Microsoft Windows TrueType字体引擎远程代码执行漏洞(CVE-2012-0159)(MS12-034)

2012-05-09T00:00:00

Description

BUGTRAQ ID: 53335 CVE ID: CVE-2012-0159 Microsoft Windows是流行的计算机操作系统。受影响的组件处理特制 TrueType 字体文件的方式中存在一个远程执行代码漏洞。如果用户打开特制的 TrueType 字体文件，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 0 Microsoft Windows XP Professional x64 Edition SP Microsoft Windows Windows XP Professional x64 Ed Microsoft Windows Windows XP Professional SP3 Microsoft Windows Windows XP Professional SP2 Microsoft Windows Windows XP Professional SP1 Microsoft Windows Windows XP Professional Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Media Center Editio Microsoft Windows Windows XP Home SP3 Microsoft Windows Windows XP Home SP2 Microsoft Windows Windows XP Home SP1 Microsoft Windows Windows XP Home Microsoft Windows Windows XP Gold 0 Microsoft Windows Windows XP Embedded SP3 Microsoft Windows Windows XP Embedded SP2 Microsoft Windows Windows XP Embedded SP1 Microsoft Windows Windows XP Embedded Microsoft Windows Windows XP 64-bit Edition SP1 Microsoft Windows Windows XP 0 Microsoft Windows Windows Vista x64 Edition SP2 Microsoft Windows Windows Vista x64 Edition SP1 Microsoft Windows Windows Vista x64 Edition 0 Microsoft Windows Windows Vista Ultimate SP2 Microsoft Windows Windows Vista Ultimate SP1 Microsoft Windows Windows Vista Ultimate 64-bit Microsoft Windows Windows Vista Ultimate 64-bit Microsoft Windows Windows Vista Ultimate 64-bit Microsoft Windows Windows Vista Ultimate Microsoft Windows Windows Vista SP2 Microsoft Windows Windows Vista SP1 Microsoft Windows Windows Vista Home Premium SP2 Microsoft Windows Windows Vista Home Premium SP1 Microsoft Windows Windows Vista Home Premium 64- Microsoft Windows Windows Vista Home Premium 64- Microsoft Windows Windows Vista Home Premium 64- Microsoft Windows Windows Vista Home Premium Microsoft Windows Windows Vista Home Basic SP2 Microsoft Windows Windows Vista Home Basic SP1 Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic 64-bi Microsoft Windows Windows Vista Home Basic Microsoft Windows Windows Vista Enterprise SP2 Microsoft Windows Windows Vista Enterprise SP1 Microsoft Windows Windows Vista Enterprise 64-bi Microsoft Windows Windows Vista Enterprise 64-bi Microsoft Windows Windows Vista Enterprise 64-bi Microsoft Windows Windows Vista Enterprise Microsoft Windows Windows Vista Business SP2 Microsoft Windows Windows Vista Business SP1 Microsoft Windows Windows Vista Business 64-bit Microsoft Windows Windows Vista Business 64-bit Microsoft Windows Windows Vista Business 64-bit Microsoft Windows Windows Vista 0 Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 Standard E Microsoft Windows Windows Server 2008 R2 x64 SP1 Microsoft Windows Windows Server 2008 R2 x64 0 Microsoft Windows Windows Server 2008 R2 Itanium Microsoft Windows Windows Server 2008 R2 Itanium Microsoft Windows Windows Server 2008 R2 for x64 Microsoft Windows Windows Server 2008 R2 Microsoft Windows Windows Server 2008 for x64-ba Microsoft Windows Windows Server 2008 for x64-ba Microsoft Windows Windows Server 2008 for x64-ba Microsoft Windows Windows Server 2008 for Itaniu Microsoft Windows Windows Server 2008 for Itaniu Microsoft Windows Windows Server 2008 for Itaniu Microsoft Windows Windows Server 2008 for 32-bit Microsoft Windows Windows Server 2008 for 32-bit Microsoft Windows Windows Server 2008 Enterprise Microsoft Windows Windows Server 2008 Enterprise Microsoft Windows Windows Server 2008 Datacenter Microsoft Windows Windows Server 2008 Datacenter Microsoft Windows Windows Server 2003 x64 SP2 Microsoft Windows Windows Server 2003 x64 SP1 Microsoft Windows Windows Server 2003 Standard E Microsoft Windows Windows Server 2003 Standard E Microsoft Windows Windows Server 2003 Standard E Microsoft Windows Windows Server 2003 SP2 Microsoft Windows Windows Server 2003 SP1 Microsoft Windows Windows Server 2003 Itanium SP Microsoft Windows Windows Server 2003 Itanium SP Microsoft Windows Windows Server 2003 Itanium 0 Microsoft Windows Windows Server 2003 Gold Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Enterprise Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows Server 2003 Datacenter Microsoft Windows Windows 7 XP Mode 0 Microsoft Windows Windows 7 Ultimate 0 Microsoft Windows Windows 7 Starter 0 Microsoft Windows Windows 7 RC Microsoft Windows Windows 7 Professional 0 Microsoft Windows Windows 7 Home Premium 0 Microsoft Windows Windows 7 Home Premium - Sp1 X Microsoft Windows Windows 7 Home Premium - Sp1 X Microsoft Windows Windows 7 for x64-based System Microsoft Windows Windows 7 for x64-based System Microsoft Windows Windows 7 for 32-bit Systems S Microsoft Windows Windows 7 for 32-bit Systems 0 Microsoft Windows Silverlight 5.0 Microsoft Windows Silverlight 4.0 Microsoft Windows Office 2010 0 Microsoft Windows Office 2010 (64-bit edition) S Microsoft Windows Office 2010 (64-bit edition) 0 Microsoft Windows Office 2010 (32-bit edition) S Microsoft Windows Office 2010 (32-bit edition) 0 Microsoft Windows Office 2007 0 Microsoft Windows Office 2003 0 Microsoft Windows .NET Framework 4.0 Microsoft Windows .NET Framework 3.5.1 Microsoft Windows + Publisher 2003 Microsoft Windows + PowerPoint 2003 0 Microsoft Windows + Outlook 2003 0 Microsoft Windows + OneNote 2003 0 Microsoft Windows + InfoPath 2003 Microsoft Windows + FrontPage 2003 Microsoft Windows + Excel 2003 厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS12-034）以及相应补丁: MS12-034：Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) 链接：http://www.microsoft.com/technet/security/bulletin/MS12-034.asp

