Lucene search
Copyright (C) 2017 Greenbone Networks GmbHOPENVAS:1361412562310811816HistorySep 13, 2017 - 12:00 a.m.
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040979)
2017-09-1300:00:00
Copyright (C) 2017 Greenbone Networks GmbH
plugins.openvas.org
28
0.97 High
EPSS
Percentile
99.7%
This host is missing an important security
update according to Microsoft KB4040979
###############################################################################
# OpenVAS Vulnerability Test
#
# Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040979)
#
# Authors:
# Rinu Kuriakose <[email protected]>
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.811816");
script_version("2020-06-04T12:11:49+0000");
script_cve_id("CVE-2017-8759");
script_bugtraq_id(100742);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)");
script_tag(name:"creation_date", value:"2017-09-13 09:32:37 +0530 (Wed, 13 Sep 2017)");
script_name("Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040979)");
script_tag(name:"summary", value:"This host is missing an important security
update according to Microsoft KB4040979");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw exists due to an improper
processing of untrusted input.");
script_tag(name:"impact", value:"Successful exploitation will allow
an attacker to take control of an affected system. An attacker could then
install programs, view, change, or delete data, or create new accounts with
full user rights. Users whose accounts are configured to have fewer user rights
on the system could be less impacted than users who operate with administrative
user rights.");
script_tag(name:"affected", value:"Microsoft .NET Framework 3.5 on Microsoft Windows Server 2012.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"executable_version");
script_xref(name:"URL", value:"https://support.microsoft.com/en-us/help/4040979");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
script_family("Windows : Microsoft Bulletins");
script_dependencies("smb_reg_service_pack.nasl");
script_require_ports(139, 445);
script_mandatory_keys("SMB/WindowsVersion");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(hotfix_check_sp(win2012:1) <= 0){
exit(0);
}
key = "SOFTWARE\Microsoft\ASP.NET\";
if(!registry_key_exists(key:key)){
exit(0);
}
foreach item (registry_enum_keys(key:key))
{
dotPath = registry_get_sz(key:key + item, item:"Path");
if(dotPath && "\Microsoft.NET\Framework" >< dotPath)
{
sysdllVer = fetch_file_version(sysPath:dotPath, file_name:"System.management.dll");
if(sysdllVer)
{
## .NET Framework 3.5
if(version_in_range(version:sysdllVer, test_version:"2.0.50727.5700", test_version2:"2.0.50727.8765"))
{
report = 'File checked: ' + dotPath + "\System.management.dll" + '\n' +
'File version: ' + sysdllVer + '\n' +
'Vulnerable range: 2.0.50727.5700 - 2.0.50727.8765\n' ;
security_message(data:report);
exit(0);
}
}
}
}
exit(0);
References
Related
checkpoint_advisories
checkpoint_advisories
Microsoft .NET Framework Remote Code Execution (CVE-2017-8759)
2017-09-12 00:00:00
myhack58
myhack58
Microsoft the Microsoft . NET Framework flaws vulnerability bug(CVE–2017–8759)alerts-a vulnerability alert-the black bar safety net
2017-09-15 00:00:00
openvas
openvas
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040975)
2017-09-13 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040980)
2017-09-13 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040981)
2017-09-13 00:00:00
symantec
symantec
mmpc
mmpc
mskb
mskb
talosblog
talosblog
Threat Round Up for December 29 - January 5
2018-01-05 11:46:00
SWEED: Exposing years of Agent Tesla campaigns
2019-07-16 05:47:33
Microsoft Patch Tuesday - September 2017
2017-09-12 15:41:00
trendmicroblog
trendmicroblog
This Week in Security News
2017-11-22 14:00:16
nessus
nessus
Security and Quality Rollup for .NET Framework (Sep 2017)
2017-09-12 00:00:00
Windows 2008 September 2017 Multiple Security Updates
2017-09-12 00:00:00
Windows Server 2012 September 2017 Security Updates
2017-09-12 00:00:00
cve
cve
CVE-2017-8759
2017-09-13 01:29:00
cisa_kev
cisa_kev
Microsoft .NET Framework Remote Code Execution Vulnerability
2021-11-03 00:00:00
kaspersky
kaspersky
KLA11101 Arbitrary code execution vulnerability in Microsoft .NET Framework
2017-09-12 00:00:00
cert
cert
prion
prion
Remote code execution
2017-09-13 01:29:00
zdt
zdt
Microsoft Windows .NET Framework - Remote Code Execution 0day Exploit
2017-09-13 00:00:00
msrc
msrc
CVE-2017-8759 のエクスプロイトの検出と無効化
2017-09-27 07:00:00
attackerkb
attackerkb
CVE-2017-8759
2017-09-13 00:00:00
packetstorm
packetstorm
Microsoft .NET Framework Remote Code Execution
2017-09-14 00:00:00
mscve
mscve
.NET Framework Remote Code Execution Vulnerability
2017-09-12 07:00:00
exploitpack
exploitpack
Microsoft Windows .NET Framework - Remote Code Execution
2017-09-13 00:00:00
mssecure
mssecure
exploitdb
exploitdb
Microsoft Windows .NET Framework - Remote Code Execution
2017-09-13 00:00:00
threatpost
threatpost
Attackers Use Microsoft Office Vulnerabilities to Spread Zyklon Malware
2018-01-17 18:26:01
Adobe Patches Flash Zero Day Exploited by Black Oasis APT
2017-10-16 11:46:13
Microsoft Patches .NET Zero Day Vulnerability in September Update
2017-09-12 15:59:40
thn
thn
Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware
2018-01-17 07:25:00
Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware
2017-10-16 04:52:00
Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware
2017-09-13 00:09:00
fireeye
fireeye
securelist
securelist
Threat Landscape for Industrial Automation Systems in H2 2017
2018-03-26 10:00:27
IT threat evolution Q3 2017. Statistics
2017-11-10 10:45:04
BlackOasis APT and new targeted attacks leveraging zero-day exploit
2017-10-16 14:28:47
krebs
krebs
Adobe, Microsoft Plug Critical Security Holes
2017-09-13 16:42:30
seebug
seebug
malwarebytes
malwarebytes
PSA: New Microsoft Word 0day used in the wild
2017-09-13 22:49:19
Decoy Microsoft Word document delivers malware through a RAT
2017-10-13 15:00:41
canvas
canvas
Immunity Canvas: OFFICE_WSDL
2017-09-13 01:29:00
qualysblog
qualysblog
September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches
2017-09-12 18:23:49
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
2019-12-27 18:01:22
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
ics
ics
Top 10 Routinely Exploited Vulnerabilities
2020-05-12 12:00:00