Jul-2017| 18:33| Not applicable \nFile_sv_se_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 229,536| 07-Sep-2017| 16:38| Not applicable \nFile_sv_se_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 16:38| Not applicable \nFile_sv_se_outhlp| Not applicable| 313,479| 12-Jul-2017| 18:33| Not applicable \nFile_uccp_dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 2.0.6362.281| 3,320,984| 07-Sep-2017| 16:04| Not applicable \nFile_zh_cn_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,016| 07-Sep-2017| 16:39| Not applicable \nFile_zh_cn_lmintsat| 8.0.6362.281| 399,008| 07-Sep-2017| 16:39| Not applicable \nFile_zh_cn_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_zh_cn_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_zh_cn_outhlp| Not applicable| 314,900| 12-Jul-2017| 18:33| Not applicable \nFile_zh_tw_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,528| 07-Sep-2017| 16:41| Not applicable \nFile_zh_tw_lmintsat| 8.0.6362.281| 399,520| 07-Sep-2017| 16:41| Not applicable \nFile_zh_tw_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_zh_tw_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_zh_tw_outhlp| Not applicable| 314,881| 12-Jul-2017| 18:33| Not applicable \nManifest.8.0.50727.762.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 800| 02-Dec-2006| 05:54| Not applicable \nManifest.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 1,869| 02-Dec-2006| 13:23| Not applicable \nMsvcm80.dll.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 479,232| 02-Dec-2006| 05:54| Not applicable \nMsvcp80.dll.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 548,864| 02-Dec-2006| 05:54| Not applicable \nMsvcr80.dll.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 626,688| 02-Dec-2006| 05:54| Not applicable \nNosxs_msvcm80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 479,232| 02-Dec-2006| 05:54| Not applicable \nNosxs_msvcp80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 548,864| 02-Dec-2006| 05:54| Not applicable \nNosxs_msvcr80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 626,688| 02-Dec-2006| 05:54| Not applicable \nUl_catalog.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nUl_catalog.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nUl_manifest.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 800| 02-Dec-2006| 05:54| Not applicable \nUl_manifest.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 1,869| 02-Dec-2006| 13:23| Not applicable \nUl_msvcm80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 479,232| 02-Dec-2006| 05:54| Not applicable \nUl_msvcp80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 548,864| 02-Dec-2006| 05:54| Not applicable \nUl_msvcr80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 626,688| 02-Dec-2006| 05:54| Not applicable \nFor all supported x64-based versions of Live Meeting Add-inFile name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nCatalog.8.0.50727.762.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nCatalog.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nFile_confapi.dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 2,841,600| 06-Sep-2017| 09:38| Not applicable \nFile_da_dk_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 223,744| 06-Sep-2017| 09:58| Not applicable \nFile_da_dk_lm_intsat| 8.0.6362.281| 432,800| 07-Sep-2017| 17:12| Not applicable \nFile_da_dk_outhlp| Not applicable| 313,958| 12-Jul-2017| 18:33| Not applicable \nFile_de_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 238,592| 06-Sep-2017| 09:58| Not applicable \nFile_de_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 17:14| Not applicable \nFile_de_outhlp| Not applicable| 316,074| 12-Jul-2017| 18:33| Not applicable \nFile_en_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 220,160| 06-Sep-2017| 09:28| Not applicable \nFile_en_lmintsat| 8.0.6362.281| 433,312| 07-Sep-2017| 17:04| Not applicable \nFile_en_outhlp| Not applicable| 311,266| 12-Jul-2017| 18:35| Not applicable \nFile_es_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 236,032| 06-Sep-2017| 09:58| Not applicable \nFile_es_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 17:15| Not applicable \nFile_es_outhlp| Not applicable| 315,534| 12-Jul-2017| 18:33| Not applicable \nFile_fi_fi_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 226,304| 06-Sep-2017| 09:59| Not applicable \nFile_fi_fi_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 17:16| Not applicable \nFile_fi_fi_outhlp| Not applicable| 314,259| 12-Jul-2017| 18:33| Not applicable \nFile_fr_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 240,128| 06-Sep-2017| 09:59| Not applicable \nFile_fr_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 17:18| Not applicable \nFile_fr_outhlp| Not applicable| 316,258| 12-Jul-2017| 18:33| Not applicable \nFile_it_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 234,496| 06-Sep-2017| 09:59| Not applicable \nFile_it_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 17:19| Not applicable \nFile_it_outhlp| Not applicable| 315,253| 12-Jul-2017| 18:33| Not applicable \nFile_ja_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 192,000| 06-Sep-2017| 10:00| Not applicable \nFile_ja_lmintsat| 8.0.6362.281| 408,224| 07-Sep-2017| 17:20| Not applicable \nFile_ja_outhlp| Not applicable| 320,539| 12-Jul-2017| 18:33| Not applicable \nFile_ko_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 189,952| 06-Sep-2017| 10:00| Not applicable \nFile_ko_lmintsat| 8.0.6362.281| 407,200| 07-Sep-2017| 17:22| Not applicable \nFile_ko_outhlp| Not applicable| 314,667| 12-Jul-2017| 18:33| Not applicable \nFile_lmaddins.dll| 8.0.6362.281| 2,110,112| 07-Sep-2017| 17:03| x64 \nFile_lmxp32.dll| 8.0.6362.281| 1,982,616| 07-Sep-2017| 17:03| x64 \nFile_nl_nl_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 233,472| 06-Sep-2017| 10:00| Not applicable \nFile_nl_nl_lmintsat| 8.0.6362.281| 438,944| 07-Sep-2017| 17:23| Not applicable \nFile_nl_nl_outhlp| Not applicable| 314,015| 12-Jul-2017| 18:33| Not applicable \nFile_pt_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 231,424| 06-Sep-2017| 10:00| Not applicable \nFile_pt_lmintsat| 8.0.6362.281| 437,408| 07-Sep-2017| 17:25| Not applicable \nFile_pt_outhlp| Not applicable| 315,299| 12-Jul-2017| 18:33| Not applicable \nFile_sv_se_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 222,720| 06-Sep-2017| 10:01| Not applicable \nFile_sv_se_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 17:26| Not applicable \nFile_sv_se_outhlp| Not applicable| 313,479| 12-Jul-2017| 18:33| Not applicable \nFile_uccp_dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 2.0.6362.281| 5,219,328| 06-Sep-2017| 09:38| Not applicable \nFile_zh_cn_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 179,200| 06-Sep-2017| 10:01| Not applicable \nFile_zh_cn_lmintsat| 8.0.6362.281| 399,008| 07-Sep-2017| 17:28| Not applicable \nFile_zh_cn_outhlp| Not applicable| 314,900| 12-Jul-2017| 18:33| Not applicable \nFile_zh_tw_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 179,712| 06-Sep-2017| 10:01| Not applicable \nFile_zh_tw_lmintsat| 8.0.6362.281| 399,520| 07-Sep-2017| 17:29| Not applicable \nFile_zh_tw_outhlp| Not applicable| 314,881| 12-Jul-2017| 18:33| Not applicable \nManifest.8.0.50727.762.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 804| 02-Dec-2006| 05:39| Not applicable \nManifest.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 1,871| 02-Dec-2006| 09:14| Not applicable \nMsvcm80.dll.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 516,096| 02-Dec-2006| 05:37| Not applicable \nMsvcp80.dll.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 1,061,376| 02-Dec-2006| 05:39| Not applicable \nMsvcr80.dll.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 796,672| 02-Dec-2006| 05:36| Not applicable \nUl_catalog.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nUl_catalog.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nUl_manifest.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 804| 02-Dec-2006| 05:39| Not applicable \nUl_manifest.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 1,871| 02-Dec-2006| 09:14| Not applicable \nUl_msvcm80.dll.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 516,096| 02-Dec-2006| 05:37| Not applicable \nUl_msvcp80.dll.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 1,061,376| 02-Dec-2006| 05:39| Not applicable \nUl_msvcr80.dll.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 796,672| 02-Dec-2006| 05:36| Not applicable \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office Live Meeting Add-in: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025869", "href": "https://support.microsoft.com/en-us/help/4025869", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:21", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Lync 2010 installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4025865>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4025865 for the 32-bit version of Lync 2010](<http://www.microsoft.com/download/details.aspx?familyid=f145b833-309f-49c6-b664-4155a216150d>)\n * [Download the security update KB4025865 for the 64-bit version of Lync 2010](<http://www.microsoft.com/download/details.aspx?familyid=31ce5e7d-19cf-4838-9c30-791f4cdff4ce>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020732](<http://support.microsoft.com/kb/4020732>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \n(X64) Lync.msp| E5482FB57932ED642B0D4EDF745A8D741D639675| 2AA0B6380D65529FE3DFFF61B6E96375326C761013C7DDC0416EB2D004B5422A \n(x86) Lync.msp| 46C2AB221B859F4EE5C183307EF37EDBE46E80E3| F16D716E7E84963898AAD108B35913B73EA9AC73D26784CE4DBA3243653ABDDC \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Lync 2010| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nAutohelper| 4.0.7577.253| 38,672| 31-Mar-2011| 08:45| Not applicable \nCommunicatorexe| 4.0.7577.4540| 12,120,104| 15-Aug-2017| 20:48| x86 \nCrecplayerresexe| 4.0.7577.4403| 600,224| 20-Jul-2013| 01:04| x86 \nFile_communicator.exe.manifest| Not applicable| 1,185| 23-Mar-2013| 03:08| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxoc| 4.0.7577.4540| 52,784| 15-Aug-2017| 20:46| Not applicable \nFile_npmeetingjoinpluginoc.dll| 4.0.7577.4540| 33,336| 15-Aug-2017| 20:46| x86 \nFile_ucaddin.dll| 4.0.7577.4445| 910,632| 14-Apr-2014| 21:09| x86 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcpubmgrexe| 4.0.7577.4403| 2,371,744| 20-Jul-2013| 01:05| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPlayback_annotationcontrols_dll| 4.0.7577.4087| 340,840| 25-Mar-2012| 02:42| x86 \nPlayback_annotationtextmerge_dll| 4.0.7577.4087| 172,840| 25-Mar-2012| 02:42| x86 \nPlayback_coreplaybackengine_dll| 4.0.7577.4087| 1,358,632| 25-Mar-2012| 02:40| x86 \nPlayback_logging_dll| 