{"sourceData": "", "status": "cve,details", "description": "BUGTRAQ ID: 53335\r\nCVE ID: CVE-2012-0159\r\n\r\nMicrosoft Windows\u662f\u6d41\u884c\u7684\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u53d7\u5f71\u54cd\u7684\u7ec4\u4ef6\u5904\u7406\u7279\u5236 TrueType \u5b57\u4f53\u6587\u4ef6\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u4e00\u4e2a\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u6253\u5f00\u7279\u5236\u7684 TrueType \u5b57\u4f53\u6587\u4ef6\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u653b\u51fb\u8005\u53ef\u968f\u540e\u5b89\u88c5\u7a0b\u5e8f\uff1b\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\uff1b\u6216\u8005\u521b\u5efa\u62e5\u6709\u5b8c\u5168\u7528\u6237\u6743\u9650\u7684\u65b0\u5e10\u6237\u3002\r\n0\r\nMicrosoft Windows XP Professional x64 Edition SP\r\nMicrosoft Windows Windows XP Professional x64 Ed\r\nMicrosoft Windows Windows XP Professional SP3\r\nMicrosoft Windows Windows XP Professional SP2\r\nMicrosoft Windows Windows XP Professional SP1\r\nMicrosoft Windows Windows XP Professional\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Media Center Editio\r\nMicrosoft Windows Windows XP Home SP3\r\nMicrosoft Windows Windows XP Home SP2\r\nMicrosoft Windows Windows XP Home SP1\r\nMicrosoft Windows Windows XP Home\r\nMicrosoft Windows Windows XP Gold 0\r\nMicrosoft Windows Windows XP Embedded SP3\r\nMicrosoft Windows Windows XP Embedded SP2\r\nMicrosoft Windows Windows XP Embedded SP1\r\nMicrosoft Windows Windows XP Embedded\r\nMicrosoft Windows Windows XP 64-bit Edition SP1\r\nMicrosoft Windows Windows XP 0\r\nMicrosoft Windows Windows Vista x64 Edition SP2\r\nMicrosoft Windows Windows Vista x64 Edition SP1\r\nMicrosoft Windows Windows Vista x64 Edition 0\r\nMicrosoft Windows Windows Vista Ultimate SP2\r\nMicrosoft Windows Windows Vista Ultimate SP1\r\nMicrosoft Windows Windows Vista Ultimate 64-bit\r\nMicrosoft Windows Windows Vista Ultimate 64-bit\r\nMicrosoft Windows Windows Vista Ultimate 64-bit\r\nMicrosoft Windows Windows Vista Ultimate\r\nMicrosoft Windows Windows Vista SP2\r\nMicrosoft Windows Windows Vista SP1\r\nMicrosoft Windows Windows Vista Home Premium SP2\r\nMicrosoft Windows Windows Vista Home Premium SP1\r\nMicrosoft Windows Windows Vista Home Premium 64-\r\nMicrosoft Windows Windows Vista Home Premium 64-\r\nMicrosoft Windows Windows Vista Home Premium 64-\r\nMicrosoft Windows Windows Vista Home Premium\r\nMicrosoft Windows Windows Vista Home Basic SP2\r\nMicrosoft Windows Windows Vista Home Basic SP1\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic 64-bi\r\nMicrosoft Windows Windows Vista Home Basic\r\nMicrosoft Windows Windows Vista Enterprise SP2\r\nMicrosoft Windows Windows Vista Enterprise SP1\r\nMicrosoft Windows Windows Vista Enterprise 64-bi\r\nMicrosoft Windows Windows Vista Enterprise 64-bi\r\nMicrosoft Windows Windows Vista Enterprise 64-bi\r\nMicrosoft Windows Windows Vista Enterprise\r\nMicrosoft Windows Windows Vista Business SP2\r\nMicrosoft Windows Windows Vista Business SP1\r\nMicrosoft Windows Windows Vista Business 64-bit\r\nMicrosoft Windows Windows Vista Business 64-bit\r\nMicrosoft Windows Windows Vista Business 64-bit\r\nMicrosoft Windows Windows Vista 0\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 Standard E\r\nMicrosoft Windows Windows Server 2008 R2 x64 SP1\r\nMicrosoft Windows Windows Server 2008 R2 x64 0\r\nMicrosoft Windows Windows Server 2008 R2 Itanium\r\nMicrosoft Windows Windows Server 2008 R2 Itanium\r\nMicrosoft Windows Windows Server 2008 R2 for x64\r\nMicrosoft Windows Windows Server 2008 R2\r\nMicrosoft Windows Windows Server 2008 for x64-ba\r\nMicrosoft Windows Windows Server 2008 for x64-ba\r\nMicrosoft Windows Windows Server 2008 for x64-ba\r\nMicrosoft Windows Windows Server 2008 for Itaniu\r\nMicrosoft Windows Windows Server 2008 for Itaniu\r\nMicrosoft Windows Windows Server 2008 for Itaniu\r\nMicrosoft Windows Windows Server 2008 for 32-bit\r\nMicrosoft Windows Windows Server 2008 for 32-bit\r\nMicrosoft Windows Windows Server 2008 Enterprise\r\nMicrosoft Windows Windows Server 2008 Enterprise\r\nMicrosoft Windows Windows Server 2008 Datacenter\r\nMicrosoft Windows Windows Server 2008 Datacenter\r\nMicrosoft Windows Windows Server 2003 x64 SP2\r\nMicrosoft Windows Windows Server 2003 x64 SP1\r\nMicrosoft Windows Windows Server 2003 Standard E\r\nMicrosoft Windows Windows Server 2003 Standard E\r\nMicrosoft Windows Windows Server 2003 Standard E\r\nMicrosoft Windows Windows Server 2003 SP2\r\nMicrosoft Windows Windows Server 2003 SP1\r\nMicrosoft Windows Windows Server 2003 Itanium SP\r\nMicrosoft Windows Windows Server 2003 Itanium SP\r\nMicrosoft Windows Windows Server 2003 Itanium 0\r\nMicrosoft Windows Windows Server 2003 Gold\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Enterprise\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows Server 2003 Datacenter\r\nMicrosoft Windows Windows 7 XP Mode 0\r\nMicrosoft Windows Windows 7 Ultimate 0\r\nMicrosoft Windows Windows 7 Starter 0\r\nMicrosoft Windows Windows 7 RC\r\nMicrosoft Windows Windows 7 Professional 0\r\nMicrosoft Windows Windows 7 Home Premium 0\r\nMicrosoft Windows Windows 7 Home Premium - Sp1 X\r\nMicrosoft Windows Windows 7 Home Premium - Sp1 X\r\nMicrosoft Windows Windows 7 for x64-based System\r\nMicrosoft Windows Windows 7 for x64-based System\r\nMicrosoft Windows Windows 7 for 32-bit Systems S\r\nMicrosoft Windows Windows 7 for 32-bit Systems 0\r\nMicrosoft Windows Silverlight 5.0\r\nMicrosoft Windows Silverlight 4.0\r\nMicrosoft Windows Office 2010 0\r\nMicrosoft Windows Office 2010 (64-bit edition) S\r\nMicrosoft Windows Office 2010 (64-bit edition) 0\r\nMicrosoft Windows Office 2010 (32-bit edition) S\r\nMicrosoft Windows Office 2010 (32-bit edition) 0\r\nMicrosoft Windows Office 2007 0\r\nMicrosoft Windows Office 2003 0\r\nMicrosoft Windows .NET Framework 4.0\r\nMicrosoft Windows .NET Framework 3.5.1\r\nMicrosoft Windows + Publisher 2003\r\nMicrosoft Windows + PowerPoint 2003 0\r\nMicrosoft Windows + Outlook 2003 0\r\nMicrosoft Windows + OneNote 2003 0\r\nMicrosoft Windows + InfoPath 2003\r\nMicrosoft Windows + FrontPage 2003\r\nMicrosoft Windows + Excel 2003\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS12-034\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nMS12-034\uff1aCombined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)\r\n\r\n\u94fe\u63a5\uff1ahttp://www.microsoft.com/technet/security/bulletin/MS12-034.asp", "sourceHref": "", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-60104", "type": "seebug", "viewCount": 16, "references": [], "lastseen": "2017-11-19T17:52:17", "published": "2012-05-09T00:00:00", "cvelist": ["CVE-2012-0159"], "id": "SSV:60104", "enchantments_done": [], "modified": "2012-05-09T00:00:00", "title": "Microsoft Windows TrueType\u5b57\u4f53\u5f15\u64ce\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2012-0159)(MS12-034)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 6.