Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 SecPodOPENVAS:902377
HistoryJun 15, 2011 - 12:00 a.m.

Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)

2011-06-1500:00:00
Copyright (C) 2011 SecPod
plugins.openvas.org
10

0.536 Medium

EPSS

Percentile

97.3%

JSON

This host is missing a critical security update according to
Microsoft Bulletin MS11-038.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms11-038.nasl 5362 2017-02-20 12:46:39Z cfi $
#
# Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation could allow attackers to execute arbitrary code in the
  context of the user running the application, which can compromise the
  application and possibly the computer.
  Impact Level: System/Application";
tag_affected = "Microsoft Windows 7 Service Pack 1 and prior
  Microsoft Windows XP Service Pack 3 and prior
  Microsoft Windows 2K3 Service Pack 2 and prior
  Microsoft Windows Vista Service Pack 2 and prior
  Microsoft Windows Server 2008 Service Pack 2 and prior";
tag_insight = "The flaw is due to an error in Object Linking and Embedding (OLE)
  Automation (oleaut32.dll) when parsing a Windows Metafile (WMF) images.";
tag_solution = "Run Windows Update and update the listed hotfixes or download and
  update mentioned hotfixes in the advisory from the below link,
  http://www.microsoft.com/technet/security/bulletin/MS11-038.mspx";
tag_summary = "This host is missing a critical security update according to
  Microsoft Bulletin MS11-038.";

if(description)
{
  script_id(902377);
  script_version("$Revision: 5362 $");
  script_tag(name:"last_modification", value:"$Date: 2017-02-20 13:46:39 +0100 (Mon, 20 Feb 2017) $");
  script_tag(name:"creation_date", value:"2011-06-15 15:55:00 +0200 (Wed, 15 Jun 2011)");
  script_cve_id("CVE-2011-0658");
  script_bugtraq_id(48174);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/44733/");
  script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2476490");
  script_xref(name : "URL" , value : "http://www.microsoft.com/technet/security/bulletin/MS11-037.mspx");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_reg_enum.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");

  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

## Check for OS and Service Pack
if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
  exit(0);
}

## MS11-038 Hotfix
if((hotfix_missing(name:"2476490") == 0)){
  exit(0);
}

## Get System Path
sysPath = smb_get_systemroot();
if(!sysPath ){
  exit(0);
}

## Get 'Oleaut32.dll' file Version 
dllVer = fetch_file_version(sysPath, file_name:"system32\Oleaut32.dll");
if(!dllVer){
  exit(0);
}

## Windows XP
if(hotfix_check_sp(xp:4) > 0)
{
  SP = get_kb_item("SMB/WinXP/ServicePack");
  if("Service Pack 3" >< SP)
  {
    ## Check for Oleaut32.dll version
    if(version_is_less(version:dllVer, test_version:"5.1.2600.6058")){
      security_message(0);
    }
    exit(0);
  }
  security_message(0);
}

## Windows 2003
else if(hotfix_check_sp(win2003:3) > 0)
{
  SP = get_kb_item("SMB/Win2003/ServicePack");
  if("Service Pack 2" >< SP)
  {
    ## Check for Oleaut32.dll version
    if(version_is_less(version:dllVer, test_version:"5.2.3790.4807")){
      security_message(0);
    }
   exit(0);
  }
  security_message(0);
}

## Windows Vista and Windows Server 2008
else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
{
  SP = get_kb_item("SMB/WinVista/ServicePack");

  if(!SP) {
    SP = get_kb_item("SMB/Win2008/ServicePack");
  }

  if("Service Pack 1" >< SP)
  {
    ## Check for Oleaut32.dll version
    if(version_in_range(version:dllVer, test_version:"6.0.6001.18000", test_version2:"6.0.6001.18564")||
       version_in_range(version:dllVer, test_version:"6.0.6001.22000", test_version2:"6.0.6001.22815")){
      security_message(0);
    }
    exit(0);
  }

  if("Service Pack 2" >< SP)
  {
    ## Check for Oleaut32.dll version
    if(version_in_range(version:dllVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18356")||
       version_in_range(version:dllVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22550")){
      security_message(0);
    }
    exit(0);
  }
  security_message(0);
}

## Windows 7
else if(hotfix_check_sp(win7:2) > 0)
{
  ## Check for Oleaut32.dll version
  if(version_is_less(version:dllVer, test_version:"6.1.7600.16722")||
     version_in_range(version:dllVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.20860")||
     version_in_range(version:dllVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17566")||
     version_in_range(version:dllVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21668")){
    security_message(0);
  }
}

Related

cve 1
openvas 1
securityvulns 2
checkpoint_advisories 1
nessus 1
prion 1
seebug 1
cve
cve
CVE-2011-0658
2011-06-16 20:55:00
openvas
openvas
Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)
2011-06-15 00:00:00
securityvulns
securityvulns
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability &#40;MS11-038&#41;
2011-06-19 00:00:00
Microsoft Windows multiple security vulnerabilities
2011-06-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows OLEAUT32.DLL WMF File Remote Code Excution (MS11-038; CVE-2011-0658)
2011-06-14 00:00:00
nessus
nessus
MS11-038: Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
2011-06-15 00:00:00
prion
prion
Integer overflow
2011-06-16 20:55:00
seebug
seebug
Microsoft对象链接和嵌入(OLE)自动化WMF文件远程代码执行漏洞
2011-06-16 00:00:00

0.536 Medium

EPSS

Percentile

97.3%

JSON
Related for OPENVAS:902377
cve1openvas1securityvulns2checkpoint_advisories1nessus1prion1seebug1