4.0.7577.4087| 167,768| 25-Mar-2012| 02:42| x86 \nPlayback_oc3playbackapplication_dll| 4.0.7577.4087| 163,632| 25-Mar-2012| 02:42| x86 \nPlayback_uc_ui_utilities_dll| 4.0.7577.4087| 166,232| 25-Mar-2012| 02:42| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nUcmapiexe| 4.0.7577.4409| 648,344| 25-Sep-2013| 20:01| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \nFor all supported x64-based versions of Lync 2010File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nAutohelper| 4.0.7577.253| 38,672| 31-Mar-2011| 08:45| Not applicable \nCommunicatorexe| 4.0.7577.4540| 12,120,104| 15-Aug-2017| 20:48| x86 \nCrecplayerresexe| 4.0.7577.4403| 600,224| 20-Jul-2013| 01:04| x86 \nFile_communicator.exe.manifest| Not applicable| 1,185| 23-Mar-2013| 03:08| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxoc| 4.0.7577.4540| 52,784| 15-Aug-2017| 20:46| Not applicable \nFile_meetingjoinaxoc64| 4.0.7577.4540| 295,472| 15-Aug-2017| 23:34| Not applicable \nFile_npmeetingjoinpluginoc.dll| 4.0.7577.4540| 33,336| 15-Aug-2017| 20:46| x86 \nFile_ucaddin.dll| 4.0.7577.4445| 910,632| 14-Apr-2014| 21:09| x86 \nFile_x64_ucaddin.dll| 4.0.7577.4445| 1,514,288| 14-Apr-2014| 22:16| x64 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcpubmgrexe| 4.0.7577.4403| 2,371,744| 20-Jul-2013| 01:05| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPlayback_annotationcontrols_dll| 4.0.7577.4087| 340,840| 25-Mar-2012| 02:42| x86 \nPlayback_annotationtextmerge_dll| 4.0.7577.4087| 172,840| 25-Mar-2012| 02:42| x86 \nPlayback_coreplaybackengine_dll| 4.0.7577.4087| 1,358,632| 25-Mar-2012| 02:40| x86 \nPlayback_logging_dll| 4.0.7577.4087| 167,768| 25-Mar-2012| 02:42| x86 \nPlayback_oc3playbackapplication_dll| 4.0.7577.4087| 163,632| 25-Mar-2012| 02:42| x86 \nPlayback_uc_ui_utilities_dll| 4.0.7577.4087| 166,232| 25-Mar-2012| 02:42| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nUcmapi64exe| 4.0.7577.4409| 2,458,264| 25-Sep-2013| 21:08| x64 \nUcmapiexe| 4.0.7577.4409| 648,344| 25-Sep-2013| 20:01| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Lync 2010: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025865", "href": "https://support.microsoft.com/en-us/help/4025865", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:23", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Lync 2010 Attendee (admin level install) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4025866>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4025866 for the 32-bit version of Lync 2010 Attendee (admin level install)](<http://www.microsoft.com/download/details.aspx?familyid=8e4ef5f4-f86d-4a70-b315-53d5eb596e1c>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020733](<http://support.microsoft.com/kb/4020733>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nAttendeeAdmin.msp| 2369D80D25E37EB9C32ACFDD975742EB363A7B6F| 38C29A32042A054FE94441CC81BD9DC620905DAC77C4CF8F027D4C19F42431C3 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Lync 2010 Attendee (admin level install)| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nFile_attendeecommunicator.exe.manifest| Not applicable| 1,193| 24-May-2013| 05:22| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxaoc| 4.0.7577.4540| 52,800| 15-Aug-2017| 20:46| Not applicable \nFile_npmeetingjoinpluginaoc.dll| 4.0.7577.4540| 33,360| 15-Aug-2017| 20:46| x86 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPrivacystatement.rtf| Not applicable| 47| 01-Apr-2011| 07:44| Not applicable \nProgramexe| 4.0.7577.4540| 12,008,520| 15-Aug-2017| 20:47| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Lync 2010 Attendee (admin level install): September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025866", "href": "https://support.microsoft.com/en-us/help/4025866", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:53", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Skype for Business 2016 installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issues: \n\n\n * Makes sure that announce events for toasts do not use MenuOpened in Skype for Business 2016\n * Skype for Business 2016 does not display the title or department in the search results when the title field is empty in AD\n * Sign-in delay in Skype for Business 2016 when the client uses a direct connection\n * Unread messages in persistent chat rooms are marked as read when you click the IM conversation tabs in Skype for Business 2016\n * Security issues when trying to connect to the \u201cskypeforbusiness.us\u201d domain in Skype for Business 2016\n\n## Known issues\n\nAfter you install this update, Skype for Business 2016 may crash when you click an incoming IM or call toast by using a screen reader. To fix this issue, install either of the following updates:\n\n * August 1, 2017, update for Office 2016 (KB3203472)\n * September 5, 2017, update for Office 2016 (KB4011099)\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011040>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011040 for the 32-bit version of Skype for Business 2016](<http://www.microsoft.com/download/details.aspx?familyid=f9b16fc9-d311-4e89-b8ca-1c8885488b06>)\n * [Download the security update KB4011040 for the 64-bit version of Skype for Business 2016](<http://www.microsoft.com/download/details.aspx?familyid=71a1182f-d498-45ca-a827-6aa17147f22d>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### Prerequisites\n\nTo apply this security update, you must have either of the following updates installed: [3203472](<https://support.microsoft.com/help/3203472>) August 1, 2017, update for Office 2016 (KB3203472)[4011099](<https://support.microsoft.com/help/4011099>) September 5, 2017, update for Office 2016 (KB4011099)\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nlync2016-kb4011040-fullfile-x64-glb.exe| 32C0712A18F2C2868889C0C58A0BC984423788F2| DB9C94BEBF2761B9D4B368643AE73EEDBA8A1323D1788C1B93C8A290EC0D6132 \nlync2016-kb4011040-fullfile-x86-glb.exe| 0A13C3DDD0778EB368318A0D871EEF8C287E9924| EB1CD31DF6A93DE77F1E97EC901019D91241E711CB2480B40D5A34C2280D8B75 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Skype for Business 2016| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nlync.lyncdesktopresour.dll.x86.1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| | \nlync.lyncdesktopresour.dll_1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1025| ocapires.dll| 16.0.4483.1000| 72400| | \nlync.ocapires.dll_1025| ocapires.dll| 16.0.4483.1000| 72400| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1025| ucaddinres.dll| 16.0.4561.1000| 175816| | \nlync.ucaddinres.dll_1025| ucaddinres.dll| 16.0.4561.1000| 175816| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1026| ocapires.dll| 16.0.4483.1000| 73408| | \nlync.ocapires.dll_1026| ocapires.dll| 16.0.4483.1000| 73408| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1026| ucaddinres.dll| 16.0.4561.1000| 180936| | \nlync.ucaddinres.dll_1026| ucaddinres.dll| 16.0.4561.1000| 180936| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1026| uccapires.dll| 16.0.4522.1000| 1295040| | \nlync.uccapires.dll_1026| uccapires.dll| 16.0.4522.1000| 1295040| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| | \nlync.lyncdesktopresour.dll_1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1029| ocapires.dll| 16.0.4483.1000| 79040| | \nlync.ocapires.dll_1029| ocapires.dll| 16.0.4483.1000| 79040| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1029| ocpubres.dll| 16.0.4483.1000| 1511616| | \nlync.ocpubres.dll_1029| ocpubres.dll| 16.0.4483.1000| 1511616| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1029| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1029| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1030| lyncdesktopresources.dll| 16.0.4588.1000| 358096| | \nlync.lyncdesktopresour.dll_1030| lyncdesktopresources.dll| 16.0.4588.1000| 358096| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1030| ocapires.dll| 16.0.4471.1000| 71368| | \nlync.ocapires.dll_1030| ocapires.dll| 16.0.4471.1000| 71368| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1030| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1030| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1030| uccapires.dll| 16.0.4516.1000| 1294536| | \nlync.uccapires.dll_1030| uccapires.dll| 16.0.4516.1000| 1294536| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| | \nlync.lyncdesktopresour.dll_1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1031| ocapires.dll| 16.0.4534.1000| 78536| | \nlync.ocapires.dll_1031| ocapires.dll| 16.0.4534.1000| 78536| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1031| ucaddinres.dll| 16.0.4573.1000| 183496| | \nlync.ucaddinres.dll_1031| ucaddinres.dll| 16.0.4573.1000| 183496| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| | \nlync.lyncdesktopresour.dll_1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1032| ocapires.dll| 16.0.4483.1000| 78528| | \nlync.ocapires.dll_1032| ocapires.dll| 16.0.4483.1000| 78528| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1032| ucaddinres.dll| 16.0.4561.1000| 181960| | \nlync.ucaddinres.dll_1032| ucaddinres.dll| 16.0.4561.1000| 181960| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| | \nlync.lyncdesktopresour.dll_3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.3082| ocapires.dll| 16.0.4483.1000| 74440| | \nlync.ocapires.dll_3082| ocapires.dll| 16.0.4483.1000| 74440| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.3082| ucaddinres.dll| 16.0.4561.1000| 180936| | \nlync.ucaddinres.dll_3082| ucaddinres.dll| 16.0.4561.1000| 180936| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.3082| uccapires.dll| 16.0.4522.1000| 1296584| | \nlync.uccapires.dll_3082| uccapires.dll| 16.0.4522.1000| 1296584| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| | \nlync.lyncdesktopresour.dll_1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1061| ocapires.dll| 16.0.4522.1000| 70344| | \nlync.ocapires.dll_1061| ocapires.dll| 16.0.4522.1000| 70344| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1061| ocpubres.dll| 16.0.4522.1000| 1510600| | \nlync.ocpubres.dll_1061| ocpubres.dll| 16.0.4522.1000| 1510600| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1061| ucaddinres.dll| 16.0.4561.1000| 177864| | \nlync.ucaddinres.dll_1061| ucaddinres.dll| 16.0.4561.1000| 177864| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1035| lyncdesktopresources.dll| 16.0.4588.1000| 358600| | \nlync.lyncdesktopresour.dll_1035| lyncdesktopresources.dll| 16.0.4588.1000| 358600| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1035| ocapires.dll| 16.0.4483.1000| 72392| | \nlync.ocapires.dll_1035| ocapires.dll| 16.0.4483.1000| 72392| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1035| ocpubres.dll| 16.0.4522.1000| 1512136| | \nlync.ocpubres.dll_1035| ocpubres.dll| 16.0.4522.1000| 