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2012-198"]}, {"type": "cve", "idList": ["CVE-2012-0159"]}, {"type": "kaspersky", "idList": ["KLA10544"]}, {"type": "mskb", "idList": ["KB2681578"]}, {"type": "nessus", "idList": ["MACOSX_MS12-034.NASL", "SMB_NT_MS12-034.NASL", "SMB_NT_MS12-039.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310902678", "OPENVAS:1361412562310902832", "OPENVAS:1361412562310902842", "OPENVAS:902678", "OPENVAS:902832", "OPENVAS:902842"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28350", "SECURITYVULNS:VULN:12357", "SECURITYVULNS:VULN:12406"]}, {"type": "symantec", "idList": ["SMNTC-53335"]}, {"type": "zdi", "idList": ["ZDI-12-129"]}], "rev": 4}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2012-198"]}, {"type": "cve", "idList": ["CVE-2012-0159"]}, {"type": "mskb", "idList": ["KB2681578"]}, {"type": "openvas", "idList": ["OPENVAS:902678"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28350"]}, {"type": "zdi", "idList": ["ZDI-12-129"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2012-0159", "epss": "0.606410000", "percentile": "0.971760000", "modified": "2023-03-14"}], "vulnersScore": 6.3}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1683918140, "epss": 1678850553}, "_internal": {"score_hash": "3572251dbd6678150084504b4dbeab0a"}}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:45", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution\r\nVulnerability (Remote Kernel)\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-129\r\nAugust 3, 2012\r\n\r\n- -- CVE ID:\r\nCVE-2012-0159\r\n\r\n- -- CVSS:\r\n10, AV:N/AC:L/Au:N/C:C/I:C/A:C\r\n\r\n- -- Affected Vendors:\r\nMicrosoft\r\n\r\n- -- Affected Products:\r\nMicrosoft Windows XP SP3\r\nMicrosoft Windows Vista\r\nMicrosoft Windows 7\r\n\r\n\r\n- -- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code from\r\nthe contact of kernelspace on vulnerable installations of Microsoft\r\nWindows. User interaction is required to exploit this vulnerability in that\r\nthe target must visit a malicious page or open a malicious file.\r\n\r\nThe specific flaw exists within the kernel's support for TrueType font\r\nparsing of compound glyphs. A sign extension error exists in win32k.sys\r\nwhen processing compound glyphs having a total number of contours above\r\n0x7FFF. This can be exploited to corrupt kernel heap memory placed below\r\nthe space allocated for the "flags" buffer and potentially execute\r\narbitrary code in kernel space.\r\n\r\n- -- Vendor Response:\r\nMicrosoft has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://technet.microsoft.com/en-us/security/bulletin/ms12-039\r\n\r\n- -- Disclosure Timeline:\r\n2011-11-04 - Vulnerability reported to vendor\r\n2012-08-03 - Coordinated public release of advisory\r\n\r\n- -- Credit:\r\nThis vulnerability was discovered by:\r\n* Alin Rad Pop (binaryproof)\r\n\r\n\r\n- -- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 10.2.0 (Build 1950)\r\nCharset: utf-8\r\n\r\nwsBVAwUBUBwqM1VtgMGTo1scAQKiCgf/d6FeYgGgRzwbN+PfzCyA7jU2TMEZzomm\r\nsCTQAOD+hpQGzwGk/gsZtbvh0NqzFtfoQ968pyrNHpA+x8B0ORry2C9v351Spz5E\r\nhnqxeOUd7IFnrjxcGLBMDBwFGVWeyTJTpT9oEW+sXNnDNy/Dcjok7LWlI+M4cvKa\r\nfB9XE7yT+qST/HLjYezvc8iazrJOxqeh4YYflrST7cCmAzqojcXSpZXYZxqgliuU\r\nOChxDT2QpWOyyY6y6dQKE/nVtC5kHT61sNjCVURtTSzPuZgjv6fbOqCrUW8OsOwC\r\nEzYTDrMpeWMP5FwzfnICPTK9nWp/hsHuV/BunebzjExdwrFu00u2jg==\r\n=bMzV\r\n-----END PGP SIGNATURE-----\r\n", "cvss3": {}, "published": "2012-08-13T00:00:00", "type": "securityvulns", "title": "ZDI-12-129: Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-0159"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:DOC:28350", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28350", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:02:41", "description": "Font parsing vulnerabilities, unsafe DLL loading, crossite scripting.", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "securityvulns", "title": "Mictosoft Lync multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-1858", "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849"], "modified": "2012-06-13T00:00:00", "id": "SECURITYVULNS:VULN:12406", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12406", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:16:46", "description": "TCP/IP privilege escalation, partition manager privilege escalation, multiple security vulnerabililities in .Net, Silverlight, font management, GDI+, window components, etc.", "cvss3": {}, "published": "2012-08-13T00:00:00", "type": "securityvulns", "title": "Microsoft Windows multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2012-0160", "CVE-2011-3402", "CVE-2012-0174", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0161", "CVE-2012-0165", "CVE-2012-0179", "CVE-2012-0178", "CVE-2012-0181"], "modified": "2012-08-13T00:00:00", "id": "SECURITYVULNS:VULN:12357", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12357", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2021-06-08T18:47:42", "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability that affects the TrueType Font engine. An attacker can exploit this issue through the Windows Kernel-Mode drivers to execute arbitrary code in kernel mode. The attacker can also exploit this issue through Microsoft Silverlight, Microsoft Office, or other affected Windows components to execute arbitrary code with user-level privileges. Successful exploits will completely compromise an affected computer. Failed attempts will result in a denial-of-service condition.