Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone Networks GmbHOPENVAS:800861
HistoryAug 07, 2009 - 12:00 a.m.

Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability

2009-08-0700:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
10

EPSS

0.018

Percentile

88.1%

JSON

This host has Internet Explorer installed and is prone to Denial
of Service vulnerability.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ms_ie_findtext_dos_vuln_aug09.nasl 6527 2017-07-05 05:56:34Z cfischer $
#
# Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
#
# Authors:
# Sharath S <[email protected]>
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation could allow remote attackers to cause
the application to crash.

Impact Level: Application";

tag_affected = "Microsoft, Internet Explorer version 7.x/8.x";

tag_insight = "The flaw is due to error in mshtml.dll file and it can causes
while calling the JavaScript findText method with a crafted Unicode string in
the first argument, and only one additional argument, as demonstrated by a
second argument of -1.";

tag_solution = "No solution or patch was made available for at least one year
since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective
features, remove the product or replace the product by another one.";

tag_summary = "This host has Internet Explorer installed and is prone to Denial
of Service vulnerability.";

if(description)
{
  script_id(800861);
  script_version("$Revision: 6527 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-05 07:56:34 +0200 (Wed, 05 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-08-07 07:29:21 +0200 (Fri, 07 Aug 2009)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_cve_id("CVE-2009-2655");
  script_bugtraq_id(35799);
  script_name("Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability");
  script_xref(name : "URL" , value : "http://www.milw0rm.com/exploits/9253");

  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"executable_version");
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Denial of Service");
  script_dependencies("gb_ms_ie_detect.nasl");
  script_mandatory_keys("MS/IE/Version", "SMB/WinXP/ServicePack");
  script_require_ports(139, 445);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"solution_type", value:"WillNotFix");
  exit(0);
}


include("smb_nt.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

# Check for XP SP3
SP = get_kb_item("SMB/WinXP/ServicePack");
if("Service Pack 3" >< SP)
{
  # Get for Internet Explorer Version
  ieVer = get_kb_item("MS/IE/Version");
  # Check for IE 7/8
  if(ieVer =~ "^[7|8]\..*")
  {
    dllPath = registry_get_sz(item:"Install Path",
                              key:"SOFTWARE\Microsoft\COM3\Setup");
    dllPath += "\mshtml.dll";
    share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
    file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath);

    # Get for mshtml.dll Version
    mshtmlVer = GetVer(file:file, share:share);
    if(isnull(mshtmlVer))
      exit(0);

    # Check for DLL version 7.0 <= 7.0.6000.16890 or 8.0 <= 8.0.6001.18812
    if(version_in_range(version:mshtmlVer, test_version:"7.0",
                                          test_version2:"7.0.6000.16890")||
       version_in_range(version:mshtmlVer, test_version:"8.0",
                                          test_version2:"8.0.6001.18812")){
      security_message(0);
    }
  }
}

Related

prion 1
openvas 1
cvelist 1
checkpoint_advisories 1
cve 1
exploitdb 1
nvd 1
prion
prion
Code injection
2009-08-03 14:30:00
openvas
openvas
Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability
2009-08-07 00:00:00
cvelist
cvelist
CVE-2009-2655
2009-08-03 14:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer findText Unicode Parsing Denial of Service (CVE-2009-2655)
2011-01-19 00:00:00
cve
cve
CVE-2009-2655
2009-08-03 14:30:00
exploitdb
exploitdb
Microsoft Internet Explorer 7/8 - findText Unicode Parsing Crash
2009-07-24 00:00:00
nvd
nvd
CVE-2009-2655
2009-08-03 14:30:00

EPSS

0.018

Percentile

88.1%

JSON
Related for OPENVAS:800861
prion1openvas1cvelist1checkpoint_advisories1cve1exploitdb1nvd1