1512136| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1035| ucaddinres.dll| 16.0.4561.1000| 178384| | \nlync.ucaddinres.dll_1035| ucaddinres.dll| 16.0.4561.1000| 178384| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1035| uccapires.dll| 16.0.4534.1000| 1294536| | \nlync.uccapires.dll_1035| uccapires.dll| 16.0.4534.1000| 1294536| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| | \nlync.lyncdesktopresour.dll_1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1036| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1036| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1036| ucaddinres.dll| 16.0.4561.1000| 182976| | \nlync.ucaddinres.dll_1036| ucaddinres.dll| 16.0.4561.1000| 182976| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| | \nlync.lyncdesktopresour.dll_1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1037| ocapires.dll| 16.0.4483.1000| 65736| | \nlync.ocapires.dll_1037| ocapires.dll| 16.0.4483.1000| 65736| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1037| ucaddinres.dll| 16.0.4561.1000| 172744| | \nlync.ucaddinres.dll_1037| ucaddinres.dll| 16.0.4561.1000| 172744| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| | \nlync.lyncdesktopresour.dll_1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1081| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1081| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1081| ucaddinres.dll| 16.0.4561.1000| 178888| | \nlync.ucaddinres.dll_1081| ucaddinres.dll| 16.0.4561.1000| 178888| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| | \nlync.lyncdesktopresour.dll_1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1050| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1050| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1050| ocpubres.dll| 16.0.4498.1000| 1512128| | \nlync.ocpubres.dll_1050| ocpubres.dll| 16.0.4498.1000| 1512128| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1050| ucaddinres.dll| 16.0.4561.1000| 180416| | \nlync.ucaddinres.dll_1050| ucaddinres.dll| 16.0.4561.1000| 180416| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1050| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1050| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1038| lyncdesktopresources.dll| 16.0.4588.1000| 386776| | \nlync.lyncdesktopresour.dll_1038| lyncdesktopresources.dll| 16.0.4588.1000| 386776| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1038| ocapires.dll| 16.0.4483.1000| 81104| | \nlync.ocapires.dll_1038| ocapires.dll| 16.0.4483.1000| 81104| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1038| ocpubres.dll| 16.0.4534.1000| 1513168| | \nlync.ocpubres.dll_1038| ocpubres.dll| 16.0.4534.1000| 1513168| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1038| ucaddinres.dll| 16.0.4561.1000| 180944| | \nlync.ucaddinres.dll_1038| ucaddinres.dll| 16.0.4561.1000| 180944| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| | \nlync.lyncdesktopresour.dll_1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1057| ocapires.dll| 16.0.4483.1000| 70352| | \nlync.ocapires.dll_1057| ocapires.dll| 16.0.4483.1000| 70352| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1057| ucaddinres.dll| 16.0.4561.1000| 177864| | \nlync.ucaddinres.dll_1057| ucaddinres.dll| 16.0.4561.1000| 177864| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| | \nlync.lyncdesktopresour.dll_1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1040| ocapires.dll| 16.0.4483.1000| 71880| | \nlync.ocapires.dll_1040| ocapires.dll| 16.0.4483.1000| 71880| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1040| ucaddinres.dll| 16.0.4561.1000| 180424| | \nlync.ucaddinres.dll_1040| ucaddinres.dll| 16.0.4561.1000| 180424| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1041| lyncdesktopresources.dll| 16.0.4588.1000| 369352| | \nlync.lyncdesktopresour.dll_1041| lyncdesktopresources.dll| 16.0.4588.1000| 369352| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1041| ocapires.dll| 16.0.4483.1000| 74448| | \nlync.ocapires.dll_1041| ocapires.dll| 16.0.4483.1000| 74448| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1041| ucaddinres.dll| 16.0.4561.1000| 167632| | \nlync.ucaddinres.dll_1041| ucaddinres.dll| 16.0.4561.1000| 167632| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1087| lyncdesktopresources.dll| 16.0.4588.1000| 391360| | \nlync.lyncdesktopresour.dll_1087| lyncdesktopresources.dll| 16.0.4588.1000| 391360| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1087| ocapires.dll| 16.0.4483.1000| 82632| | \nlync.ocapires.dll_1087| ocapires.dll| 16.0.4483.1000| 82632| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1087| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1087| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1087| uccapires.dll| 16.0.4522.1000| 1294528| | \nlync.uccapires.dll_1087| uccapires.dll| 16.0.4522.1000| 1294528| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| | \nlync.lyncdesktopresour.dll_1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1042| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1042| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1042| ucaddinres.dll| 16.0.4561.1000| 167112| | \nlync.ucaddinres.dll_1042| ucaddinres.dll| 16.0.4561.1000| 167112| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| | \nlync.lyncdesktopresour.dll_1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1063| ocapires.dll| 16.0.4483.1000| 74424| | \nlync.ocapires.dll_1063| ocapires.dll| 16.0.4483.1000| 74424| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1063| ocpubres.dll| 16.0.4483.1000| 1511608| | \nlync.ocpubres.dll_1063| ocpubres.dll| 16.0.4483.1000| 1511608| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1063| ucaddinres.dll| 16.0.4561.1000| 179384| | \nlync.ucaddinres.dll_1063| ucaddinres.dll| 16.0.4561.1000| 179384| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1062| lyncdesktopresources.dll| 16.0.4588.1000| 370360| | \nlync.lyncdesktopresour.dll_1062| lyncdesktopresources.dll| 16.0.4588.1000| 370360| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1062| ocapires.dll| 16.0.4534.1000| 74928| | \nlync.ocapires.dll_1062| ocapires.dll| 16.0.4534.1000| 74928| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1062| ocpubres.dll| 16.0.4534.1000| 1512112| | \nlync.ocpubres.dll_1062| ocpubres.dll| 16.0.4534.1000| 1512112| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1062| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1062| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1062| uccapires.dll| 16.0.4534.1000| 1295032| | \nlync.uccapires.dll_1062| uccapires.dll| 16.0.4534.1000| 1295032| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1086| lyncdesktopresources.dll| 16.0.4588.1000| 360144| | \nlync.lyncdesktopresour.dll_1086| lyncdesktopresources.dll| 16.0.4588.1000| 360144| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1086| ocapires.dll| 16.0.4483.1000| 71368| | \nlync.ocapires.dll_1086| ocapires.dll| 16.0.4483.1000| 71368| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1086| ocpubres.dll| 16.0.4324.1000| 1511632| | \nlync.ocpubres.dll_1086| ocpubres.dll| 16.0.4324.1000| 1511632| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1086| ucaddinres.dll| 16.0.4561.1000| 179408| | \nlync.ucaddinres.dll_1086| ucaddinres.dll| 16.0.4561.1000| 179408| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1044| lyncdesktopresources.dll| 16.0.4588.1000| 352456| | \nlync.lyncdesktopresour.dll_1044| lyncdesktopresources.dll| 16.0.4588.1000| 352456| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1044| ocapires.dll| 16.0.4483.1000| 70864| | \nlync.ocapires.dll_1044| ocapires.dll| 16.0.4483.1000| 70864| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1044| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1044| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| | \nlync.lyncdesktopresour.dll_1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1043| ocapires.dll| 16.0.4516.1000| 74456| | \nlync.ocapires.dll_1043| ocapires.dll| 16.0.4516.1000| 74456| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1043| ucaddinres.dll| 16.0.4561.1000| 180952| | \nlync.ucaddinres.dll_1043| ucaddinres.dll| 16.0.4561.1000| 180952| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1045| lyncdesktopresources.dll| 16.0.4588.1000| 382136| | \nlync.lyncdesktopresour.dll_1045| lyncdesktopresources.dll| 16.0.4588.1000| 382136| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1045| ocapires.dll| 16.0.4483.1000| 79544| | \nlync.ocapires.dll_1045| ocapires.dll| 16.0.4483.1000| 79544| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1045| ocpubres.dll| 16.0.4483.1000| 1514176| | \nlync.ocpubres.dll_1045| ocpubres.dll| 16.0.4483.1000| 1514176| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1045| ucaddinres.dll| 16.0.4561.1000| 180928| | \nlync.ucaddinres.dll_1045| ucaddinres.dll| 16.0.4561.1000| 180928| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| | \nlync.lyncdesktopresour.dll_1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1046| ocapires.dll| 16.0.4534.1000| 72912| | \nlync.ocapires.dll_1046| ocapires.dll| 16.0.4534.1000| 72912| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1046| ucaddinres.dll| 16.0.4561.1000| 179920| | \nlync.ucaddinres.dll_1046| ucaddinres.dll| 16.0.4561.1000| 179920| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| | \nlync.lyncdesktopresour.dll_2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.2070| ocapires.dll| 16.0.4483.1000| 73424| | \nlync.ocapires.dll_2070| ocapires.dll| 16.0.4483.1000| 73424| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.2070| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_2070| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| | \nlync.lyncdesktopresour.dll_1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1048| ocapires.dll| 16.0.4483.1000| 80592| | \nlync.ocapires.dll_1048| ocapires.dll| 16.0.4483.1000| 80592| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1048| ocpubres.dll| 16.0.4534.1000| 1514696| | \nlync.ocpubres.dll_1048| ocpubres.dll| 16.0.4534.1000| 1514696| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1048| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_1048| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1049| ocapires.dll| 16.0.4471.1000| 75968| | \nlync.ocapires.dll_1049| ocapires.dll| 16.0.4471.1000| 75968| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1049| ocpubres.dll| 16.0.4549.1000| 1512136| | \nlync.ocpubres.dll_1049| ocpubres.dll| 16.0.4549.1000| 1512136| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1049| ucaddinres.dll| 16.0.4561.1000| 179904| | \nlync.ucaddinres.dll_1049| ucaddinres.dll| 16.0.4561.1000| 179904| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1049| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1049| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1051| lyncdesktopresources.dll| 