\n\n### Technologies Affected\n\n * Avaya Aura Conferencing 6.0 Standard \n * Avaya CallPilot 4.0 \n * Avaya CallPilot 5.0 \n * Avaya Communication Server 1000 Telephony Manager 3.0 \n * Avaya Communication Server 1000 Telephony Manager 4.0 \n * Avaya Meeting Exchange - Client Registration Server \n * Avaya Meeting Exchange - Enterprise Edition \n * Avaya Meeting Exchange - Recording Server \n * Avaya Meeting Exchange - Streaming Server \n * Avaya Meeting Exchange - Web Conferencing Server \n * Avaya Meeting Exchange - Webportal 6.0 \n * Avaya Meeting Exchange 5.0 \n * Avaya Meeting Exchange 5.0 SP1 \n * Avaya Meeting Exchange 5.0 SP2 \n * Avaya Meeting Exchange 5.0.0.0.52 \n * Avaya Meeting Exchange 5.1 \n * Avaya Meeting Exchange 5.1 SP1 \n * Avaya Meeting Exchange 5.2 \n * Avaya Meeting Exchange 5.2 SP1 \n * Avaya Meeting Exchange 5.2 SP2 \n * Avaya Messaging Application Server 5 \n * Avaya Messaging Application Server 5.2 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.0 \n * Microsoft Lync 2010 \n * Microsoft Lync 2010 Attendant (32-bit) \n * Microsoft Lync 2010 Attendant (64-bit) \n * Microsoft Lync 2010 Attendee \n * Microsoft Office 2003 \n * Microsoft Office 2007 \n * Microsoft Office 2010 (32-bit edition) \n * Microsoft Office 2010 (32-bit edition) SP1 \n * Microsoft Office 2010 (64-bit edition) \n * Microsoft Office 2010 (64-bit edition) SP1 \n * Microsoft Office 2010 \n * Microsoft Office Communicator 2007 R2 \n * Microsoft Silverlight 4.0 \n * Microsoft Silverlight 5.0 \n * Microsoft Windows 7 Home Premium \n * Microsoft Windows 7 Home Premium Sp1 X32 \n * Microsoft Windows 7 Home Premium Sp1 X64 \n * Microsoft Windows 7 Professional \n * Microsoft Windows 7 RC \n * Microsoft Windows 7 Starter \n * Microsoft Windows 7 Ultimate \n * Microsoft Windows 7 XP Mode \n * Microsoft Windows 7 for 32-bit Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows Server 2003 Datacenter Edition \n * Microsoft Windows Server 2003 Datacenter Edition Itanium \n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 \n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 \n * Microsoft Windows Server 2003 Datacenter Edition SP1 \n * Microsoft Windows Server 2003 Datacenter x64 Edition \n * Microsoft Windows Server 2003 Datacenter x64 Edition SP2 \n * Microsoft Windows Server 2003 Enterprise Edition \n * Microsoft Windows Server 2003 Enterprise Edition Itanium \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP2 \n * Microsoft Windows Server 2003 Enterprise Edition SP1 \n * Microsoft Windows Server 2003 Enterprise x64 Edition \n * Microsoft Windows Server 2003 Enterprise x64 Edition SP2 \n * Microsoft Windows Server 2003 Gold \n * Microsoft Windows Server 2003 Itanium \n * Microsoft Windows Server 2003 Itanium SP1 \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 SP1 \n * Microsoft Windows Server 2003 SP2 \n * Microsoft Windows Server 2003 Standard Edition \n * Microsoft Windows Server 2003 Standard Edition SP1 \n * Microsoft Windows Server 2003 Standard Edition SP2 \n * Microsoft Windows Server 2003 x64 SP1 \n * Microsoft Windows Server 2003 x64 SP2 \n * Microsoft Windows Server 2008 Datacenter Edition \n * Microsoft Windows Server 2008 Datacenter Edition SP2 \n * Microsoft Windows Server 2008 Enterprise Edition \n * Microsoft Windows Server 2008 Enterprise Edition SP2 \n * Microsoft Windows Server 2008 R2 \n * Microsoft Windows Server 2008 R2 Itanium \n * Microsoft Windows Server 2008 R2 Itanium SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 R2 x64 \n * Microsoft Windows Server 2008 R2 x64 SP1 \n * Microsoft Windows Server 2008 Standard Edition \n * Microsoft Windows Server 2008 Standard Edition Itanium \n * Microsoft Windows Server 2008 Standard Edition SP2 \n * Microsoft Windows Server 2008 Standard Edition X64 \n * Microsoft Windows Server 2008 for 32-bit Systems \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems \n * Microsoft Windows Server 2008 for Itanium-based Systems R2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems \n * Microsoft Windows Server 2008 for x64-based Systems R2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Vista \n * Microsoft Windows Vista Business 64-bit edition \n * Microsoft Windows Vista Business 64-bit edition SP1 \n * Microsoft Windows Vista Business 64-bit edition SP2 \n * Microsoft Windows Vista Business SP1 \n * Microsoft Windows Vista Business SP2 \n * Microsoft Windows Vista Enterprise 64-bit edition \n * Microsoft Windows Vista Enterprise 64-bit edition SP1 \n * Microsoft Windows Vista Enterprise 64-bit edition SP2 \n * Microsoft Windows Vista Enterprise \n * Microsoft Windows Vista Enterprise SP1 \n * Microsoft Windows Vista Enterprise SP2 \n * Microsoft Windows Vista Home Basic 64-bit edition \n * Microsoft Windows Vista Home Basic 64-bit edition SP1 \n * Microsoft Windows Vista Home Basic 64-bit edition SP2 \n * Microsoft Windows Vista Home Basic 64-bit edition Sp1 X64 \n * Microsoft Windows Vista Home Basic 64-bit edition Sp2 X64 \n * Microsoft Windows Vista Home Basic \n * Microsoft Windows Vista Home Basic SP1 \n * Microsoft Windows Vista Home Basic SP2 \n * Microsoft Windows Vista Home Premium 64-bit edition \n * Microsoft Windows Vista Home Premium 64-bit edition SP1 \n * Microsoft Windows Vista Home Premium 64-bit edition SP2 \n * Microsoft Windows Vista Home Premium \n * Microsoft Windows Vista Home Premium SP1 \n * Microsoft Windows Vista Home Premium SP2 \n * Microsoft Windows Vista SP1 \n * Microsoft Windows Vista SP2 \n * Microsoft Windows Vista Ultimate 64-bit edition \n * Microsoft Windows Vista Ultimate 64-bit edition SP1 \n * Microsoft Windows Vista Ultimate 64-bit edition SP2 \n * Microsoft Windows Vista Ultimate \n * Microsoft Windows Vista Ultimate SP1 \n * Microsoft Windows Vista Ultimate SP2 \n * Microsoft Windows Vista x64 Edition \n * Microsoft Windows Vista x64 Edition SP1 \n * Microsoft Windows Vista x64 Edition SP2 \n * Microsoft Windows XP 64-bit Edition SP1 \n * Microsoft Windows XP \n * Microsoft Windows XP Embedded \n * Microsoft Windows XP Embedded SP1 \n * Microsoft Windows XP Embedded SP2 \n * Microsoft Windows XP Embedded SP3 \n * Microsoft Windows XP Gold \n * Microsoft Windows XP Home \n * Microsoft Windows XP Home SP1 \n * Microsoft Windows XP Home SP2 \n * Microsoft Windows XP Home SP3 \n * Microsoft Windows XP Media Center Edition \n * Microsoft Windows XP Media Center Edition SP1 \n * Microsoft Windows XP Media Center Edition SP2 \n * Microsoft Windows XP Media Center Edition SP3 \n * Microsoft Windows XP Professional \n * Microsoft Windows XP Professional SP1 \n * Microsoft Windows XP Professional SP2 \n * Microsoft Windows XP Professional SP3 \n * Microsoft Windows XP Professional x64 Edition \n * Microsoft Windows XP Professional x64 Edition SP2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nUsers should never accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Do not accept communications that originate from unknown or untrusted sources.