ID VMWARE_MOVIE_DECODER_9_0.NASL Type nessus Reporter Tenable Modified 2012-12-02T00:00:00
Description
The version of VMware Movie Decoder installed on the remote host is earlier than 9.0 and is, therefore, affected by a DLL loading vulnerability.
This issue potentially allows for a local attacker to execute custom code by writing a malicious executable into the same directory as the VMware Movie Installer.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(63113);
script_version("$Revision: 1.2 $");
script_cvs_date("$Date: 2012/12/02 00:40:05 $");
script_cve_id("CVE-2012-4897");
script_bugtraq_id(55802);
script_osvdb_id(85957);
script_xref(name:"VMSA", value:"2012-0014");
script_name(english:"VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)");
script_summary(english:"Checks file version of vmnc.dll");
script_set_attribute(attribute:"synopsis", value:
"The movie decoder installed on the remote Windows host is affected by a
DLL loading vulnerability.");
script_set_attribute( attribute:"description", value:
"The version of VMware Movie Decoder installed on the remote host is
earlier than 9.0 and is, therefore, affected by a DLL loading
vulnerability.
This issue potentially allows for a local attacker to execute custom
code by writing a malicious executable into the same directory as the
VMware Movie Installer.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2012-0014.html");
script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2012/000192.html");
script_set_attribute(attribute:"solution", value:"Upgrade to VMware Movie Decoder 9.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/04");
script_set_attribute(attribute:"patch_publication_date", value:"2012/10/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:movie_decoder");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2012 Tenable Network Security, Inc.");
script_dependencies("vmware_movie_decoder_detect.nasl");
script_require_keys("SMB/VMware Movie Decoder/Installed");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
file = get_kb_item_or_exit("SMB/VMware Movie Decoder/File");
version = get_kb_item_or_exit("SMB/VMware Movie Decoder/Version");
fixed_version = '9.0';
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)
{
port = get_kb_item('SMB/transport');
if (report_verbosity > 0)
{
report +=
'\n File : ' + file +
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed_version +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port:port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Movie Decoder", version, file);
{"hash": "c72a22a6f775c08160b304c3da09d90a78b934ff2b6ee3bb5b90035530001a70", "naslFamily": "Windows", "id": "VMWARE_MOVIE_DECODER_9_0.NASL", "lastseen": "2017-10-29T13:45:33", "viewCount": 2, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "a7fca2470c75d28a13dd5f37bcdd7cee", "key": "cpe"}, {"hash": "4cca910dcf2f07b42fbd097d6215e8dc", "key": "cvelist"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "1fb365a98e1bdcb7df19adcf6412f8c0", "key": "description"}, {"hash": "f3b667ca98ce2a825367abc74d2bf7f9", "key": "href"}, {"hash": "5743fcbd9430b2d4e6ec1c74c52b1b01", "key": "modified"}, {"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "5e946476809f30de607f5b0b47ac49a4", "key": "pluginID"}, {"hash": "db744140e649d5b095b38bd0f7a39d65", "key": "published"}, {"hash": "e5d13e090cfef1b7d1f6aace926cd69c", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e0d0d7c2869d9bad97b4529d4b31f49c", "key": "sourceData"}, {"hash": "7b7a68d1109f1de0ee5c271828696c78", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["cpe:/a:vmware:movie_decoder"], "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 2, "enchantments": {"vulnersScore": 7.2}, "type": "nessus", "description": "The version of VMware Movie Decoder installed on the remote host is earlier than 9.0 and is, therefore, affected by a DLL loading vulnerability. \n\nThis issue potentially allows for a local attacker to execute custom code by writing a malicious executable into the same directory as the VMware Movie Installer.", "title": "VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)", "history": [{"bulletin": {"hash": "423c7e85dd51cf6975fe41b214813b81f04beb245f91a6f4f1572eb94a318904", "naslFamily": "Windows", "edition": 1, "lastseen": "2016-09-26T17:26:38", "enchantments": {}, "hashmap": [{"hash": "aea23489ce3aa9b6406ebb28e0cda430", "key": "naslFamily"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d13e090cfef1b7d1f6aace926cd69c", "key": "references"}, {"hash": "f3b667ca98ce2a825367abc74d2bf7f9", "key": "href"}, {"hash": "4cca910dcf2f07b42fbd097d6215e8dc", "key": "cvelist"}, {"hash": "7b7a68d1109f1de0ee5c271828696c78", "key": "title"}, {"hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "db744140e649d5b095b38bd0f7a39d65", "key": "published"}, {"hash": "5743fcbd9430b2d4e6ec1c74c52b1b01", "key": "modified"}, {"hash": "5e946476809f30de607f5b0b47ac49a4", "key": "pluginID"}, {"hash": "e0d0d7c2869d9bad97b4529d4b31f49c", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "1fb365a98e1bdcb7df19adcf6412f8c0", "key": "description"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "VMWARE_MOVIE_DECODER_9_0.NASL", "type": "nessus", "description": "The version of VMware Movie Decoder installed on the remote host is earlier than 9.0 and is, therefore, affected by a DLL loading vulnerability. \n\nThis issue potentially allows for a local attacker to execute custom code by writing a malicious executable into the same directory as the VMware Movie Installer.", "viewCount": 2, "title": "VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2012-4897"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63113);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2012/12/02 00:40:05 $\");\n\n script_cve_id(\"CVE-2012-4897\");\n script_bugtraq_id(55802);\n script_osvdb_id(85957);\n script_xref(name:\"VMSA\", value:\"2012-0014\");\n\n script_name(english:\"VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)\");\n script_summary(english:\"Checks file version of vmnc.