16.0.4588.1000| 385224| | \nlync.lyncdesktopresour.dll_1051| lyncdesktopresources.dll| 16.0.4588.1000| 385224| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1051| ocapires.dll| 16.0.4483.1000| 79056| | \nlync.ocapires.dll_1051| ocapires.dll| 16.0.4483.1000| 79056| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1051| ocpubres.dll| 16.0.4483.1000| 1512144| | \nlync.ocpubres.dll_1051| ocpubres.dll| 16.0.4483.1000| 1512144| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1051| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1051| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1051| uccapires.dll| 16.0.4522.1000| 1295560| | \nlync.uccapires.dll_1051| uccapires.dll| 16.0.4522.1000| 1295560| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| | \nlync.lyncdesktopresour.dll_1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1060| ocapires.dll| 16.0.4483.1000| 73416| | \nlync.ocapires.dll_1060| ocapires.dll| 16.0.4483.1000| 73416| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1060| ocpubres.dll| 16.0.4483.1000| 1512136| | \nlync.ocpubres.dll_1060| ocpubres.dll| 16.0.4483.1000| 1512136| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1060| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1060| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| | \nlync.lyncdesktopresour.dll_2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.2074| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_2074| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.9242| lyncdesktopresources.dll| 16.0.4588.1000| 365248| | \nlync.lyncdesktopresour.dll_9242| lyncdesktopresources.dll| 16.0.4588.1000| 365248| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.9242| ocapires.dll| 16.0.4483.1000| 73400| | \nlync.ocapires.dll_9242| ocapires.dll| 16.0.4483.1000| 73400| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.9242| ucaddinres.dll| 16.0.4561.1000| 178360| | \nlync.ucaddinres.dll_9242| ucaddinres.dll| 16.0.4561.1000| 178360| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| | \nlync.lyncdesktopresour.dll_1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1053| ocapires.dll| 16.0.4483.1000| 71360| | \nlync.ocapires.dll_1053| ocapires.dll| 16.0.4483.1000| 71360| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1053| ocpubres.dll| 16.0.4522.1000| 1512640| | \nlync.ocpubres.dll_1053| ocpubres.dll| 16.0.4522.1000| 1512640| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1053| ucaddinres.dll| 16.0.4561.1000| 177856| | \nlync.ucaddinres.dll_1053| ucaddinres.dll| 16.0.4561.1000| 177856| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1054| lyncdesktopresources.dll| 16.0.4588.1000| 369864| | \nlync.lyncdesktopresour.dll_1054| lyncdesktopresources.dll| 16.0.4588.1000| 369864| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1054| ocapires.dll| 16.0.4483.1000| 74952| | \nlync.ocapires.dll_1054| ocapires.dll| 16.0.4483.1000| 74952| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1054| ocpubres.dll| 16.0.4483.1000| 1509576| | \nlync.ocpubres.dll_1054| ocpubres.dll| 16.0.4483.1000| 1509576| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1054| ucaddinres.dll| 16.0.4561.1000| 176840| | \nlync.ucaddinres.dll_1054| ucaddinres.dll| 16.0.4561.1000| 176840| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1055| lyncdesktopresources.dll| 16.0.4588.1000| 377528| | \nlync.lyncdesktopresour.dll_1055| lyncdesktopresources.dll| 16.0.4588.1000| 377528| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1055| ocapires.dll| 16.0.4471.1000| 77496| | \nlync.ocapires.dll_1055| ocapires.dll| 16.0.4471.1000| 77496| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1055| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_1055| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| | \nlync.lyncdesktopresour.dll_1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1058| ocapires.dll| 16.0.4471.1000| 76992| | \nlync.ocapires.dll_1058| ocapires.dll| 16.0.4471.1000| 76992| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1058| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1058| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1058| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1058| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1066| lyncdesktopresources.dll| 16.0.4588.1000| 393936| | \nlync.lyncdesktopresour.dll_1066| lyncdesktopresources.dll| 16.0.4588.1000| 393936| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1066| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1066| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1066| ucaddinres.dll| 16.0.4561.1000| 179920| | \nlync.ucaddinres.dll_1066| ucaddinres.dll| 16.0.4561.1000| 179920| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| | \nlync.lyncdesktopresour.dll_2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.2052| ocapires.dll| 16.0.4516.1000| 66768| | \nlync.ocapires.dll_2052| ocapires.dll| 16.0.4516.1000| 66768| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.2052| ocpubres.dll| 16.0.4483.1000| 1496272| | \nlync.ocpubres.dll_2052| ocpubres.dll| 16.0.4483.1000| 1496272| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.2052| ucaddinres.dll| 16.0.4561.1000| 164048| | \nlync.ucaddinres.dll_2052| ucaddinres.dll| 16.0.4561.1000| 164048| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| | \nlync.lyncdesktopresour.dll_1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1028| ocapires.dll| 16.0.4483.1000| 66760| | \nlync.ocapires.dll_1028| ocapires.dll| 16.0.4483.1000| 66760| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1028| ucaddinres.dll| 16.0.4561.1000| 164032| | \nlync.ucaddinres.dll_1028| ucaddinres.dll| 16.0.4561.1000| 164032| 24-Aug-17| 04:59 \nlync.appsharinghookcontroller64.exe.x64| appsharinghookcontroller64.exe| 16.0.4480.1000| 48336| 24-Aug-17| 04:53 \nlync.lyncdesktopresour.dll.x86.1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| | \nlync.lyncdesktopresour.dll_1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| 24-Aug-17| 04:51 \nlync.ocapires.dll.x86.1033| ocapires.dll| 16.0.4462.1000| 68816| | \nlync.ocapires.dll_1033| ocapires.dll| 16.0.4462.1000| 68816| 24-Aug-17| 04:51 \nlync.ocpubres.dll.x86.1033| ocpubres.dll| 16.0.4462.1000| 1510088| | \nlync.ocpubres.dll_1033| ocpubres.dll| 16.0.4462.1000| 1510088| 24-Aug-17| 04:51 \nlync.ucaddinres.dll.x86.1033| ucaddinres.dll| 16.0.4561.1000| 175816| | \nlync.ucaddinres.dll_1033| ucaddinres.dll| 16.0.4561.1000| 175816| 24-Aug-17| 04:51 \nlync.appsharinghookcontroller.exe.x86| appsharinghookcontroller.exe| 16.0.4432.1000| 42704| 24-Aug-17| 04:52 \nlync.appsharingmediapr.dll| appsharingmediaprovider.dll| 16.0.4534.1000| 118984| 24-Aug-17| 04:52 \nautohelper.dll| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:52 \nautohelper.dll.x86| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:59 \nlync.lync.exe| lync.exe| 16.0.4588.1000| 22588624| 24-Aug-17| 04:52 \nlync.man| lync.exe.manifest| | 3278| 24-Aug-17| 04:52 \nlync.lync99.exe| lync99.exe| 16.0.4585.1000| 736464| 24-Aug-17| 04:52 \nlync.lyncdesktopsmartbitmapresources.dll| lyncdesktopsmartbitmapresources.dll| | 39311040| 24-Aug-17| 04:52 \nlync.lyncdesktopviewmo.dll| lyncdesktopviewmodel.dll| 16.0.4585.1000| 11690192| 24-Aug-17| 04:52 \nlync.lyncmodelproxy.dll| lyncmodelproxy.dll| 16.0.4582.1000| 1731792| 24-Aug-17| 04:52 \nlync.meetingjoinaxoc.dll| meetingjoinaxoc.dll| 16.0.4480.1000| 78536| 24-Aug-17| 04:52 \nlync.meetingjoinaxoc.dll.x86| meetingjoinaxoc.dll| 16.0.4480.1000| 78536| | \nlync.npmeetingjoinpluginoc.dll.x86| npmeetingjoinpluginoc.dll| 16.0.4288.1000| 39192| 24-Aug-17| 04:52 \nlync.ochelper.dll| ochelper.dll| 16.0.4576.1000| 171208| 24-Aug-17| 04:52 \nlync.ochelper.dll.x86| ochelper.dll| 16.0.4576.1000| 171208| | \nlync.ocimport.dll| ocimport.dll| 16.0.4585.1000| 710920| 24-Aug-17| 04:52 \nlync.ocoffice.dll| ocoffice.dll| 16.0.4588.1000| 484560| 24-Aug-17| 04:52 \nlync.ocpubmgr.exe| ocpubmgr.exe| 16.0.4585.1000| 1555248| 24-Aug-17| 04:52 \nlync.ocrec.dll| ocrec.dll| 16.0.4585.1000| 616144| 24-Aug-17| 04:52 \nlync.psom.dll| psom.dll| 16.0.4585.1000| 969424| 24-Aug-17| 04:52 \nlync.mlmodel.zip| microsoft.lync.model.zip| | 86598| 24-Aug-17| 04:52 \nlync.uc.dll| uc.dll| 16.0.4585.1000| 27235656| 24-Aug-17| 04:52 \nlync.ucaddin.dll| ucaddin.dll| 16.0.4561.1000| 1049800| 24-Aug-17| 04:52 \nlync.uccapi.dll| uccapi.dll| 16.0.4585.1000| 6895368| 24-Aug-17| 04:52 \nlync.ucmapi.exe| ucmapi.exe| 16.0.4585.1000| 1075920| 24-Aug-17| 04:52 \nlync.win32msgqueue.dll| win32msgqueue.dll| 16.0.4585.1000| 87816| 24-Aug-17| 04:52 \nlync.e.propertymodel.dll| propertymodel.dll| 16.0.4288.1000| 886368| 24-Aug-17| 04:52 \nlync.propertymodelprox.dll| propertymodelproxy.dll| 16.0.4288.1000| 328896| 24-Aug-17| 04:52 \nlync.appshapi.dll| appshapi.dll| 5.0.8308.902| 2720552| 24-Aug-17| 04:52 \nlync.appshcom.dll| appshcom.dll| 5.0.8308.902| 296744| 24-Aug-17| 04:52 \nlync.appshvw.dll| appshvw.dll| 5.0.8308.902| 3000096| 24-Aug-17| 04:52 \nlync.rtmcodecs.dll| rtmcodecs.dll| 6.0.8953.268| 3441808| 24-Aug-17| 04:52 \nlync.rtmmediamanager.dll| rtmmediamanager.dll| 6.0.8953.268| 595600| 24-Aug-17| 04:52 \nlync.rtmmvras.dll| rtmmvras.dll| 6.0.8953.268| 70288| 24-Aug-17| 04:52 \nlync.rtmmvrcs.dll| rtmmvrcs.dll| 6.0.8953.268| 49296| 24-Aug-17| 04:52 \nlync.rtmmvrhw.dll| rtmmvrhw.dll| 6.0.8953.268| 65168| 24-Aug-17| 04:52 \nlync.rtmmvrsplitter.dll| rtmmvrsplitter.dll| 6.0.8953.268| 36496| 24-Aug-17| 04:52 \nlync.rtmpal.dll| rtmpal.dll| 6.0.8953.268| 2337424| 24-Aug-17| 04:52 \nlync.rtmpltfm.dll| rtmpltfm.dll| 6.0.8953.268| 7942800| 24-Aug-17| 04:52 \nlync.vc1decodermftdll.dll| rtmvc1decmft.dll| 6.0.8953.268| 344720| 24-Aug-17| 04:52 \nlync.ssscreenvvs.dll| ssscreenvvs.dll| 6.0.8953.268| 119952| 24-Aug-17| 04:52 \nlync.ocintldate.dll| ocintldate.dll| 6.0.8939.40| 84672| 24-Aug-17| 04:52 \nlync.ocmsptls.dll| ocmsptls.dll| 6.0.8939.40| 843960| 24-Aug-17| 04:52 \nlync.ocogl.dll| ocogl.dll| 6.0.8939.40| 1733288| 24-Aug-17| 04:52 \nlync.ocpptview.dll| ocpptview.dll| 6.0.8939.40| 1929400| 24-Aug-17| 04:52 \nlync.ocppvwintl.dll| ocppvwintl.dll| 6.0.8939.40| 350392| 24-Aug-17| 04:52 \nlync.ocsaext.dll| ocsaext.dll| 6.0.8939.40| 325808| 24-Aug-17| 04:52 \nlync.lynchtmlconv.exe| lynchtmlconv.exe| 16.0.4588.1000| 9327816| 24-Aug-17| 04:52 \nFor all supported x64-based versions of Skype for Business 2016File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nlync.lyncdesktopresour.dll.x64.1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| | \nlync.lyncdesktopresour.dll_1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1025| ocapires.dll| 16.0.4483.1000| 72392| | \nlync.ocapires.dll_1025| ocapires.dll| 16.0.4483.1000| 72392| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1025| ucaddinres.dll| 