Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
2013-01-09T00:00:00
ID OPENVAS:902940 Type openvas Reporter Copyright (C) 2013 SecPod Modified 2017-02-20T00:00:00
Description
This host is missing an important security update according to
Microsoft Bulletin MS13-004.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms13-007.nasl 5365 2017-02-20 13:46:09Z cfi $
#
# Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (c) 2013 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will allow an attacker to execute arbitrary code
and cause a DoS (Denial of Service).
Impact Level: System/Application";
tag_affected = "Microsoft .NET Framework 3.5, 3.5.1 and 4";
tag_insight = "The flaw is due to an error within the WCF 'Replace()' function when handling
Open Data Protocol (OData) data and can be exploited to exhaust system
resources.";
tag_solution = "Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-007";
tag_summary = "This host is missing an important security update according to
Microsoft Bulletin MS13-004.";
if(description)
{
script_id(902940);
script_version("$Revision: 5365 $");
script_cve_id("CVE-2013-0005");
script_bugtraq_id(57141);
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"last_modification", value:"$Date: 2017-02-20 14:46:09 +0100 (Mon, 20 Feb 2017) $");
script_tag(name:"creation_date", value:"2013-01-09 12:59:12 +0530 (Wed, 09 Jan 2013)");
script_name("Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)");
script_xref(name : "URL" , value : "http://secunia.com/advisories/51772/");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736416");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736428");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736418");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736422");
script_xref(name : "URL" , value : "http://technet.microsoft.com/en-us/security/bulletin/ms13-007");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 SecPod");
script_family("Windows : Microsoft Bulletins");
script_dependencies("secpod_reg_enum.nasl");
script_require_ports(139, 445);
script_mandatory_keys("SMB/WindowsVersion");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
## Variables Initialization
key = "";
item = "";
path = "";
dllVer = "";
## Check for OS and Service Pack
if(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,
win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){
exit(0);
}
## Confirm .NET
key = "SOFTWARE\Microsoft\ASP.NET\";
if(registry_key_exists(key:key))
{
## Try to Get Version
foreach item (registry_enum_keys(key:key))
{
path = registry_get_sz(key:key + item, item:"Path");
if(path && "\Microsoft.NET\Framework" >< path)
{
## Get version from System.dll file
dllVer = fetch_file_version(sysPath:path, file_name:"System.Data.Services.dll");
if(dllVer)
{
## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,
## Windows 7 and and Windows Server 2008 R2
if(version_in_range(version:dllVer, test_version:"4.0.30319.100", test_version2:"4.0.30319.296")||
version_in_range(version:dllVer, test_version:"4.0.30319.500", test_version2:"4.0.30319.586"))
{
security_message(0);
exit(0);
}
}
}
}
}
## Get .NET Framework 3.0 Service Pack 2 Version
key = "SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.5";
if(registry_key_exists(key:key))
{
path = registry_get_sz(key:key, item:"All Assemblies In");
if(path){
dllv3 = fetch_file_version(sysPath:path, file_name:"System.Data.Services.dll");
}
}
if(!dllv3){
exit(0);
}
## .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,
## Windows Vista, and Windows Server 2008
if((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&
(version_in_range(version:dllv3, test_version:"3.5.30729.4000", test_version2:"3.5.30729.4038")||
version_in_range(version:dllv3, test_version:"3.5.30729.5000", test_version2:"3.5.30729.5850")))
{
security_message(0);
exit(0);
}
## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2
if((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&
(version_in_range(version:dllv3, test_version:"3.5.30729.5000", test_version2:"3.5.30729.5005")||
version_in_range(version:dllv3, test_version:"3.5.30729.5800", test_version2:"3.5.30729.5830")||
version_in_range(version:dllv3, test_version:"3.5.30729.5400", test_version2:"3.5.30729.5450")))
{
security_message(0);
exit(0);
}
{"bulletinFamily": "scanner", "viewCount": 1, "naslFamily": "Windows : Microsoft Bulletins", "reporter": "Copyright (C) 2013 SecPod", "references": ["http://secunia.com/advisories/51772/", "http://support.microsoft.com/kb/2736418", "http://technet.microsoft.com/en-us/security/bulletin/ms13-007", "http://support.microsoft.com/kb/2736428", "http://support.microsoft.com/kb/2736422", "http://support.microsoft.com/kb/2736416"], "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-004.