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The movie decoder installed on the remote Windows host is affected by a\nDLL loading vulnerability.\");\n script_set_attribute( attribute:\"description\", value:\n\"The version of VMware Movie Decoder installed on the remote host is\nearlier than 9.0 and is, therefore, affected by a DLL loading\nvulnerability. \n\nThis issue potentially allows for a local attacker to execute custom\ncode by writing a malicious executable into the same directory as the\nVMware Movie Installer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0014.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000192.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to VMware Movie Decoder 9.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:movie_decoder\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_movie_decoder_detect.nasl\");\n script_require_keys(\"SMB/VMware Movie Decoder/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nfile = get_kb_item_or_exit(\"SMB/VMware Movie Decoder/File\");\nversion = get_kb_item_or_exit(\"SMB/VMware Movie Decoder/Version\");\n\nfixed_version = '9.0';\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n port = get_kb_item('SMB/transport');\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n File : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port:port);\n} \nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Movie Decoder\", version, file);\n", "published": "2012-11-30T00:00:00", "pluginID": "63113", "references": ["https://www.vmware.com/security/advisories/VMSA-2012-0014.html", "http://lists.vmware.com/pipermail/security-announce/2012/000192.html"], "reporter": "Tenable", "modified": "2012-12-02T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63113"}, "lastseen": "2016-09-26T17:26:38", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2012-4897"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63113);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2012/12/02 00:40:05 $\");\n\n script_cve_id(\"CVE-2012-4897\");\n script_bugtraq_id(55802);\n script_osvdb_id(85957);\n script_xref(name:\"VMSA\", value:\"2012-0014\");\n\n script_name(english:\"VMware Movie Decoder < 9.0 Path Subversion Arbitrary DLL Injection Code Execution (VMSA-2012-0014)\");\n script_summary(english:\"Checks file version of vmnc.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The movie decoder installed on the remote Windows host is affected by a\nDLL loading vulnerability.\");\n script_set_attribute( attribute:\"description\", value:\n\"The version of VMware Movie Decoder installed on the remote host is\nearlier than 9.0 and is, therefore, affected by a DLL loading\nvulnerability. \n\nThis issue potentially allows for a local attacker to execute custom\ncode by writing a malicious executable into the same directory as the\nVMware Movie Installer.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2012-0014.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2012/000192.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to VMware Movie Decoder 9.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:movie_decoder\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_movie_decoder_detect.nasl\");\n script_require_keys(\"SMB/VMware Movie Decoder/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nfile = get_kb_item_or_exit(\"SMB/VMware Movie Decoder/File\");\nversion = get_kb_item_or_exit(\"SMB/VMware Movie Decoder/Version\");\n\nfixed_version = '9.0';\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n port = get_kb_item('SMB/transport');\n\n if (report_verbosity > 0)\n {\n report +=\n '\\n File : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port:port);\n} \nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Movie Decoder\", version, file);\n", "published": "2012-11-30T00:00:00", "pluginID": "63113", "references": ["https://www.vmware.com/security/advisories/VMSA-2012-0014.html", "http://lists.vmware.com/pipermail/security-announce/2012/000192.html"], "reporter": "Tenable", "modified": "2012-12-02T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63113"}
{"result": {"cve": [{"id": "CVE-2012-4897", "type": "cve", "title": "CVE-2012-4897", "description": "Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory.", "published": "2012-10-05T13:55:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4897", "cvelist": ["CVE-2012-4897"], "lastseen": "2017-08-29T12:17:48"}], "vmware": [{"id": "VMSA-2012-0014", "type": "vmware", "title": "VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", "description": "a. VMware Movie Decoder Installer binary planting vulnerability \nThe installer of the VMware Movie Decoder has a binary planting vulnerability. An attacker who can write their malicious executable to the same folder as where the installer of the Movie Decoder is located may be able to run their code when the installation is started. \nVMware would like to thank Mitja Kolsek of ACROS Security for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4897 to this issue. \n\n", "published": "2012-10-04T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2012-0014.html", "cvelist": ["CVE-2012-4897", "CVE-2012-5051", "CVE-2012-5050"], "lastseen": "2016-09-04T11:19:41"}]}}
