Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS23_MAY_AV1.NASLHistoryMay 09, 2023 - 12:00 a.m.
Microsoft Windows AV1 Video Extensions RCE (May 2023)
2023-05-0900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
microsoft windows
av1 video extension
rce
remote code execution
microsoft store
vulnerability
unauthorized commands
authentication bypass
8.4 High
AI Score
Confidence
High
The Windows ‘AV1 Video Extension’ app installed on the remote host is affected by remote code execution vulnerability.
An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(175334);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/27");
script_cve_id("CVE-2023-29340");
script_name(english:"Microsoft Windows AV1 Video Extensions RCE (May 2023)");
script_set_attribute(attribute:"synopsis", value:
"The Windows app installed on the remote host is affected by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The Windows 'AV1 Video Extension' app installed on the remote host is affected by remote code execution vulnerability.
An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29340");
script_set_attribute(attribute:"solution", value:
"Upgrade to app version 1.1.51091.0 or later via the Microsoft Store.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-29340");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/09");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "wmi_enum_windows_app_store.nbin");
script_require_keys("SMB/Registry/Enumerated", "WMI/Windows App Store/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var apps = ['Microsoft.AV1VideoExtension'];
var app_info = vcf::microsoft_appstore::get_app_info(app_list:apps);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
{ 'fixed_version' : '1.1.51091.0' }
];
vcf::microsoft_appstore::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Related
cvelist
cvelist
CVE-2023-29340 AV1 Video Extension Remote Code Execution Vulnerability
2023-05-09 17:03:04
prion
prion
Remote code execution
2023-05-09 18:15:00
mscve
mscve
AV1 Video Extension Remote Code Execution Vulnerability
2023-05-09 07:00:00
cve
cve
CVE-2023-29340
2023-05-09 18:15:13
kaspersky
kaspersky
KLA49154 Multiple vulnerabilities in Microsoft Windows
2023-05-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - May 2023
2023-05-09 20:02:02