16.0.4561.1000| 175824| | \nlync.ucaddinres.dll_1025| ucaddinres.dll| 16.0.4561.1000| 175824| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1026| ocapires.dll| 16.0.4483.1000| 73416| | \nlync.ocapires.dll_1026| ocapires.dll| 16.0.4483.1000| 73416| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1026| ucaddinres.dll| 16.0.4561.1000| 180928| | \nlync.ucaddinres.dll_1026| ucaddinres.dll| 16.0.4561.1000| 180928| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1026| uccapires.dll| 16.0.4522.1000| 1295040| | \nlync.uccapires.dll_1026| uccapires.dll| 16.0.4522.1000| 1295040| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| | \nlync.lyncdesktopresour.dll_1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1029| ocapires.dll| 16.0.4483.1000| 79040| | \nlync.ocapires.dll_1029| ocapires.dll| 16.0.4483.1000| 79040| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1029| ocpubres.dll| 16.0.4483.1000| 1514176| | \nlync.ocpubres.dll_1029| ocpubres.dll| 16.0.4483.1000| 1514176| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1029| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_1029| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1030| lyncdesktopresources.dll| 16.0.4588.1000| 358088| | \nlync.lyncdesktopresour.dll_1030| lyncdesktopresources.dll| 16.0.4588.1000| 358088| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1030| ocapires.dll| 16.0.4471.1000| 71368| | \nlync.ocapires.dll_1030| ocapires.dll| 16.0.4471.1000| 71368| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1030| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1030| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1030| uccapires.dll| 16.0.4516.1000| 1294536| | \nlync.uccapires.dll_1030| uccapires.dll| 16.0.4516.1000| 1294536| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| | \nlync.lyncdesktopresour.dll_1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1031| ocapires.dll| 16.0.4534.1000| 78536| | \nlync.ocapires.dll_1031| ocapires.dll| 16.0.4534.1000| 78536| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1031| ucaddinres.dll| 16.0.4573.1000| 183496| | \nlync.ucaddinres.dll_1031| ucaddinres.dll| 16.0.4573.1000| 183496| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| | \nlync.lyncdesktopresour.dll_1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1032| ocapires.dll| 16.0.4483.1000| 78536| | \nlync.ocapires.dll_1032| ocapires.dll| 16.0.4483.1000| 78536| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1032| ucaddinres.dll| 16.0.4561.1000| 181952| | \nlync.ucaddinres.dll_1032| ucaddinres.dll| 16.0.4561.1000| 181952| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| | \nlync.lyncdesktopresour.dll_3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.3082| ocapires.dll| 16.0.4483.1000| 74440| | \nlync.ocapires.dll_3082| ocapires.dll| 16.0.4483.1000| 74440| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.3082| ucaddinres.dll| 16.0.4561.1000| 180936| | \nlync.ucaddinres.dll_3082| ucaddinres.dll| 16.0.4561.1000| 180936| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.3082| uccapires.dll| 16.0.4522.1000| 1296584| | \nlync.uccapires.dll_3082| uccapires.dll| 16.0.4522.1000| 1296584| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| | \nlync.lyncdesktopresour.dll_1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1061| ocapires.dll| 16.0.4522.1000| 70344| | \nlync.ocapires.dll_1061| ocapires.dll| 16.0.4522.1000| 70344| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1061| ocpubres.dll| 16.0.4522.1000| 1513152| | \nlync.ocpubres.dll_1061| ocpubres.dll| 16.0.4522.1000| 1513152| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1061| ucaddinres.dll| 16.0.4561.1000| 177864| | \nlync.ucaddinres.dll_1061| ucaddinres.dll| 16.0.4561.1000| 177864| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1035| lyncdesktopresources.dll| 16.0.4588.1000| 358608| | \nlync.lyncdesktopresour.dll_1035| lyncdesktopresources.dll| 16.0.4588.1000| 358608| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1035| ocapires.dll| 16.0.4483.1000| 72392| | \nlync.ocapires.dll_1035| ocapires.dll| 16.0.4483.1000| 72392| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1035| ocpubres.dll| 16.0.4522.1000| 1514696| | \nlync.ocpubres.dll_1035| ocpubres.dll| 16.0.4522.1000| 1514696| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1035| ucaddinres.dll| 16.0.4561.1000| 178384| | \nlync.ucaddinres.dll_1035| ucaddinres.dll| 16.0.4561.1000| 178384| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1035| uccapires.dll| 16.0.4534.1000| 1294544| | \nlync.uccapires.dll_1035| uccapires.dll| 16.0.4534.1000| 1294544| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| | \nlync.lyncdesktopresour.dll_1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1036| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1036| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1036| ucaddinres.dll| 16.0.4561.1000| 182976| | \nlync.ucaddinres.dll_1036| ucaddinres.dll| 16.0.4561.1000| 182976| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| | \nlync.lyncdesktopresour.dll_1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1037| ocapires.dll| 16.0.4483.1000| 65736| | \nlync.ocapires.dll_1037| ocapires.dll| 16.0.4483.1000| 65736| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1037| ucaddinres.dll| 16.0.4561.1000| 172744| | \nlync.ucaddinres.dll_1037| ucaddinres.dll| 16.0.4561.1000| 172744| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| | \nlync.lyncdesktopresour.dll_1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1081| ocapires.dll| 16.0.4483.1000| 81088| | \nlync.ocapires.dll_1081| ocapires.dll| 16.0.4483.1000| 81088| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1081| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_1081| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| | \nlync.lyncdesktopresour.dll_1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1050| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1050| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1050| ocpubres.dll| 16.0.4498.1000| 1514688| | \nlync.ocpubres.dll_1050| ocpubres.dll| 16.0.4498.1000| 1514688| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1050| ucaddinres.dll| 16.0.4561.1000| 180408| | \nlync.ucaddinres.dll_1050| ucaddinres.dll| 16.0.4561.1000| 180408| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1050| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1050| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1038| lyncdesktopresources.dll| 16.0.4588.1000| 386768| | \nlync.lyncdesktopresour.dll_1038| lyncdesktopresources.dll| 16.0.4588.1000| 386768| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1038| ocapires.dll| 16.0.4483.1000| 81104| | \nlync.ocapires.dll_1038| ocapires.dll| 16.0.4483.1000| 81104| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1038| ocpubres.dll| 16.0.4534.1000| 1515728| | \nlync.ocpubres.dll_1038| ocpubres.dll| 16.0.4534.1000| 1515728| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1038| ucaddinres.dll| 16.0.4561.1000| 180944| | \nlync.ucaddinres.dll_1038| ucaddinres.dll| 16.0.4561.1000| 180944| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| | \nlync.lyncdesktopresour.dll_1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1057| ocapires.dll| 16.0.4483.1000| 70352| | \nlync.ocapires.dll_1057| ocapires.dll| 16.0.4483.1000| 70352| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1057| ucaddinres.dll| 16.0.4561.1000| 177872| | \nlync.ucaddinres.dll_1057| ucaddinres.dll| 16.0.4561.1000| 177872| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| | \nlync.lyncdesktopresour.dll_1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1040| ocapires.dll| 16.0.4483.1000| 71880| | \nlync.ocapires.dll_1040| ocapires.dll| 16.0.4483.1000| 71880| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1040| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_1040| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1041| lyncdesktopresources.dll| 16.0.4588.1000| 369360| | \nlync.lyncdesktopresour.dll_1041| lyncdesktopresources.dll| 16.0.4588.1000| 369360| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1041| ocapires.dll| 16.0.4483.1000| 74448| | \nlync.ocapires.dll_1041| ocapires.dll| 16.0.4483.1000| 74448| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1041| ucaddinres.dll| 16.0.4561.1000| 167632| | \nlync.ucaddinres.dll_1041| ucaddinres.dll| 16.0.4561.1000| 167632| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1087| lyncdesktopresources.dll| 16.0.4588.1000| 391368| | \nlync.lyncdesktopresour.dll_1087| lyncdesktopresources.dll| 16.0.4588.1000| 391368| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1087| ocapires.dll| 16.0.4483.1000| 82632| | \nlync.ocapires.dll_1087| ocapires.dll| 16.0.4483.1000| 82632| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1087| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1087| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1087| uccapires.dll| 16.0.4522.1000| 1294528| | \nlync.uccapires.dll_1087| uccapires.dll| 16.0.4522.1000| 1294528| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| | \nlync.lyncdesktopresour.dll_1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1042| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1042| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1042| ucaddinres.dll| 16.0.4561.1000| 167112| | \nlync.ucaddinres.dll_1042| ucaddinres.dll| 16.0.4561.1000| 167112| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| | \nlync.lyncdesktopresour.dll_1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1063| ocapires.dll| 16.0.4483.1000| 74424| | \nlync.ocapires.dll_1063| ocapires.dll| 16.0.4483.1000| 74424| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1063| ocpubres.dll| 16.0.4483.1000| 1514168| | \nlync.ocpubres.dll_1063| ocpubres.dll| 16.0.4483.1000| 1514168| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1063| ucaddinres.dll| 16.0.4561.1000| 179384| | \nlync.ucaddinres.dll_1063| ucaddinres.dll| 16.0.4561.1000| 179384| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1062| lyncdesktopresources.dll| 16.0.4588.1000| 370352| | \nlync.lyncdesktopresour.dll_1062| lyncdesktopresources.dll| 16.0.4588.1000| 370352| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1062| ocapires.dll| 16.0.4534.1000| 74928| | \nlync.ocapires.dll_1062| ocapires.dll| 16.0.4534.1000| 74928| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1062| ocpubres.dll| 16.0.4534.1000| 1514672| | \nlync.ocpubres.dll_1062| ocpubres.dll| 16.0.4534.1000| 1514672| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1062| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1062| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1062| uccapires.dll| 16.0.4534.1000| 