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "4df8ca40382012dbcaa71b491fc5aa17"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "6ce2784f4d0bd1ee3cba22e53aa53142"}, {"key": "href", "hash": "79ebec2c642275295d17d3b3c26adb4a"}, {"key": "modified", "hash": "c2eea933d97966be19ceab275cbda399"}, {"key": "naslFamily", "hash": "c9898bc973bfffca5119f1a3bfa73a8d"}, {"key": "pluginID", "hash": "5ff5e6c9b54d62d075de1f28a726d3ef"}, {"key": "published", "hash": "1fab6a3ea377099125ae6a26bc645d40"}, {"key": "references", "hash": "d6827502bb99c754ac725ea98565bc6d"}, {"key": "reporter", "hash": "487ccde933a3e5727ddaae379a55a850"}, {"key": "sourceData", "hash": "18e0bbafd68839c98bde74cba2709931"}, {"key": "title", "hash": "1503a44a0b70d37c02c31a79f3a945fb"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=902940", "modified": "2017-02-20T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2017-07-02T21:11:13"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0005"]}, {"type": "symantec", "idList": ["SMNTC-57141"]}, {"type": "nessus", "idList": ["SMB_NT_MS13-007.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310902940"]}, {"type": "mskb", "idList": ["KB2769327"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12817"]}], "modified": "2017-07-02T21:11:13"}, "vulnersScore": 7.3}, "id": "OPENVAS:902940", "title": "Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)", "hash": "56e1d8d63374f84c04447a7096480e3c655a63633101e3464f7a78458832bacd", "edition": 1, "published": "2013-01-09T00:00:00", "type": "openvas", "history": [], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "cvelist": ["CVE-2013-0005"], "lastseen": "2017-07-02T21:11:13", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-007.nasl 5365 2017-02-20 13:46:09Z cfi $\n#\n# Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow an attacker to execute arbitrary code\n and cause a DoS (Denial of Service).\n Impact Level: System/Application\";\n\ntag_affected = \"Microsoft .NET Framework 3.5, 3.5.1 and 4\";\ntag_insight = \"The flaw is due to an error within the WCF 'Replace()' function when handling\n Open Data Protocol (OData) data and can be exploited to exhaust system\n resources.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms13-007\";\ntag_summary = \"This host is missing an important security update according to\n Microsoft Bulletin MS13-004.\";\n\nif(description)\n{\n script_id(902940);\n script_version(\"$Revision: 5365 $\");\n script_cve_id(\"CVE-2013-0005\");\n script_bugtraq_id(57141);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 14:46:09 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-09 12:59:12 +0530 (Wed, 09 Jan 2013)\");\n script_name(\"Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51772/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736416\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736428\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736418\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736422\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-007\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nkey = \"\";\nitem = \"\";\npath = \"\";\ndllVer = \"\";\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\n## Confirm .NET\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(registry_key_exists(key:key))\n{\n ## Try to Get Version\n foreach item (registry_enum_keys(key:key))\n {\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n ## Get version from System.dll file\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n if(dllVer)\n {\n ## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,\n ## Windows 7 and and Windows Server 2008 R2\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.100\", test_version2:\"4.0.30319.296\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.586\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n }\n}\n\n## Get .NET Framework 3.0 Service Pack 2 Version\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.5\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n }\n}\n\nif(!dllv3){\n exit(0);\n}\n\n## .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,\n## Windows Vista, and Windows Server 2008\nif((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.4000\", test_version2:\"3.5.30729.4038\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5850\")))\n{\n security_message(0);\n exit(0);\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5005\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5800\", test_version2:\"3.5.30729.5830\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5400\", test_version2:\"3.5.30729.5450\")))\n{\n security_message(0);\n exit(0);\n}\n", "pluginID": "902940"}
{"cve": [{"lastseen": "2019-05-29T18:12:59", "bulletinFamily": "NVD", "description": "The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka \"Replace Denial of Service Vulnerability.\"", "modified": "2019-02-26T14:04:00", "id": "CVE-2013-0005", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0005", "published": "2013-01-09T18:09:00", "title": "CVE-2013-0005", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "symantec": [{"lastseen": "2018-03-11T18:48:56", "bulletinFamily": "software", "description": "### Description\n\nThe Microsoft OData specification is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive or to crash, denying service to legitimate users.