** \nDo not follow links or open email from unknown or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nThe vendor released an advisory and updates. Please see the references for details.\n", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "symantec", "title": "Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-0159"], "modified": "2012-05-08T00:00:00", "id": "SMNTC-53335", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/53335", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "checkpoint_advisories": [{"lastseen": "2022-11-28T07:10:56", "description": "A remote code execution vulnerability has been reported in Microsoft Windows.", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Malformed TrueType Font Remote Code Execution (MS12-034; CVE-2012-0159)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0159"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2012-198", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2023-06-05T15:23:18", "description": "This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the \"flags\" buffer and potentially execute arbitrary code in kernel space.", "cvss3": {}, "published": "2012-08-03T00:00:00", "type": "zdi", "title": "Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0159"], "modified": "2012-08-03T00:00:00", "id": "ZDI-12-129", "href": "https://www.zerodayinitiative.com/advisories/ZDI-12-129/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-06-05T14:08:43", "description": "Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka \"TrueType Font Parsing Vulnerability.\"", "cvss3": {}, "published": "2012-05-09T00:55:00", "type": "cve", "title": "CVE-2012-0159", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0159"], "modified": "2018-10-12T22:02:00", "cpe": ["cpe:/a:microsoft:silverlight:5.0.60401.0", "cpe:/a:microsoft:silverlight:4.0.50826.0", "cpe:/a:microsoft:office:2007", "cpe:/o:microsoft:windows_server_2008:*", "cpe:/o:microsoft:windows_xp:*", "cpe:/a:microsoft:silverlight:4.0.50917.0", "cpe:/a:microsoft:silverlight:5.0.60818.0", "cpe:/a:microsoft:silverlight:4.0.60310.0", "cpe:/o:microsoft:windows_vista:-", "cpe:/a:microsoft:silverlight:4.0.60831.0", "cpe:/a:microsoft:office:2010", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/a:microsoft:silverlight:4.0.50524.00", "cpe:/a:microsoft:silverlight:4.0.60531.0", "cpe:/o:microsoft:windows_7:*", "cpe:/o:microsoft:windows_7:-", "cpe:/a:microsoft:silverlight:4.0.60129.0", "cpe:/a:microsoft:silverlight:4.0.51204.0", "cpe:/a:microsoft:silverlight:4.1.10111.0", "cpe:/a:microsoft:silverlight:4.0.50401.0", "cpe:/o:microsoft:windows_8:consumer_preview", "cpe:/a:microsoft:silverlight:5.0.61118.0", "cpe:/a:microsoft:office:2003"], "id": "CVE-2012-0159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0159", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50917.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:5.0.61118.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60129.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:5.0.60401.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60310.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8:consumer_preview:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50524.00:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.1.10111.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:5.0.60818.0:rc:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60531.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.60831.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50401.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.50826.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:silverlight:4.0.51204.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:10:35", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "openvas", "title": "Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:902678", "href": "http://plugins.openvas.org/nasl.php?oid=902678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-034_macosx.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted file.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Silverlight versions 4 and 5\";\ntag_insight = \"The flaws are due to an error exists when parsing TrueType fonts.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/MS12-034\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\";\n\nif(description)\n{\n script_id(902678);\n script_version(\"$Revision: 5940 $\");\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\");\n script_bugtraq_id(50462, 53335);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-14 13:06:50 +0530 (Mon, 14 May 2012)\");\n script_name(\"Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49121\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2681578\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2690729\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1027048\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-034\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_ms_silverlight_detect_macosx.nasl\");\n script_require_keys(\"MS/Silverlight/MacOSX/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nslightVer = \"\";\n\n## Get the version from KB\nslightVer = get_kb_item(\"MS/Silverlight/MacOSX/Ver\");\nif(!slightVer){\n exit(0);\n}\n\n## Check for Silverlight 4 and 5\nif(version_in_range(version: slightVer, test_version:\"4.0\", test_version2:\"4.1.10328\")||\n version_in_range(version: slightVer, test_version:\"5.0\", test_version2:\"5.1.10410\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-10T19:58:22", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "openvas", "title": "Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902678\");\n script_version(\"2020-06-09T10:15:40+0000\");\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\");\n script_bugtraq_id(50462, 53335);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 10:15:40 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-05-14 13:06:50 +0530 (Mon, 14 May 2012)\");\n script_name(\"Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2681578\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2690729\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027048\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_ms_silverlight_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Silverlight/MacOSX/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted file.