Lucene search
Copyright (C) 2010 LSSOPENVAS:1361412562310102059HistoryJul 08, 2010 - 12:00 a.m.
Microsoft Windows Vector Markup Language Buffer Overflow (938127)
2010-07-0800:00:00
Copyright (C) 2010 LSS
plugins.openvas.org
8
This security update resolves a privately reported vulnerability in the
Vector Markup Language (VML) implementation in Windows. The
vulnerability could allow remote code execution if a user viewed a
specially crafted Web page using Internet Explorer.
Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.
# SPDX-FileCopyrightText: 2010 LSS
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.102059");
script_version("2023-08-01T13:29:10+0000");
script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
script_tag(name:"creation_date", value:"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)");
script_cve_id("CVE-2007-1749");
script_name("Microsoft Windows Vector Markup Language Buffer Overflow (938127)");
script_xref(name:"URL", value:"http://research.eeye.com/html/advisories/published/AD20070814a.html");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/25310");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-050");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 LSS");
script_family("Windows : Microsoft Bulletins");
script_dependencies("gb_ms_ie_detect.nasl");
script_require_ports(139, 445);
script_mandatory_keys("MS/IE/Version");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"summary", value:"This security update resolves a privately reported vulnerability in the
Vector Markup Language (VML) implementation in Windows. The
vulnerability could allow remote code execution if a user viewed a
specially crafted Web page using Internet Explorer.
Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(hotfix_check_sp(win2k:5, xp:4, win2003:3, winVista:3) <= 0){
exit(0);
}
ieVer = get_kb_item("MS/IE/Version");
if(!ieVer){
exit(0);
}
# MS07-050 Hotfix (938127)
if(hotfix_missing(name:"938127") == 0){
exit(0);
}
dllPath = registry_get_sz(item:"CommonFilesDir", key:"SOFTWARE\Microsoft\Windows\CurrentVersion");
dllPath += "\Microsoft Shared\VGX\vgx.dll";
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath);
vers = GetVer(file:file, share:share);
if(!vers){
exit(0);
}
#CVE-2007-1749
if(hotfix_check_sp(win2k:5) > 0)
{
SP = get_kb_item("SMB/Win2K/ServicePack");
if("Service Pack 4" >< SP)
{
if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3854.2499") ||
version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1598")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
}
else if(hotfix_check_sp(xp:4) > 0)
{
SP = get_kb_item("SMB/WinXP/ServicePack");
if("Service Pack 2" >< SP)
{
if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3163") ||
version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.20627")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
}
else if(hotfix_check_sp(win2003:3) > 0)
{
SP = get_kb_item("SMB/Win2003/ServicePack");
if("Service Pack 1" >< SP)
{
if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.2962") ||
version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.20627")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
else if("Service Pack 2" >< SP)
{
if( version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4106") ||
version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.20627")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
}
else if(hotfix_check_sp(vista:2) > 0)
{
SP = get_kb_item("SMB/WinVista/ServicePack");
if("Service Pack 0" >< SP)
{
if(version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16512"))
{
security_message( port: 0, data: "The target host was found to be vulnerable" );
exit(0);
}
}
}
exit(99);
Related
nessus
nessus
securityvulns
securityvulns
seebug
seebug
Microsoft IE向量标记语言VGX.DLL远程堆溢出漏洞(MS07-050)
2007-08-17 00:00:00
openvas
openvas
Microsoft Windows Vector Markup Language Buffer Overflow (938127)
2010-07-08 00:00:00
prion
prion
Integer overflow
2007-08-14 22:17:00
cvelist
cvelist
CVE-2007-1749
2007-08-14 22:00:00
cve
cve
CVE-2007-1749
2007-08-14 22:17:00
checkpoint_advisories
checkpoint_advisories
cert
cert
Microsoft Windows VML compressed content integer underflow
2007-08-14 00:00:00
7.2 High
AI Score
Confidence
Low
0.95 High
EPSS
Percentile
99.3%
Related for OPENVAS:1361412562310102059