1295024| | \nlync.uccapires.dll_1062| uccapires.dll| 16.0.4534.1000| 1295024| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1086| lyncdesktopresources.dll| 16.0.4588.1000| 360136| | \nlync.lyncdesktopresour.dll_1086| lyncdesktopresources.dll| 16.0.4588.1000| 360136| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1086| ocapires.dll| 16.0.4483.1000| 71368| | \nlync.ocapires.dll_1086| ocapires.dll| 16.0.4483.1000| 71368| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1086| ocpubres.dll| 16.0.4324.1000| 1514184| | \nlync.ocpubres.dll_1086| ocpubres.dll| 16.0.4324.1000| 1514184| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1086| ucaddinres.dll| 16.0.4561.1000| 179408| | \nlync.ucaddinres.dll_1086| ucaddinres.dll| 16.0.4561.1000| 179408| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1044| lyncdesktopresources.dll| 16.0.4588.1000| 352464| | \nlync.lyncdesktopresour.dll_1044| lyncdesktopresources.dll| 16.0.4588.1000| 352464| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1044| ocapires.dll| 16.0.4483.1000| 70856| | \nlync.ocapires.dll_1044| ocapires.dll| 16.0.4483.1000| 70856| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1044| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1044| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| | \nlync.lyncdesktopresour.dll_1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1043| ocapires.dll| 16.0.4516.1000| 74456| | \nlync.ocapires.dll_1043| ocapires.dll| 16.0.4516.1000| 74456| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1043| ucaddinres.dll| 16.0.4561.1000| 180952| | \nlync.ucaddinres.dll_1043| ucaddinres.dll| 16.0.4561.1000| 180952| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1045| lyncdesktopresources.dll| 16.0.4588.1000| 382144| | \nlync.lyncdesktopresour.dll_1045| lyncdesktopresources.dll| 16.0.4588.1000| 382144| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1045| ocapires.dll| 16.0.4483.1000| 79552| | \nlync.ocapires.dll_1045| ocapires.dll| 16.0.4483.1000| 79552| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1045| ocpubres.dll| 16.0.4483.1000| 1516736| | \nlync.ocpubres.dll_1045| ocpubres.dll| 16.0.4483.1000| 1516736| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1045| ucaddinres.dll| 16.0.4561.1000| 180928| | \nlync.ucaddinres.dll_1045| ucaddinres.dll| 16.0.4561.1000| 180928| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| | \nlync.lyncdesktopresour.dll_1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1046| ocapires.dll| 16.0.4534.1000| 72912| | \nlync.ocapires.dll_1046| ocapires.dll| 16.0.4534.1000| 72912| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1046| ucaddinres.dll| 16.0.4561.1000| 179920| | \nlync.ucaddinres.dll_1046| ucaddinres.dll| 16.0.4561.1000| 179920| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| | \nlync.lyncdesktopresour.dll_2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.2070| ocapires.dll| 16.0.4483.1000| 73424| | \nlync.ocapires.dll_2070| ocapires.dll| 16.0.4483.1000| 73424| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.2070| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_2070| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| | \nlync.lyncdesktopresour.dll_1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1048| ocapires.dll| 16.0.4483.1000| 80592| | \nlync.ocapires.dll_1048| ocapires.dll| 16.0.4483.1000| 80592| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1048| ocpubres.dll| 16.0.4534.1000| 1517264| | \nlync.ocpubres.dll_1048| ocpubres.dll| 16.0.4534.1000| 1517264| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1048| ucaddinres.dll| 16.0.4561.1000| 180424| | \nlync.ucaddinres.dll_1048| ucaddinres.dll| 16.0.4561.1000| 180424| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1049| ocapires.dll| 16.0.4471.1000| 75968| | \nlync.ocapires.dll_1049| ocapires.dll| 16.0.4471.1000| 75968| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1049| ocpubres.dll| 16.0.4549.1000| 1514696| | \nlync.ocpubres.dll_1049| ocpubres.dll| 16.0.4549.1000| 1514696| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1049| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1049| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 05:02 \nlync.uccapires.dll.x64.1049| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1049| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1051| lyncdesktopresources.dll| 16.0.4588.1000| 385232| | \nlync.lyncdesktopresour.dll_1051| lyncdesktopresources.dll| 16.0.4588.1000| 385232| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1051| ocapires.dll| 16.0.4483.1000| 79056| | \nlync.ocapires.dll_1051| ocapires.dll| 16.0.4483.1000| 79056| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1051| ocpubres.dll| 16.0.4483.1000| 1514696| | \nlync.ocpubres.dll_1051| ocpubres.dll| 16.0.4483.1000| 1514696| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1051| ucaddinres.dll| 16.0.4561.1000| 179408| | \nlync.ucaddinres.dll_1051| ucaddinres.dll| 16.0.4561.1000| 179408| 24-Aug-17| 05:02 \nlync.uccapires.dll.x64.1051| uccapires.dll| 16.0.4522.1000| 1295560| | \nlync.uccapires.dll_1051| uccapires.dll| 16.0.4522.1000| 1295560| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| | \nlync.lyncdesktopresour.dll_1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1060| ocapires.dll| 16.0.4483.1000| 73416| | \nlync.ocapires.dll_1060| ocapires.dll| 16.0.4483.1000| 73416| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1060| ocpubres.dll| 16.0.4483.1000| 1514696| | \nlync.ocpubres.dll_1060| ocpubres.dll| 16.0.4483.1000| 1514696| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1060| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1060| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| | \nlync.lyncdesktopresour.dll_2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.2074| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_2074| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.9242| lyncdesktopresources.dll| 16.0.4588.1000| 365240| | \nlync.lyncdesktopresour.dll_9242| lyncdesktopresources.dll| 16.0.4588.1000| 365240| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.9242| ocapires.dll| 16.0.4483.1000| 73400| | \nlync.ocapires.dll_9242| ocapires.dll| 16.0.4483.1000| 73400| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.9242| ucaddinres.dll| 16.0.4561.1000| 178360| | \nlync.ucaddinres.dll_9242| ucaddinres.dll| 16.0.4561.1000| 178360| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| | \nlync.lyncdesktopresour.dll_1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1053| ocapires.dll| 16.0.4483.1000| 71360| | \nlync.ocapires.dll_1053| ocapires.dll| 16.0.4483.1000| 71360| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1053| ocpubres.dll| 16.0.4522.1000| 1515200| | \nlync.ocpubres.dll_1053| ocpubres.dll| 16.0.4522.1000| 1515200| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1053| ucaddinres.dll| 16.0.4561.1000| 177856| | \nlync.ucaddinres.dll_1053| ucaddinres.dll| 16.0.4561.1000| 177856| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1054| lyncdesktopresources.dll| 16.0.4588.1000| 369872| | \nlync.lyncdesktopresour.dll_1054| lyncdesktopresources.dll| 16.0.4588.1000| 369872| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1054| ocapires.dll| 16.0.4483.1000| 74960| | \nlync.ocapires.dll_1054| ocapires.dll| 16.0.4483.1000| 74960| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1054| ocpubres.dll| 16.0.4483.1000| 1512136| | \nlync.ocpubres.dll_1054| ocpubres.dll| 16.0.4483.1000| 1512136| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1054| ucaddinres.dll| 16.0.4561.1000| 176848| | \nlync.ucaddinres.dll_1054| ucaddinres.dll| 16.0.4561.1000| 176848| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1055| lyncdesktopresources.dll| 16.0.4588.1000| 377536| | \nlync.lyncdesktopresour.dll_1055| lyncdesktopresources.dll| 16.0.4588.1000| 377536| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1055| ocapires.dll| 16.0.4471.1000| 77496| | \nlync.ocapires.dll_1055| ocapires.dll| 16.0.4471.1000| 77496| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1055| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1055| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| | \nlync.lyncdesktopresour.dll_1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1058| ocapires.dll| 16.0.4471.1000| 76992| | \nlync.ocapires.dll_1058| ocapires.dll| 16.0.4471.1000| 76992| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1058| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1058| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 05:02 \nlync.uccapires.dll.x64.1058| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1058| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1066| lyncdesktopresources.dll| 16.0.4588.1000| 393928| | \nlync.lyncdesktopresour.dll_1066| lyncdesktopresources.dll| 16.0.4588.1000| 393928| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1066| ocapires.dll| 16.0.4483.1000| 81104| | \nlync.ocapires.dll_1066| ocapires.dll| 16.0.4483.1000| 81104| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1066| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1066| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| | \nlync.lyncdesktopresour.dll_2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.2052| ocapires.dll| 16.0.4516.1000| 66768| | \nlync.ocapires.dll_2052| ocapires.dll| 16.0.4516.1000| 66768| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.2052| ocpubres.dll| 16.0.4483.1000| 1498832| | \nlync.ocpubres.dll_2052| ocpubres.dll| 16.0.4483.1000| 1498832| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.2052| ucaddinres.dll| 16.0.4561.1000| 164040| | \nlync.ucaddinres.dll_2052| ucaddinres.dll| 16.0.4561.1000| 164040| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| | \nlync.lyncdesktopresour.dll_1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1028| ocapires.dll| 16.0.4483.1000| 66752| | \nlync.ocapires.dll_1028| ocapires.dll| 16.0.4483.1000| 66752| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1028| ucaddinres.dll| 16.0.4561.1000| 164032| | \nlync.ucaddinres.dll_1028| ucaddinres.dll| 16.0.4561.1000| 164032| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| | \nlync.lyncdesktopresour.dll_1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| 24-Aug-17| 04:58 \nlync.ocapires.dll.x64.1033| ocapires.dll| 16.0.4462.1000| 68808| | \nlync.ocapires.dll_1033| ocapires.dll| 16.0.4462.1000| 68808| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x64.1033| ocpubres.dll| 16.0.4462.1000| 1512656| | \nlync.ocpubres.dll_1033| ocpubres.dll| 16.0.4462.1000| 1512656| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x64.1033| ucaddinres.dll| 16.0.4561.1000| 175816| | \nlync.ucaddinres.dll_1033| ucaddinres.dll| 16.0.4561.1000| 175816| 24-Aug-17| 04:58 \nlync.appsharinghookcontroller64.exe.x64| appsharinghookcontroller64.exe| 