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Silverlight versions 4 and 5.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to an error exists when parsing TrueType fonts.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nslightVer = get_kb_item(\"MS/Silverlight/MacOSX/Ver\");\nif(!slightVer){\n exit(0);\n}\n\nif(version_in_range(version: slightVer, test_version:\"4.0\", test_version2:\"4.1.10328\")||\n version_in_range(version: slightVer, test_version:\"5.0\", test_version2:\"5.1.10410\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-14T10:50:56", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "openvas", "title": "Microsoft Lync Remote Code Execution Vulnerabilities (2707956)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1858", "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849"], "modified": "2017-06-29T00:00:00", "id": "OPENVAS:902842", "href": "http://plugins.openvas.org/nasl.php?oid=902842", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-039.nasl 6473 2017-06-29 06:07:30Z cfischer $\n#\n# Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow an attacker to execute arbitrary code\n with kernel-level privileges. Failed exploit attempts may result in a\n denial of service condition.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Lync 2010\n Microsoft Lync 2010 Attendee\n Microsoft Lync 2010 Attendant\n Microsoft Communicator 2007 R2\";\ntag_insight = \"- An error within the Win32k kernel-mode driver (win32k.sys) when parsing\n TrueType fonts.\n - An error in the t2embed.dll module when parsing TrueType fonts.\n - The client loads libraries in an insecure manner, which can be exploited\n to load arbitrary libraries by tricking a user into opening a '.ocsmeet'\n file located on a remote WebDAV or SMB share.\n - An unspecified error in the 'SafeHTML' API when sanitising HTML code can\n be exploited to execute arbitrary HTML and script code in the user's chat\n session.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms12-039\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.\";\n\nif(description)\n{\n script_id(902842);\n script_version(\"$Revision: 6473 $\");\n script_bugtraq_id(50462, 53335, 53831, 53833);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-1849\", \"CVE-2012-1858\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-29 08:07:30 +0200 (Thu, 29 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-13 11:11:11 +0530 (Wed, 13 Jun 2012)\");\n script_name(\"Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48429\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1027150\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-039\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_lync_detect_win.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Lync/Installed\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\npath = \"\";\noglVer = \"\";\nattVer = \"\";\ncommVer = \"\";\n\n## Check for Microsoft Lync 2010/Communicator 2007 R2\nif(get_kb_item(\"MS/Lync/Ver\"))\n{\n ## Get Installed Path\n path = get_kb_item(\"MS/Lync/path\");\n if(path)\n {\n ## Get Version from communicator.exe\n commVer = fetch_file_version(sysPath:path, file_name:\"communicator.exe\");\n if(commVer)\n {\n if(version_in_range(version:commVer, test_version:\"3.5\", test_version2:\"3.5.6907.252\")||\n version_in_range(version:commVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## For Microsoft Lync 2010 Attendee (admin level install) \n## For Microsoft Lync 2010 Attendee (user level install) \nif(get_kb_item(\"MS/Lync/Attendee/Ver\"))\n{\n ## Get Installed Path\n path = get_kb_item(\"MS/Lync/Attendee/path\");\n if(path)\n {\n ## Get Version from Ogl.dll\n oglVer = fetch_file_version(sysPath:path, file_name:\"Ogl.dll\");\n if(oglVer)\n {\n if(version_in_range(version:oglVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## Check for Microsoft Lync 2010 Attendant\nif(get_kb_item(\"MS/Lync/Attendant/Ver\"))\n{\n ## Get Installed Path\n path = get_kb_item(\"MS/Lync/Attendant/path\");\n if(path)\n {\n ## Get Version from AttendantConsole.exe\n attVer = fetch_file_version(sysPath:path, file_name:\"AttendantConsole.exe\");\n if(attVer)\n {\n if(version_in_range(version:attVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-10T19:55:18", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "openvas", "title": "Microsoft Lync Remote Code Execution Vulnerabilities (2707956)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1858", "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902842", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902842\");\n script_version(\"2020-06-09T10:15:40+0000\");\n script_bugtraq_id(50462, 53335, 53831, 53833);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-1849\", \"CVE-2012-1858\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 10:15:40 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-06-13 11:11:11 +0530 (Wed, 13 Jun 2012)\");\n script_name(\"Microsoft Lync Remote Code Execution Vulnerabilities (2707956)\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027150\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_lync_detect_win.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Lync/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to execute arbitrary code\n with kernel-level privileges. Failed exploit attempts may result in a\n denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Lync 2010\n\n - Microsoft Lync 2010 Attendee\n\n - Microsoft Lync 2010 Attendant\n\n - Microsoft Communicator 2007 R2\");\n\n script_tag(name:\"insight\", value:\"- An error within the Win32k kernel-mode driver (win32k.sys) when parsing\n TrueType fonts.