Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms12-002.nasl 5341 2017-02-18 16:59:12Z cfi $
#
# Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright:
# Copyright (c) 2012 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation could allow attackers to execute arbitrary code with
  the privileges of the user running the affected application. Failed exploit
  attempts will result in a denial-of-service condition.
  Impact Level: System";
tag_affected = "Windows Windows XP Service Pack 3 and prior.
  Microsoft Windows 2003 Service Pack 2 and prior.";
tag_insight = "The flaw is due to the way that Windows registers and uses Windows
  Object Packager. This can be exploited to load an executable file
  (packager.exe) in an insecure manner by tricking a user into opening a
  Publisher file '.pub' containing an embedded packaged object located on a
  remote WebDAV or SMB share.";
tag_solution = "Run Windows Update and update the listed hotfixes or download and
  update mentioned hotfixes in the advisory from the below link,
  http://technet.microsoft.com/en-us/security/bulletin/ms12-002";
tag_summary = "This host is missing an important security update according to
  Microsoft Bulletin MS12-002.";

if(description)
{
  script_id(902784);
  script_version("$Revision: 5341 $");
  script_bugtraq_id(51297);
  script_cve_id("CVE-2012-0009");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-02-18 17:59:12 +0100 (Sat, 18 Feb 2017) $");
  script_tag(name:"creation_date", value:"2012-01-11 10:54:36 +0530 (Wed, 11 Jan 2012)");
  script_name("Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/45189/");
  script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1026494");
  script_xref(name : "URL" , value : "http://technet.microsoft.com/en-us/security/bulletin/ms12-002");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 SecPod");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_reg_enum.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");

  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("secpod_reg.inc");

## Check for OS and Service Pack
if(hotfix_check_sp(xp:4, win2003:3) <= 0){
  exit(0);
}

## MS12-002 Hotfix 2603381
## File information is not available
## Checking for hotfix only
if(hotfix_missing(name:"2603381") == 1){
  security_message(0);
}