\n\n### Technologies Affected\n\n * Microsoft Management OData IIS Extension \n * Microsoft Windows 7 for 32-bit Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for 64-bit Systems \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 SP2 \n * Microsoft Windows Server 2003 x64 SP2 \n * Microsoft Windows Server 2008 R2 Itanium \n * Microsoft Windows Server 2008 R2 Itanium SP1 \n * Microsoft Windows Server 2008 R2 x64 \n * Microsoft Windows Server 2008 R2 x64 SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Vista Service Pack 2 \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n * Microsoft Windows XP Professional x64 Edition SP2 \n * Microsoft Windows XP Service Pack 3 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\nThe vendor has released an advisory and fixes. Please see the references for details.\n", "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "SMNTC-57141", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/57141", "type": "symantec", "title": "Microsoft OData CVE-2013-0005 Denial of Service Vulnerability", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-03T12:15:46", "bulletinFamily": "scanner", "description": "The remote Windows host is running a version of the Microsoft .NET\nFramework that is affected by a denial of service vulnerability in the\nOpen Data (OData) protocol. An unauthenticated attacker could exploit\nthis vulnerability by sending a specially crafted HTTP request to the\naffected site.", "modified": "2019-11-02T00:00:00", "id": "SMB_NT_MS13-007.NASL", "href": "https://www.tenable.com/plugins/nessus/63425", "published": "2013-01-09T00:00:00", "title": "MS13-007: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(63425);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/06/10 11:30:32\");\n\n script_cve_id(\"CVE-2013-0005\");\n script_bugtraq_id(57141);\n script_xref(name:\"MSFT\", value:\"MS13-007\");\n script_xref(name:\"MSKB\", value:\"2736416\");\n script_xref(name:\"MSKB\", value:\"2736418\");\n script_xref(name:\"MSKB\", value:\"2736422\");\n script_xref(name:\"MSKB\", value:\"2736428\");\n script_xref(name:\"MSKB\", value:\"2736693\");\n script_xref(name:\"MSKB\", value:\"2753596\");\n script_xref(name:\"IAVB\", value:\"2013-B-0001\");\n\n script_name(english:\"MS13-007: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)\");\n script_summary(english:\"Checks file versions\");\n\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The version of the .NET Framework installed on the remote host is\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Windows host is running a version of the Microsoft .NET\nFramework that is affected by a denial of service vulnerability in the\nOpen Data (OData) protocol. An unauthenticated attacker could exploit\nthis vulnerability by sending a specially crafted HTTP request to the\naffected site.\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-007\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f2f74a7\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for the .NET Framework on\nWindows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0005\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n \n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS13-007';\nkbs = make_list(\n '2736416',\n '2736418',\n '2736422',\n '2736428',\n '2736693',\n '2753596'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nwinver = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\"Windows Embedded\" >< productname) exit(0, \"The host is running \"+productname+\" and hence is not affected.\");\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = 0;\n\n########## KB2736428 ###########\n# .NET Framework 4.0 #\n# Windows XP SP3, #\n# Windows XP SP2 x64, #\n# Windows 2003 SP2, #\n# Windows Vista SP2, #\n# Windows 7, #\n# Windows Server 2008 SP2, #\n# Windows Server 2008 R2 #\n################################\nif (\n# Windows XP SP3\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\") ||\n# Windows XP SP2 x64 / Server 2003 SP2\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\") ||\n# Windows Vista SP2 / Server 2008 SP2\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\") ||\n# Windows 7 / 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\")\n) vuln++;\n\n########## KB2736418 ###########\n# .NET Framework 3.5.1 #\n# Windows 7, #\n# Server 2008 R2 #\n################################\nif (\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5006\", min_version:\"3.5.30729.4600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736418\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5831\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736418\")\n) vuln++;\n\n########## KB2736422 ###########\n# .NET Framework 3.5.1 #\n# Windows 7 SP1, #\n# Server 2008 R2 SP1 #\n################################\nif (\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5451\", min_version:\"3.5.30729.5000\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736422\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5831\", min_version:\"3.5.30729.5500\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736422\")\n) vuln++;\n\n########## KB2736693 ###########\n# .NET Framework 3.5 #\n# Windows 8, #\n# Server 2012 #\n################################\nif (\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.6400\", min_version:\"3.5.30729.6000\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736693\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.7004\", min_version:\"3.5.30729.6600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736693\")\n) vuln++;\n\n########## KB2736416 ###########\n# .NET Framework 3.5 SP1 #\n# Windows XP SP3, #\n# Windows XP SP2 x64, #\n# Windows 2003 SP2, #\n# Windows Vista SP2, #\n# Windows Server 2008 SP2, #\n################################\nif (\n# Windows XP SP3\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"DataSvcUtil.exe\", version:\"3.5.30729.4039\", min_version:\"3.5.30729.3600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5851\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n# Windows XP SP2 x64 / Server 2003 SP2\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.4039\", min_version:\"3.5.30729.3600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5851\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n# Windows Vista SP2 / Server 2008 SP2\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.4039\", min_version:\"3.5.30729.3600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5851\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ) vuln++;\n\n########## KB2753596 ###########\n# OData IIS Extension #\n# Windows Server 2012 #\n################################\nif(winver == '6.2')\n{\n hotfix_check_fversion_end();\n registry_init();\n val = NULL;\n odata_installed = FALSE;\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE);\n if(!isnull(hklm))\n {\n key = \"SOFTWARE\\Microsoft\\.NETFramework\\Fusion\\References\";\n dotNetKeys = get_registry_subkeys(handle:hklm, key:key);\n RegCloseKey(handle:hklm);\n foreach subkey (dotNetKeys)\n {\n if(subkey =~ \"^Microsoft\\.Management\\.Odata\\.Resources\")\n {\n odata_installed = TRUE;\n break;\n }\n }\n }\n\n if(odata_installed)\n {\n close_registry(close:FALSE);\n\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n winsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:rootfile);\n patched = FALSE;\n files = list_dir(basedir:winsxs, level:0, dir_pat:'msil_microsoft.management.odata', file_pat:'^Microsoft\\\\.Management\\\\.OData\\\\.dll', max_recurse:1);\n\n vuln += hotfix_check_winsxs(os:'6.2', files:files, versions:make_list('6.2.9200.18975', '6.2.9200.23261'), max_versions:make_list('6.2.9200.20000', '6.2.9200.99999'), bulletin:bulletin, kb:'2753596');\n }\n else close_registry();\n}\n\nif(vuln > 0)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "mskb": [{"lastseen": "2019-08-22T18:25:53", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves a vulnerability in the Open Data Protocol (OData) services in the .NET Framework that could allow a Denial of Service (application).</p><h2></h2><div class=\"kb-notice-section section\"><br/><a bookmark-id=\"appliestoproducts\" href=\"#appliestoproducts\" managed-link=\"\" target=\"\">View products that this article applies to.</a><span></span></div><h2>Introduction</h2><div class=\"kb-summary-section section\">Microsoft has released the security bulletin MS13-007. You can view the complete security bulletin by going to one of the following Microsoft websites:<br/><ul class=\"sbody-free_list\"><li>Home users:<br/><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201301.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201301.aspx</a></li><li>IT professionals:<br/><a href=\"http://technet.microsoft.com/security/bulletin/ms13-007\" id=\"kb-link-2\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS13-007</a></li></ul></div><h2></h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-3\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-4\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-5\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-6\" target=\"_self\">International Support</a></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Known issues and additional information about this update</h4>The default <span class=\"text-base\">Replace </span>canonical function could allow for a denial of service attack. Therefore, this security update disables the <span class=\"text-base\">Replace </span>canonical function. We recommend that you leave this functionality disabled unless other mitigations are used. For example, using authenticated access to the service or using a provider that is not vulnerable to nested <span class=\"text-base\">Replace </span>as an attack vector may reduce the risk of a denial of service attack. If you use other mitigations, you can restore <span class=\"text-base\">Replace </span>functionality by setting enable=\"true\" in a configuration file, as shown in the following XML code example. It can also be restored in service code by setting the enable property to true in the\u00a0<a href=\"http://msdn.microsoft.com/en-us/library/system.data.services.configuration.dataservicesreplacefunctionfeature.aspx\" id=\"kb-link-7\" target=\"_self\">DataServicesReplaceFunctionFeature</a> class.<br/><div class=\"sbody-code\"><pre><code><?xml version=\"1.0\" encoding=\"utf-8\"?