Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS18_JUN_PUBLISHER.NASL
HistoryJun 12, 2018 - 12:00 a.m.

Security Updates for Microsoft Publisher Products (June 2018)

2018-06-1200:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
427

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.293 Low

EPSS

Percentile

96.9%

JSON

The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :

  • An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. (CVE-2018-8245)
#
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include("compat.inc");

if (description)
{
  script_id(110500);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");

  script_cve_id("CVE-2018-8245");
  script_xref(name:"MSKB", value:"4011186");
  script_xref(name:"MSFT", value:"MS18-4011186");
  script_xref(name:"IAVA", value:"2018-A-0191-S");

  script_name(english:"Security Updates for Microsoft Publisher Products (June 2018)");
  script_summary(english:"Checks for Microsoft security updates.");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Publisher Products are missing a security update.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Publisher Products are missing a security
update. It is, therefore, affected by the following
vulnerability :

- An elevation of privilege vulnerability exists when
Microsoft Publisher fails to utilize features that lock
down the Local Machine zone when instantiating OLE
objects. An attacker who successfully exploited the
vulnerability could force arbitrary code to be executed
in the Local Machine zone.  (CVE-2018-8245)");
  # https://support.microsoft.com/en-us/help/4011186/description-of-the-security-update-for-publisher-2010-june-12-2018
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?21387e8c");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released KB4011186 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8245");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:publisher");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("office_installed.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
include("install_func.inc");

global_var bulletin, vuln;

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS18-06';
kbs = make_list("4011186");

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated", exit_code:1);

# Get path information for Windows.
windir = hotfix_get_systemroot();
if (isnull(windir)) exit(1, "Failed to determine the location of %windir%.");

registry_init();

vuln = FALSE;

######################################################################
# Publisher Checks
######################################################################
checks = make_array(
  "14.0", make_array("sp", 2, "version", "14.0.7210.5000", "kb", "4011186")
);
if (hotfix_check_office_product(product:"Publisher", checks:checks, bulletin:bulletin))
  vuln = TRUE;

if (vuln)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftpublishercpe:/a:microsoft:publisher

Related

mskb 1
cvelist 2
cve 2
mscve 1
prion 2
symantec 1
openvas 1
nvd 2
kaspersky 1
trendmicroblog 1
talosblog 1
mskb
mskb
Description of the security update for Publisher 2010: June 12, 2018
2018-06-12 07:00:00
cvelist
cvelist
CVE-2018-8245
2018-06-14 12:00:00
CVE-2018-8247
2018-06-14 12:00:00
cve
cve
CVE-2018-8245
2018-06-14 12:29:02
CVE-2018-8247
2018-06-14 12:29:02
mscve
mscve
Microsoft Publisher Remote Code Execution Vulnerability
2018-06-12 07:00:00
prion
prion
Remote code execution
2018-06-14 12:29:00
Privilege escalation
2018-06-14 12:29:00
symantec
symantec
Microsoft Office CVE-2018-8245 Privilege Escalation Vulnerability
2018-06-12 00:00:00
openvas
openvas
Microsoft Publisher 2010 Service Pack 2 Privilege Elevation Vulnerability (KB4011186)
2018-06-13 00:00:00
nvd
nvd
CVE-2018-8245
2018-06-14 12:29:02
CVE-2018-8247
2018-06-14 12:29:02
kaspersky
kaspersky
KLA11267 Multiple vulnerabilities in Microsoft Office
2018-06-12 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 11, 2018
2018-06-15 12:39:57
talosblog
talosblog
Microsoft Patch Tuesday - June 2018
2018-06-12 11:58:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.293 Low

EPSS

Percentile

96.9%

JSON
Related for SMB_NT_MS18_JUN_PUBLISHER.NASL
mskb1cvelist2cve2mscve1prion2symantec1openvas1nvd2kaspersky1trendmicroblog1talosblog1