Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone Networks GmbHOPENVAS:801488
HistoryJan 10, 2011 - 12:00 a.m.

Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)

2011-01-1000:00:00
Copyright (C) 2011 Greenbone Networks GmbH
plugins.openvas.org
4

0.73 High

EPSS

Percentile

97.8%

JSON

This host is missing a critical security update according to
Microsoft Bulletin MS08-024.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ms08-024.nasl 6526 2017-07-05 05:43:52Z cfischer $
#
# Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_id(801488);
  script_version("$Revision: 6526 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-05 07:43:52 +0200 (Wed, 05 Jul 2017) $");
  script_tag(name:"creation_date", value:"2011-01-10 14:22:58 +0100 (Mon, 10 Jan 2011)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2008-1085");
  script_bugtraq_id(28552);
  script_name("Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/27707");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2008/1148/references");
  script_xref(name : "URL" , value : "http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx");

  script_tag(name:"qod_type", value:"executable_version");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("gb_ms_ie_detect.nasl");
  script_mandatory_keys("MS/IE/Version");
  script_require_ports(139, 445);

  script_tag(name : "impact" , value : "Successful exploitation will allow attacker to execute arbitrary code with
  the privileges of the application. Failed attacks may cause denial-of-service
  conditions.
  Impact Level: System/Application");
  script_tag(name : "affected" , value : "Microsoft Internet Explorer version 5.x/6.x/7.x");
  script_tag(name : "insight" , value : "The flaw is due to a memory corruption error in Internet Explorer when
  processing specially crafted data streams.");
  script_tag(name : "solution" , value : "Run Windows Update and update the listed hotfixes or download and
  update mentioned hotfixes in the advisory from the below link,
  http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx");
  script_tag(name : "summary" , value : "This host is missing a critical security update according to
  Microsoft Bulletin MS08-024.");
  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp(xp:4, win2k:5, win2003:3, winVista:2, win2008:2) <= 0){
  exit(0);
}

ieVer = get_kb_item("MS/IE/Version");
if(!ieVer){
  exit(0);
}

# MS08-024 Hotfix (947864)
if(hotfix_missing(name:"947864") == 0){
    exit(0);
}

## Get System32 path
sysPath = smb_get_system32root();
if(sysPath)
{
  vers = fetch_file_version(sysPath, file_name:"mshtml.dll");
  if(vers)
  {
    if(hotfix_check_sp(win2k:5) > 0)
    {
      # Check for mshtml.dll version 5.0 < 5.0.3862.1500, 6.0 < 6.0.2800.1609
      if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3862.1499") ||
         version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1608")){
         security_message(0);
      }
      exit(0);
    }

    else if(hotfix_check_sp(xp:4) > 0)
    {
      SP = get_kb_item("SMB/WinXP/ServicePack");
      if("Service Pack 2" >< SP)
      {
        # Check for mshtml.dll version 6.0 < 6.0.2900.3314, 7.0 < 7.0.6000.16640
        if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3313") ||
           version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16639")){
          security_message(0);
        }
        exit(0);
      }
    }

    else if(hotfix_check_sp(win2003:3) > 0)
    {
      SP = get_kb_item("SMB/Win2003/ServicePack");
      if("Service Pack 1" >< SP)
      {
        # Check for mshtml.dll version 6.0 < 6.0.3790.3091
        if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.3090")){
          security_message(0);
        }
        exit(0);
      }

      if("Service Pack 2" >< SP)
      {
        # Check for mshtml.dll version 6.0 < 6.0.3790.4237, 7.0 < 7.0.6000.16640
        if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4236") ||
           version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16639")){
          security_message(0);
        }
        exit(0);
      }
    }
  }
}

## Get System Path
sysPath = smb_get_system32root();
if(!sysPath){
  exit(0);
}

dllVer = fetch_file_version(sysPath, file_name:"mshtml.dll");
if(dllVer)
{
  # Windows Vista
  if(hotfix_check_sp(winVista:3) > 0)
  {
    SP = get_kb_item("SMB/WinVista/ServicePack");
    if("Service Pack 1" >< SP)
    {
      # Grep for mshtml.dll version
      if(version_in_range(version:dllVer, test_version:"7.0", test_version2:"7.0.6001.18022")){
        security_message(0);
      }
      exit(0);
    }
  }

  # Windows Server 2008
  else if(hotfix_check_sp(win2008:3) > 0)
  {
    SP = get_kb_item("SMB/Win2008/ServicePack");
    if("Service Pack 1" >< SP)
    {
      # Grep for mshtml.dll version
      if(version_in_range(version:dllVer, test_version:"7.0", test_version2:"7.0.6001.18022")){
         security_message(0);
      }
      exit(0);
    }
  }
}

Related

checkpoint_advisories 1
seebug 2
mskb 1
securityvulns 3
prion 1
nessus 1
cve 1
openvas 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer Data Stream Handling Memory Corruption (MS08-024; CVE-2008-1085)
2009-10-04 00:00:00
seebug
seebug
Microsoft Windows DNS客户端可预测事件处理ID漏洞(MS08-020)
2008-04-10 00:00:00
Microsoft IE数据流处理远程代码执行漏洞(MS08-024)
2008-04-10 00:00:00
mskb
mskb
MS08-024: Cumulative security update for Internet Explorer
2018-04-17 20:27:56
securityvulns
securityvulns
Microsoft Security Bulletin MS08-024 - Critical Cumulative Security Update for Internet Explorer &#40;947864&#41;
2008-04-08 00:00:00
Secunia Research: Internet Explorer Data Stream Handling Vulnerability
2008-04-15 00:00:00
Microsoft Internet Explorer memory corruption
2008-04-15 00:00:00
prion
prion
Design/Logic Flaw
2008-04-08 23:05:00
nessus
nessus
MS08-024: Cumulative Security Update for Internet Explorer (947864)
2008-04-08 00:00:00
cve
cve
CVE-2008-1085
2008-04-08 23:05:00
openvas
openvas
Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
2011-01-10 00:00:00

0.73 High

EPSS

Percentile

97.8%

JSON
Related for OPENVAS:801488
checkpoint_advisories1seebug2mskb1securityvulns3prion1nessus1cve1openvas1