><br/><configuration><br/> <configSections><br/> <sectionGroup name=\"wcfDataServices\" type=\"System.Data.Services.Configuration.DataServicesSectionGroup\"><br/> <section name=\"features\" type=\"System.Data.Services.Configuration.DataServicesFeaturesSection\" /><br/> </sectionGroup><br/> </configSections> <br/> <wcfDataServices><br/> <features><br/> <replaceFunction enable=\"true\" /><br/> </features><br/> </wcfDataServices><br/></configuration><br/></code></pre></div><br/><br/>The following articles contain additional information about this update as it relates to individual product versions. The articles may contain information that is specific to the individual updates such as download URL, prerequisites, and command-line switches.<br/><br/><br/><h5 class=\"sbody-h5 text-subtitle\">Microsoft .NET Framework 4</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2736428\" id=\"kb-link-8\">2736428 </a>\u00a0MS13-007: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: January 8, 2013</li></ul><br/><h5 class=\"sbody-h5 text-subtitle\">Microsoft .NET Framework 3.5.1</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2736422\" id=\"kb-link-9\">2736422 </a> MS13-007: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: January 8, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2736418\" id=\"kb-link-10\">2736418 </a> MS13-007: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: January 8, 2013</li></ul><br/><h5 class=\"sbody-h5 text-subtitle\">Microsoft .NET Framework 3.5</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2736693\" id=\"kb-link-11\">2736693 </a> MS13-007: Description of the security update for the .NET Framework 3.5 on Windows 8, Windows RT, and Windows Server 2012: January 8, 2013</li></ul><h5 class=\"sbody-h5 text-subtitle\">Microsoft .NET Framework 3.5 Service Pack 1</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2736416\" id=\"kb-link-12\">2736416 </a>\u00a0MS13-007: Description of the security update for the .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008: January 8, 2013</li></ul><h5 class=\"sbody-h5 text-subtitle\">Microsoft Management OData IIS Extension</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2753596\" id=\"kb-link-13\">2753596 </a> MS13-007: Description of the security update for the Management OData IIS Extension on Windows Server 2012: January 8, 2013</li></ul><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP35SP1-KB2736416-IA64.exe</td><td class=\"sbody-td\">CF3BEE8AFC2555D381800B628A3DCC01EC4E685C</td><td class=\"sbody-td\">24CC439999EBB612F37D30127D81B9D625B1EE3C7080970D44BF38DF05755F2C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP35SP1-KB2736416-x64.exe</td><td class=\"sbody-td\">D1D9B33957BBA14E31988DFDAF4F5D3B13F37943</td><td class=\"sbody-td\">19C4E28FB8A57201F21A73E3CA36749E6ACC89D736E58DD0110745C243C710CF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP35SP1-KB2736416-x86.exe</td><td class=\"sbody-td\">93368F49226C00B8DDB32723196DDFBB275C8765</td><td class=\"sbody-td\">7CB7576F5512EEFA0D86C3E0B2F957199A7B8EF87C3CBACAEF03F7E5640DEB9F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP40-KB2736428-IA64.exe</td><td class=\"sbody-td\">4012210984C452D0274CB36BBDAD97A320166EFA</td><td class=\"sbody-td\">40B51ED358CAC83E02D9DB202DD3F4844BC8719DC8E4A4101AF3406CA328FB92</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP40-KB2736428-x64.exe</td><td class=\"sbody-td\">F5F126738673AE9764D03FE42FEEEA68F1EDECE2</td><td class=\"sbody-td\">C42871B7CF1EFA48743357FCBE24341B55D3819D394DC262AD483DD75DC9D705</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">NDP40-KB2736428-x86.exe</td><td class=\"sbody-td\">69A15697F7C9C976B933BD46869C895E9A1B0356</td><td class=\"sbody-td\">4C250204646ED8CF3BC2F24C4FD9177D0F41F8AD43504F497E4AAC0DB04F8EE0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB2736418-ia64.msu</td><td class=\"sbody-td\">D6F17DCDEC64753B932C796BA9E39CF7FBC34B6D</td><td class=\"sbody-td\">A796299F9E7ECC98738211F8669C1FDCB496DF340FF00EBF13EA136C7B1D6943</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB2736418-x64.msu</td><td class=\"sbody-td\">7DD6936DD2CF338DB1AE2EDFEA8FBAC6D089C484</td><td class=\"sbody-td\">B663BE83A5B429F6DA9221AEE8E80A0C7E2353F5182BD042B62713CB3108E3C4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB2736418-x86.msu</td><td class=\"sbody-td\">014BEBBAA5E33345456B8C4583040333673BD3E3</td><td class=\"sbody-td\">ACC5DD40C3B00628A5B5F4E66CF810CC3D6AACF4C17D58B6BB9E36527D004DC1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB2736422-ia64.msu</td><td class=\"sbody-td\">AA0D30E6C0C2495A61AF74D0AFCB0AD432810EA9</td><td class=\"sbody-td\">83BDFDA8FC1AF4B9407CE3DF89A11D3B1CA9043FA2D0B0C36C5A769ABD32E540</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB2736422-x64.msu</td><td class=\"sbody-td\">8012D0310C4E3A74FBB64EA25D7F6050EC019201</td><td class=\"sbody-td\">0D992E873F7BE6D52F8A8FC53716FCBCB9E38B4E1C3D9EC4497112741FA97C60</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB2736422-x86.msu</td><td class=\"sbody-td\">A7853ADD16B14609C9B34348B52878B15EB9410F</td><td class=\"sbody-td\">AA85481D1FD59E56D46FE86127456A56A945956CEB3DF110A6A9B77C765216BA</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB2736693-x64.msu</td><td