16.0.4480.1000| 48336| 24-Aug-17| 04:53 \nlync.appsharingmediapr.dll| appsharingmediaprovider.dll| 16.0.4585.1000| 159440| 24-Aug-17| 04:59 \nautohelper.dll| autohelper.dll| 16.0.4582.1000| 107728| 24-Aug-17| 04:52 \nlync.lync.exe| lync.exe| 16.0.4588.1000| 27054800| 24-Aug-17| 04:59 \nlync.man| lync.exe.manifest| | 3278| 24-Aug-17| 04:59 \nlync.lync99.exe| lync99.exe| 16.0.4585.1000| 769744| 24-Aug-17| 04:59 \nlync.lyncdesktopsmartbitmapresources.dll| lyncdesktopsmartbitmapresources.dll| | 39311048| 24-Aug-17| 04:59 \nlync.lyncdesktopviewmo.dll| lyncdesktopviewmodel.dll| 16.0.4585.1000| 17263312| 24-Aug-17| 04:59 \nlync.lyncmodelproxy.dll| lyncmodelproxy.dll| 16.0.4582.1000| 2152656| 24-Aug-17| 04:59 \nlync.meetingjoinaxoc.dll| meetingjoinaxoc.dll| 16.0.4480.1000| 92880| 24-Aug-17| 04:59 \nlync.meetingjoinaxoc.dll.x64| meetingjoinaxoc.dll| 16.0.4480.1000| 92880| | \nlync.ochelper.dll| ochelper.dll| 16.0.4585.1000| 236752| 24-Aug-17| 04:59 \nlync.ochelper.dll.x64| ochelper.dll| 16.0.4585.1000| 236752| | \nlync.ocimport.dll| ocimport.dll| 16.0.4585.1000| 1070856| 24-Aug-17| 04:59 \nlync.ocoffice.dll| ocoffice.dll| 16.0.4588.1000| 648392| 24-Aug-17| 04:59 \nlync.ocpubmgr.exe| ocpubmgr.exe| 16.0.4585.1000| 1977136| 24-Aug-17| 04:59 \nlync.ocrec.dll| ocrec.dll| 16.0.4585.1000| 904400| 24-Aug-17| 04:59 \nlync.psom.dll| psom.dll| 16.0.4585.1000| 1389264| 24-Aug-17| 04:59 \nlync.mlmodel.zip| microsoft.lync.model.zip| | 86714| 24-Aug-17| 04:59 \nlync.uc.dll| uc.dll| 16.0.4585.1000| 39769928| 24-Aug-17| 04:59 \nlync.ucaddin.dll| ucaddin.dll| 16.0.4561.1000| 1484496| 24-Aug-17| 04:59 \nlync.uccapi.dll| uccapi.dll| 16.0.4585.1000| 10152712| 24-Aug-17| 04:59 \nlync.ucmapi.exe| ucmapi.exe| 16.0.4585.1000| 1299664| 24-Aug-17| 04:59 \nlync.win32msgqueue.dll| win32msgqueue.dll| 16.0.4585.1000| 105736| 24-Aug-17| 04:59 \nlync.appsharinghookcontroller.exe.x86| appsharinghookcontroller.exe| 16.0.4432.1000| 42704| 24-Aug-17| 04:52 \nautohelper.dll| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:52 \nautohelper.dll.x86| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:59 \nlync.npmeetingjoinpluginoc.dll.x86| npmeetingjoinpluginoc.dll| 16.0.4288.1000| 39192| 24-Aug-17| 04:52 \nf_propertymodel| propertymodel.dll| 16.0.4288.1000| 1361504| | \nlync.e.propertymodel.dll| propertymodel.dll| 16.0.4288.1000| 1361504| 24-Aug-17| 04:59 \nf_propertymodelproxy| propertymodelproxy.dll| 16.0.4288.1000| 494272| | \nlync.propertymodelprox.dll| propertymodelproxy.dll| 16.0.4288.1000| 494272| 24-Aug-17| 04:59 \nlync.appshapi.dll| appshapi.dll| 5.0.8308.902| 3197736| 24-Aug-17| 04:59 \nlync.appshcom.dll| appshcom.dll| 5.0.8308.902| 361256| 24-Aug-17| 04:59 \nlync.appshvw.dll| appshvw.dll| 5.0.8308.902| 3413800| 24-Aug-17| 04:59 \nlync.rtmcodecs.dll| rtmcodecs.dll| 6.0.8953.268| 3836560| 24-Aug-17| 04:59 \nlync.rtmmediamanager.dll| rtmmediamanager.dll| 6.0.8953.268| 784528| 24-Aug-17| 04:59 \nlync.rtmmvras.dll| rtmmvras.dll| 6.0.8953.268| 80528| 24-Aug-17| 04:59 \nlync.rtmmvrcs.dll| rtmmvrcs.dll| 6.0.8953.268| 56464| 24-Aug-17| 04:59 \nlync.rtmmvrhw.dll| rtmmvrhw.dll| 6.0.8953.268| 75408| 24-Aug-17| 04:59 \nlync.rtmmvrsplitter.dll| rtmmvrsplitter.dll| 6.0.8953.268| 42640| 24-Aug-17| 04:59 \nlync.rtmpal.dll| rtmpal.dll| 6.0.8953.268| 2973328| 24-Aug-17| 04:59 \nlync.rtmpltfm.dll| rtmpltfm.dll| 6.0.8953.268| 9369744| 24-Aug-17| 04:59 \nlync.vc1decodermftdll.dll| rtmvc1decmft.dll| 6.0.8953.268| 354448| 24-Aug-17| 04:59 \nlync.ssscreenvvs.dll| ssscreenvvs.dll| 6.0.8953.268| 156816| 24-Aug-17| 04:59 \nlync.ocintldate.dll| ocintldate.dll| 6.0.8939.40| 99008| 24-Aug-17| 04:59 \nlync.ocmsptls.dll| ocmsptls.dll| 6.0.8939.40| 1103032| 24-Aug-17| 04:59 \nlync.ocogl.dll| ocogl.dll| 6.0.8939.40| 2077352| 24-Aug-17| 04:59 \nlync.ocpptview.dll| ocpptview.dll| 6.0.8939.40| 2489528| 24-Aug-17| 04:59 \nlync.ocppvwintl.dll| ocppvwintl.dll| 6.0.8939.40| 350912| 24-Aug-17| 04:59 \nlync.ocsaext.dll| ocsaext.dll| 6.0.8939.40| 332976| 24-Aug-17| 04:59 \nlync.lynchtmlconv.exe| lynchtmlconv.exe| 16.0.4588.1000| 12027080| 24-Aug-17| 04:59 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Skype for Business 2016: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4011040", "href": "https://support.microsoft.com/en-us/help/4011040", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:15:50", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>) and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 1 for Microsoft Office Web Apps Server 2013](<http://support.microsoft.com/kb/2880558>) installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issue:\n\n * Improve the translation of the notification message when an operation takes longer than 10 seconds in Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213562>) website.\n\n### Method 2: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213562 for the 64-bit version of Office Web Apps Server 2013](<http://www.microsoft.com/download/details.aspx?familyid=2148c1a7-92ae-481b-9305-a9f2231ec46e>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nwacserver2013-kb3213562-fullfile-x64-glb.exe| A56B2443AE7317B2F4E34566B165803D3012C6D8| DDA2938E4216283630AD12033EC6D50842DA30CC1295A17D921C14825D26BC31 \n \n### File information\n\nFor the list of files that cumulative update 3213562 contains, download the [file information for update 3213562](<http://download.microsoft.com/download/f/f/d/ffd33910-893d-4d97-ace7-352a492762b7/3213562.csv>).\n\n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on SharePoint: [SharePoint User Voice portal](<http://sharepoint.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office Web Apps Server 2013: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8742"], "modified": "2017-09-12T07:00:00", "id": "KB3213562", "href": "https://support.microsoft.com/en-us/help/3213562", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:33", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>) and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 2 for SharePoint Server 2010 Office Web Apps](<http://support.microsoft.com/kb/2687470>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213632>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213632 for the 64-bit version of SharePoint Server 2010 Office Web Apps](<http://www.microsoft.com/download/details.aspx?familyid=4adf8370-4702-4957-9c56-0634f5f32dc1>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nwac2010-kb3213632-fullfile-x64-glb.exe| 0C7D7F509E2EF676F335FC6A4B8E420133DB102B| B78F6540596E6E94618C2D71381DED007C1E147E3D4AC6FC266648782CCDEFF8 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x64-based versions of SharePoint Server 2010 Office Web Apps| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nadmin.createeditwsapp.aspx| createeditwordserviceapp.aspx| | 6,045| 12-Feb-2013| 10:19 \nadmin.ovsconfig.aspx| ovsconfig.aspx| | 8,316| 12-Feb-2013| 10:19 \narialn.ttf| arialn.ttf| | 175,956| 02-Oct-2014| 07:03 \narialnb.ttf| arialnb.ttf| | 180,740| 02-Oct-2014| 07:03 \narialnbi.ttf| arialnbi.ttf| | 180,084| 02-Oct-2014| 07:03 \narialni.ttf| arialni.ttf| | 181,124| 02-Oct-2014| 07:03 \nbootedit.js| bootedit.js| | 841,280| 31-Jan-2014| 08:49 \nbootview.js| bootview.js| | 692,227| 01-Nov-2012| 07:56 \newa.js| ewa.js| | 760,645| 15-Mar-2017| 03:05 \ngetdata.ashx| | | 232| 08-Dec-2010| 08:02 \nmicrosoft.office.server.powerpoint.pipe.adjacency.thmx| | | 53,418| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.angles.thmx| | | 69,784| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.apex.thmx| | | 259,111| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.apothecary.thmx| | | 88,662| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.aspect.thmx| | | 68,069| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.austin.thmx| | | 95,803| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.blacktie.thmx| | | 655,107| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.calligraphy.thmx| | | 176,244| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.civic.thmx| | | 101,393| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.clarity.thmx| | | 67,060| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.composite.thmx| | | 568,653| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.concourse.thmx| | | 74,765| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.couture.thmx| | | 2,003,652| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.crane.thmx| | | 179,179| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.decatur.thmx| | | 156,954| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.dragon.thmx| | | 226,696| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.elemental.thmx| | | 349,663| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.equity.thmx| | | 69,473| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.essential.thmx| | | 49,784| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.executive.thmx| | | 55,112| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.fan.thmx| | | 165,690| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.flow.thmx| | | 65,704| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.foundry.thmx| | | 63,508| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.grace.thmx| | | 315,975| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.grid.thmx| | | 53,984| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.hardcover.thmx| | | 393,281| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.horizon.thmx| | | 245,451| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.hunting.thmx| | | 149,384| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.interface.dll| microsoft.office.server.powerpoint.pipe.interface.dll| 14.0.7123.5001| 43,712| 22-Apr-2014| 07:34 \nmicrosoft.office.server.powerpoint.pipe.kilter.thmx| | | 86,347| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.macro.thmx| | | 202,511| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.median.thmx| | | 83,623| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.metro.thmx| | | 80,625| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.module.thmx| | | 88,122| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.mylar.thmx| | | 270,123| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.newsprint.thmx| | | 617,159| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.opulent.thmx| | | 78,521| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.oriel.thmx| | | 93,940| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.origin.thmx| | | 87,051| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.paper.thmx| | | 270,822| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.perspective.thmx| | | 53,594| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.phoenix.thmx| | | 