\n\n - An error in the t2embed.dll module when parsing TrueType fonts.\n\n - The client loads libraries in an insecure manner, which can be exploited\n to load arbitrary libraries by tricking a user into opening a '.ocsmeet'\n file located on a remote WebDAV or SMB share.\n\n - An unspecified error in the 'SafeHTML' API when sanitising HTML code can\n be exploited to execute arbitrary HTML and script code in the user's chat\n session.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-039.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(get_kb_item(\"MS/Lync/Ver\"))\n{\n path = get_kb_item(\"MS/Lync/path\");\n if(path)\n {\n commVer = fetch_file_version(sysPath:path, file_name:\"communicator.exe\");\n if(commVer)\n {\n if(version_in_range(version:commVer, test_version:\"3.5\", test_version2:\"3.5.6907.252\")||\n version_in_range(version:commVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n## For Microsoft Lync 2010 Attendee (admin level install)\n## For Microsoft Lync 2010 Attendee (user level install)\nif(get_kb_item(\"MS/Lync/Attendee/Ver\"))\n{\n path = get_kb_item(\"MS/Lync/Attendee/path\");\n if(path)\n {\n oglVer = fetch_file_version(sysPath:path, file_name:\"Ogl.dll\");\n if(oglVer)\n {\n if(version_in_range(version:oglVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\nif(get_kb_item(\"MS/Lync/Attendant/Ver\"))\n{\n path = get_kb_item(\"MS/Lync/Attendant/path\");\n if(path)\n {\n attVer = fetch_file_version(sysPath:path, file_name:\"AttendantConsole.exe\");\n if(attVer)\n {\n if(version_in_range(version:attVer, test_version:\"4.0\", test_version2:\"4.0.7577.4097\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-21T11:35:03", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "openvas", "title": "MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0165", "CVE-2012-0181"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:902832", "href": "http://plugins.openvas.org/nasl.php?oid=902832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-034.nasl 8190 2017-12-20 09:44:30Z cfischer $\n#\n# MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow an attacker to gain escalated privileges\n and execute arbitrary code.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft .NET Framework 4\n Microsoft Silverlight 4 and 5\n Microsoft .NET Framework 3.5.1\n Microsoft Office 2003 Service Pack 3\n Microsoft Office 2007 Service Pack 2\n Microsoft Office 2010 Service Pack 1\n Microsoft .NET Framework 3.0 Service Pack 2\n Microsoft Windows 7 Service Pack 1 and prior\n Microsoft Windows XP Service Pack 3 and prior\n Microsoft Windows 2003 Service Pack 2 and prior\n Microsoft Windows Vista Service Pack 2 and prior\n Microsoft Windows Server 2008 Service Pack 2 and prior\";\ntag_insight = \"Multiple flaws are due to\n - An error exists when parsing TrueType fonts.\n - An error in the t2embed.dll module when parsing TrueType fonts can be\n exploited via a specially crafted TTF file.\n - An error in GDI+ when handling certain records can be exploited via a\n specially crafted EMF image file.\n - An error in win32k.sys related to certain Windows and Messages handling\n can be exploited to execute arbitrary code in the context of another\n process.\n - An error in win32k.sys when handling keyboard layout files can be exploited\n to execute arbitrary code in the context of another process.\n - An error in win32k.sys related to scrollbar calculations can be exploited\n to execute arbitrary code in the context of another process.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms12-034\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\";\n\nif(description)\n{\n script_id(902832);\n script_version(\"$Revision: 8190 $\");\n script_bugtraq_id(50462, 53324, 53326, 53327, 53335, 53347, 53351, 53358,\n 53360, 53363);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-0162\", \"CVE-2012-0164\",\n \"CVE-2012-0165\", \"CVE-2012-0167\", \"CVE-2012-0176\", \"CVE-2012-0180\",\n \"CVE-2012-0181\", \"CVE-2012-1848\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 10:44:30 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-09 09:09:09 +0530 (Wed, 09 May 2012)\");\n script_name(\"MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49120\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49121\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2681578\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1027048\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-034\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\", \"gb_ms_silverlight_detect.nasl\",\n \"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\ninclude(\"host_details.inc\");\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\n## Get Silverlight version from KB\ninfos = get_app_version_and_location( cpe:\"cpe:/a:microsoft:silverlight\" );\nmslVers = infos['version'];\nmslPath = infos['location'];\n\nif( mslVers ) {\n ## Check for Microsoft Silverlight version prior to 4.1.10329\n if( version_is_less( version:mslVers, test_version:\"4.1.10329\" ) ||\n version_in_range( version:mslVers, test_version:\"5.0\", test_version2:\"5.1.10410\" ) ) {\n report = report_fixed_ver( installed_version:mslVers, vulnerable_range:\"< 4.1.10329 and 5.0 - 5.1.10410\", install_path:mslPath );\n security_message( port:0, data:report );\n exit( 0 );\n }\n}\n\n## Get .NET Framework 4.0 Version\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\4.0.30319.