class=\"sbody-td\">FA7526CC57DB70D12FFFD587A6AC1F7C26F04098</td><td class=\"sbody-td\">74069778B8CDFF51D34D441D59FB2EAE6EF22EBE9AC0CCD5CD26B753C7DE789A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB2736693-x86.msu</td><td class=\"sbody-td\">A35F02E2579F7038C013BE7A633A0207C6ADAA4C</td><td class=\"sbody-td\">C6ABCDB241A7C4372F107A0CD5216A4ED1B3A4DE19D9F4EDA6AE60AE589F38C5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB2753596-x64.msu</td><td class=\"sbody-td\">458C4B5E42FF52653F3DB60EEB2AD2A3D18B8962</td><td class=\"sbody-td\">09883673056652E84DB240DC487937A1DFF7E8E27F1EAFF5FC9FBD3342AE3543</td></tr></table></div></div><br/></span></div></div></div></div><h2></h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Update replacement information</h4>Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.</div><h2></h2><div class=\"kb-notice-section section\"><a class=\"bookmark\" id=\"appliestoproducts\"></a><br/><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Applies to</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">This article applies to the following:<br/><ul class=\"sbody-free_list\"><li>Microsoft .NET Framework 4 when used with:<br/><ul class=\"sbody-free_list\"><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Microsoft Windows XP Service Pack 3</li><li>Microsoft Windows Server 2003 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 3.5.1 when used with:<br/><ul class=\"sbody-free_list\"><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li></ul></li><li>Microsoft .NET Framework 3.5 Service Pack 1 when used with:<br/><ul class=\"sbody-free_list\"><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Microsoft Windows XP Service Pack 3</li><li>Microsoft Windows Server 2003 Service Pack 2 </li></ul></li><li>Microsoft .NET Framework 3.5 when used with:<br/><ul class=\"sbody-free_list\"><li>Windows 8</li><li>Windows RT</li><li>Windows Server 2012</li></ul></li></ul></div><br/></span></div></div></div></div></body></html>", "modified": "2013-01-08T17:42:02", "id": "KB2769327", "href": "https://support.microsoft.com/en-us/help/2769327/", "published": "2017-01-07T21:39:06", "title": "MS13-007: Vulnerability in Open Data Protocol could allow denial of service: January 8, 2013", "type": "mskb", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-004.", "modified": "2019-05-03T00:00:00", "published": "2013-01-09T00:00:00", "id": "OPENVAS:1361412562310902940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902940", "title": "Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902940\");\n script_version(\"2019-05-03T12:31:27+0000\");\n script_cve_id(\"CVE-2013-0005\");\n script_bugtraq_id(57141);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 12:31:27 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-01-09 12:59:12 +0530 (Wed, 09 Jan 2013)\");\n script_name(\"Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51772/\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736416\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736428\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736418\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736422\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms13-007\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to execute arbitrary code\n and cause a DoS (Denial of Service).\");\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5, 3.5.1 and 4\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error within the WCF 'Replace()' function when handling\n Open Data Protocol (OData) data and can be exploited to exhaust system\n resources.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-004.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(registry_key_exists(key:key))\n{\n foreach item (registry_enum_keys(key:key))\n {\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n if(dllVer)\n {\n ## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,\n ## Windows 7 and and Windows Server 2008 R2\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.100\", test_version2:\"4.0.30319.296\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.586\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.5\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n }\n}\n\nif(!dllv3){\n exit(0);\n}\n\n## .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,\n## Windows Vista, and Windows Server 2008\nif((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.4000\", test_version2:\"3.5.30729.4038\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5850\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5005\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5800\", test_version2:\"3.5.30729.5830\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5400\", test_version2:\"3.5.30729.5450\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "description": "Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS.", "modified": "2013-01-10T00:00:00", "published": "2013-01-10T00:00:00", "id": "SECURITYVULNS:VULN:12817", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12817", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