153,672| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.pushpin.thmx| | | 825,294| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.scrollwork.thmx| | | 167,498| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.sketchbook.thmx| | | 980,113| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.slipstream.thmx| | | 67,304| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.soho.thmx| | | 856,015| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.solstice.thmx| | | 74,912| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.springtime.thmx| | | 577,009| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.summer.thmx| | | 75,155| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.technic.thmx| | | 68,995| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.thatch.thmx| | | 89,461| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.tradeshow.thmx| | | 56,683| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.trek.thmx| | | 172,604| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.urban.thmx| | | 64,624| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.urbanpop.thmx| | | 113,739| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.verve.thmx| | | 75,264| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.waveform.thmx| | | 181,889| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.windinthepines.thmx| | | 568,923| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.wistaria.thmx| | | 416,280| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.wrapper.thmx| | | 156,519| 08-Dec-2010| 07:49 \nmicrosoft.office.web.common.dll| microsoft.office.web.common.dll| 14.0.7102.5000| 1,145,536| 23-May-2013| 09:46 \nmicrosoft.office.web.common.intl.resources.dll_1033| microsoft.office.web.common.intl.resources.dll| 14.0.6015.1000| 22,400| 21-Dec-2010| 11:44 \nmicrosoft.office.web.csiwrapper.dll| microsoft.office.web.csiwrapper.dll| 14.0.7159.5000| 2,366,048| 03-Sep-2015| 11:45 \nmicrosoft.office.web.environment.sharepoint.dll| microsoft.office.web.environment.sharepoint.dll| 14.0.7130.5000| 858,808| 16-Jul-2014| 03:17 \nmicrosoft.office.web.environment.sharepoint.uls.native.dll| microsoft.office.web.environment.sharepoint.uls.native.dll| 14.0.7011.1000| 454,336| 06-Mar-2013| 04:02 \nmicrosoft.office.web.mobilewordviewer.dll| microsoft.office.web.mobilewordviewer.dll| 14.0.7160.5000| 117,440| 16-Sep-2015| 12:19 \nmicrosoft.office.web.nativeutils.dll| microsoft.office.web.nativeutils.dll| 14.0.7104.5000| 172,224| 26-Jun-2013| 05:09 \nmicrosoft.office.web.sandbox.dll| microsoft.office.web.sandbox.dll| 14.0.7008.1000| 126,576| 09-Jan-2013| 08:45 \nmimagehandler.ashx| mimagehandler.ashx| | 286| 12-Feb-2013| 10:30 \nmppt.aspx| mppt.aspx| | 568| 12-Feb-2013| 10:30 \nmpptbroadcast.aspx| mpptbroadcast.aspx| | 4,994| 12-Feb-2013| 10:32 \npowerpoint.aspx| powerpoint.aspx| | 2,840| 12-Feb-2013| 10:32 \npowerpointapplicationproperties.aspx| powerpointapplicationproperties.aspx| | 6,311| 12-Feb-2013| 10:30 \npowerpointbroadcasthostdisco.aspx| powerpointbroadcasthostdisco.aspx| | 1,364| 12-Feb-2013| 10:31 \npowerpointbroadcasthostwsdl.aspx| powerpointbroadcasthostwsdl.aspx| | 6,999| 12-Feb-2013| 10:31 \npowerpointbroadcasthost_1_0disco.aspx| powerpointbroadcasthost_1_0disco.aspx| | 1,372| 12-Feb-2013| 10:31 \npowerpointbroadcasthost_1_0wsdl.aspx| powerpointbroadcasthost_1_0wsdl.aspx| | 15,609| 12-Feb-2013| 10:32 \npowerpointframe.aspx| powerpointframe.aspx| | 2,019| 12-Feb-2013| 10:30 \npowerpointintl.js| | | 62,880| 08-Dec-2010| 08:03 \npowerpointintl.js_1033| powerpointintl.js| | 62,880| 08-Dec-2010| 08:03 \npowerpointservicemanage.aspx| powerpointservicemanage.aspx| | 6,391| 12-Feb-2013| 10:30 \nppt.autofademsgbg.png| | | 195| 03-Sep-2009| 04:01 \nppt.autofademsgbg.png_1033| autofademsgbg.png| | 195| 03-Sep-2009| 04:01 \nppt.blank.png| | | 89| 03-Sep-2009| 04:01 \nppt.blank.png_1033| blank.png| | 89| 03-Sep-2009| 04:01 \nppt.broadcastsitetemplate.default.aspx| default.aspx| | 3,329| 12-Feb-2013| 10:30 \nppt.cluster.css| | | 14,462| 08-Dec-2010| 04:41 \nppt.cluster.css_1033| powerpointimagecluster.css| | 14,462| 08-Dec-2010| 04:41 \nppt.conversion.cultures.office.odf| office.odf| 14.0.7130.5000| 4,300,456| 16-Jul-2014| 01:52 \nppt.edit.exp_pdf_server.dll| exp_pdf_server.dll| 14.0.7180.5000| 141,040| 15-Mar-2017| 01:26 \nppt.edit.exp_xps_server.dll| exp_xps_server.dll| 14.0.7180.5000| 82,672| 15-Mar-2017| 01:26 \nppt.edit.gfxserver.dll| gfxserver.dll| 14.0.7180.5000| 2,547,432| 15-Mar-2017| 01:32 \nppt.edit.microsoft.office.server.powerpoint.core.webedit.dll| microsoft.office.server.powerpoint.core.webedit.dll| 14.0.7152.5000| 103,080| 27-May-2015| 03:25 \nppt.edit.microsoft.office.web.environment.sharepoint.uls.native.dll| microsoft.office.web.environment.sharepoint.uls.native.dll| 14.0.7011.1000| 454,336| 06-Mar-2013| 04:02 \nppt.edit.msores.dll| msores.dll| 14.0.7109.5000| 72,524,480| 06-Sep-2013| 01:37 \nppt.edit.msoserver.dll| msoserver.dll| 14.0.7188.5000| 21,359,872| 24-Aug-2017| 07:47 \nppt.edit.msptls.dll| msptls.dll| 14.0.7164.5000| 1,199,296| 11-Nov-2015| 09:06 \nppt.edit.oartserver.dll| oartserver.dll| 14.0.7180.5000| 29,851,880| 15-Mar-2017| 02:20 \nppt.edit.ogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nppt.edit.ppserver.dll| ppserver.dll| 14.0.7188.5000| 6,842,056| 24-Aug-2017| 08:56 \nppt.edit.riched20.dll| riched20.dll| 14.0.7155.5000| 1,865,384| 16-Jul-2015| 09:29 \nppt.edit.wac_usp10.dll_0002| usp10.dll| 1.0626.7601.23883 (win7sp1_ldr.170803-0600)| 829,104| 27-Aug-2017| 09:08 \nppt.gkpowerpoint.dll| gkpowerpoint.dll| 14.0.7170.5000| 2,800,896| 18-May-2016| 06:13 \nppt.hdot.png| | | 125| 03-Sep-2009| 04:02 \nppt.hdot.png_1033| hdot.png| | 125| 03-Sep-2009| 04:02 \nppt.layoutthumbs.png| | | 7,524| 08-Dec-2010| 04:42 \nppt.layoutthumbs.png_1033| layoutthumbs.png| | 7,524| 08-Dec-2010| 04:42 \nppt.microsoft.office.web.environment.sharepoint.uls.native.dll| microsoft.office.web.environment.sharepoint.uls.native.dll| 14.0.7011.1000| 454,336| 06-Mar-2013| 04:02 \nppt.navtoolbarbg.png| | | 2,828| 03-Sep-2009| 04:02 \nppt.navtoolbarbg.png_1033| navtoolbarbg.png| | 2,828| 03-Sep-2009| 04:02 \nppt.office.exp_pdf_server.dll| exp_pdf_server.dll| 14.0.7180.5000| 141,040| 15-Mar-2017| 01:26 \nppt.office.exp_xps_server.dll| exp_xps_server.dll| 14.0.7180.5000| 82,672| 15-Mar-2017| 01:26 \nppt.office.gfxserver.dll| gfxserver.dll| 14.0.7180.5000| 2,547,432| 15-Mar-2017| 01:32 \nppt.office.msores.dll| msores.dll| 14.0.7109.5000| 72,524,480| 06-Sep-2013| 01:37 \nppt.office.msoserver.dll| msoserver.dll| 14.0.7188.5000| 21,359,872| 24-Aug-2017| 07:47 \nppt.office.msptls.dll| msptls.dll| 14.0.7164.5000| 1,199,296| 11-Nov-2015| 09:06 \nppt.office.oartserver.dll| oartserver.dll| 14.0.7180.5000| 29,851,880| 15-Mar-2017| 02:20 \nppt.office.ogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nppt.office.riched20.dll| riched20.dll| 14.0.7155.5000| 1,865,384| 16-Jul-2015| 09:29 \nppt.pat.png| | | 14,172| 18-Sep-2009| 07:59 \nppt.pat.png_1033| pat.png| | 14,172| 18-Sep-2009| 07:59 \nppt.peat.png| | | 558,856| 08-Dec-2010| 04:41 \nppt.pegal.png| | | 138,972| 03-Sep-2009| 04:03 \nppt.pegal.png_1033| pegal.png| | 138,972| 03-Sep-2009| 04:03 \nppt.per.png| | | 80,683| 08-Dec-2010| 04:45 \nppt.per.png_1033| per.png| | 80,683| 08-Dec-2010| 04:45 \nppt.phpreview.png| | | 1,311| 03-Sep-2009| 04:02 \nppt.phthumb.png| | | 367| 03-Sep-2009| 04:02 \nppt.ppserver.dll| ppserver.dll| 14.0.7188.5000| 6,842,056| 24-Aug-2017| 08:56 \nppt.pptbgx.png| | | 3,250| 03-Sep-2009| 04:03 \nppt.pptbgx.png_1033| pptbgx.png| | 3,250| 03-Sep-2009| 04:03 \nppt.ppteditorbggradient.png| | | 6,870| 03-Sep-2009| 04:02 \nppt.ppteditorbggradient.png_1033| ppteditorbggradient.png| | 6,870| 03-Sep-2009| 04:02 \nppt.pptviewerbggradient.png| | | 5,239| 03-Sep-2009| 04:02 \nppt.pptviewerbggradient.png_1033| pptviewerbggradient.png| | 5,239| 03-Sep-2009| 04:02 \nppt.pptviewernotesgradient.png| | | 2,813| 03-Sep-2009| 04:02 \nppt.pptviewernotesgradient.png_1033| pptviewernotesgradient.png| | 2,813| 03-Sep-2009| 04:02 \nppt.prt.png| | | 46,686| 08-Dec-2010| 04:45 \nppt.prt.png_1033| prt.png| | 46,686| 08-Dec-2010| 04:45 \nppt.rbgbbg.png| | | 173| 03-Sep-2009| 04:02 \nppt.rbgbbg.png_1033| rbgbbg.png| | 173| 03-Sep-2009| 04:02 \nppt.rbgrpbdr.png| | | 172| 03-Sep-2009| 04:02 \nppt.rbgrpbdr.png_1033| rbgrpbdr.png| | 172| 03-Sep-2009| 04:02 \nppt.ribbonbg.png| | | 3,052| 03-Sep-2009| 04:02 \nppt.ribbonbg.png_1033| ribbonbg.png| | 3,052| 03-Sep-2009| 04:02 \nppt.rmgrad16.png| | | 116| 18-Sep-2009| 07:58 \nppt.rmgrad16.png_1033| rmgrad16.png| | 116| 18-Sep-2009| 07:58 \nppt.rmgrad16rtl.png| | | 114| 18-Sep-2009| 07:58 \nppt.rmgrad16rtl.png_1033| rmgrad16rtl.png| | 114| 18-Sep-2009| 07:58 \nppt.rsempty.gif| | | 226| 03-Sep-2009| 04:02 \nppt.rsfull.gif| | | 342| 03-Sep-2009| 04:02 \nppt.rshalf.gif| | | 341| 03-Sep-2009| 04:02 \nppt.search.png| | | 3,369| 03-Sep-2009| 04:02 \nppt.slidemenusectionnormalbg| | | 2,815| 03-Sep-2009| 04:02 \nppt.slidemenusectionnormalbg_1033| slidemenusectionnormalbg.png| | 2,815| 03-Sep-2009| 04:02 \nppt.slidemenusectionselectedbg| | | 2,822| 03-Sep-2009| 04:02 \nppt.slidemenusectionselectedbg_1033| slidemenusectionselectedbg.png| | 2,822| 03-Sep-2009| 04:02 \nppt.slideshownext| | | 3,090| 03-Sep-2009| 04:02 \nppt.slideshownext_1033| slideshownext.png| | 3,090| 03-Sep-2009| 04:02 \nppt.slideshowprev| | | 3,079| 03-Sep-2009| 04:02 \nppt.slideshowprev_1033| slideshowprev.png| | 3,079| 03-Sep-2009| 04:02 \nppt.stylesedit.css| | | 26,470| 22-Dec-2010| 01:09 \nppt.stylesedit.css_1033| stylesedit.css| | 26,470| 22-Dec-2010| 01:09 \nppt.stylesread.css| | | 20,876| 22-Dec-2010| 01:09 \nppt.stylesread.css_1033| stylesread.css| | 20,876| 22-Dec-2010| 01:09 \nppt.stylesview.css| | | 19,715| 22-Dec-2010| 01:09 \nppt.stylesview.css_1033| stylesview.css| | 19,715| 22-Dec-2010| 01:09 \nppt.tabfade.png| | | 132| 03-Sep-2009| 04:02 \nppt.tabfade.png_1033| tabfade.png| | 132| 03-Sep-2009| 04:02 \nppt.toolbarbg.png| | | 3,078| 03-Sep-2009| 04:02 \nppt.toolbarbg.png_1033| toolbarbg.png| | 3,078| 03-Sep-2009| 04:02 \nppt.usp10.dll| usp10.dll| 1.0626.7601.23883 (win7sp1_ldr.170803-0600)| 829,104| 27-Aug-2017| 09:08 \nppt.vdot.png| | | 138| 03-Sep-2009| 04:02 \nppt.vdot.png_1033| vdot.png| | 138| 03-Sep-2009| 04:02 \nppt.webconversion.dll| microsoft.office.server.powerpoint.core.webconversion.dll| 14.0.7152.5000| 105,640| 27-May-2015| 03:25 \npresentdisco.aspx| presentdisco.aspx| | 1,332| 12-Feb-2013| 10:32 \npresentwsdl.aspx| presentwsdl.aspx| | 10,911| 12-Feb-2013| 10:32 \nprinthandler.ashx| | | 207| 08-Dec-2010| 08:01 \nwac.autocorrectlist.1039.js| | | 8,184| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1069.js| | | 3,546| 12-Nov-2010| 11:50 \nwac.autocorrectlis
Security Updates for Microsoft Office Viewers (September 2017)
