Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(177217);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/27");

  script_cve_id("CVE-2023-28303");

  script_name(english:"Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse)");

  script_set_attribute(attribute:"synopsis", value:
"The remote windows host has an application installed that is affected by an information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11) 
where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the 
cropped image file.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   
number.");
  # https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad297874");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28303");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:snip_and_sketch");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "wmi_enum_windows_app_store.nbin");
  script_require_keys("SMB/Registry/Enumerated", "WMI/Windows App Store/Enumerated");
  script_require_ports(139, 445);

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var apps = ['Microsoft.ScreenSketch'];

var app_info = vcf::microsoft_appstore::get_app_info(app_list:apps);

vcf::check_granularity(app_info:app_info, sig_segments:3);

var constraints;
var host_os = get_kb_item('WMI/Host/OS');

if (host_os =~ 'Windows 10')
{
  constraints = [
    {'fixed_version': '10.2008.3001.0'}
  ];
} 
else if (host_os =~ 'Windows 11')
{
  constraints = [
    {'fixed_version': '11.2302.20.0'}
  ]; 
}

vcf::microsoft_appstore::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);