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"Path\");\n if(path){\n dllv4 = fetch_file_version(sysPath:path, file_name:\"WPF\\Presentationcore.dll\");\n }\n}\n\n## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7\nif(dllv4 &&\n (version_in_range(version:dllv4, test_version:\"4.0.30319.000\", test_version2:\"4.0.30319.274\") ||\n version_in_range(version:dllv4, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.549\")))\n{\n security_message(0);\n exit(0);\n}\n\n## Get .NET Framework 3.0 Service Pack 2 Version\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Printing.dll\");\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003\nif(dllv3 && (hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4020\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5809\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows Vista and Windows Server 2008\nif(dllv3 && (hotfix_check_sp(winVista:3, win2008:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4212\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5793\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif(dllv3 && (hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.5004\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5800\", test_version2:\"3.0.6920.5808\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5400\", test_version2:\"3.0.6920.5447\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5700\", test_version2:\"3.0.6920.5793\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## MS Office 2007, 2010\nif(get_kb_item(\"MS/Office/Ver\") =~ \"^[12|14].*\")\n{\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\n if(path)\n {\n foreach ver (make_list(\"OFFICE12\", \"OFFICE14\"))\n {\n ## Get Version from Ogl.dll\n offPath = path + \"\\Microsoft Shared\\\" + ver;\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n\n if(dllVer &&\n (version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6117.5000\") ||\n version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6659.4999\")))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## MS Office 2003\nif(get_kb_item(\"MS/Office/Ver\") =~ \"^11.*\")\n{\n offPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\n if(offPath)\n {\n ## Get Version from GDIPLUS.DLL\n offPath = offPath + \"\\Microsoft Office\\OFFICE11\";\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Gdiplus.dll\");\n\n if(dllVer && version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.8344\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\n## Get Version from Win32k.sys file\nsysVer = fetch_file_version(sysPath, file_name:\"system32\\Win32k.sys\");\nif(sysVer)\n{\n ## Windows XP\n if(hotfix_check_sp(xp:4) > 0)\n {\n ## Check for Win32k.sys version before 5.1.2600.6206\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6206\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows 2003, Windows XP x64 and Windows 2003 x64\n else if(hotfix_check_sp(win2003:3, xpx64:3, win2003x64:3) > 0)\n {\n ## Check for Win32k.sys version before 5.2.3790.4980\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4980\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows Vista and Windows Server 2008\n else if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n ## Check for Win32k.sys version\n if(version_is_less(version:sysVer, test_version:\"6.0.6002.18607\") ||\n version_in_range(version:sysVer, test_version:\"6.0.6002.22000\", test_version2:\"6.0.6002.22830\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows 7 and Windows Server 2008 R2\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n ## Check for Win32k.sys version\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16988\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21178\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17802\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21954\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Get Version from Dwrite.dll file\ndllVer = fetch_file_version(sysPath, file_name:\"system32\\Dwrite.dll\");\nif(dllVer)\n{\n ## Windows Vista and Windows Server 2008\n if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n ## Check for Dwrite.dll version\n if(version_is_less(version:dllVer, test_version:\"7.0.6002.18592\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.22806\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Windows 7 and Windows Server 2008 R2\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n ## Check for Dwrite.dll version\n if(version_is_less(version:dllVer, test_version:\"6.1.7600.16972\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21161\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17788\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21934\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-08T14:04:29", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "openvas", "title": "MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0165", "CVE-2012-0181"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310902832", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902832\");\n script_version(\"2020-01-07T09:06:32+0000\");\n script_bugtraq_id(50462, 53324, 53326, 53327, 53335, 53347, 53351, 53358,\n 53360, 53363);\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-0162\", \"CVE-2012-0164\",\n \"CVE-2012-0165\", \"CVE-2012-0167\", \"CVE-2012-0176\", \"CVE-2012-0180\",\n \"CVE-2012-0181\", \"CVE-2012-1848\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 09:06:32 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-05-09 09:09:09 +0530 (Wed, 09 May 2012)\");\n script_name(\"MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2681578\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027048\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\", \"gb_ms_silverlight_detect.nasl\",\n \"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to gain escalated privileges\n and execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft .NET Framework 4\n\n - Microsoft Silverlight 4 and 5\n\n - Microsoft .NET Framework 3.5.1\n\n - Microsoft Office 2003 Service Pack 3\n\n - Microsoft Office 2007 Service Pack 2\n\n - Microsoft Office 2010 Service Pack 1\n\n - Microsoft .NET Framework 3.0 Service Pack 2\n\n - Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows 2003 Service Pack 2 and prior\n\n - Microsoft Windows Vista Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 2 and prior\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - An error exists when parsing TrueType fonts.\n\n - An error in the t2embed.dll module when parsing TrueType fonts can be\n exploited via a specially crafted TTF file.\n\n - An error in GDI+ when handling certain records can be exploited via a\n specially crafted EMF image file.\n\n - An error in win32k.sys related to certain Windows and Messages handling\n can be exploited to execute arbitrary code in the context of another\n process.\n\n - An error in win32k.sys when handling keyboard layout files can be exploited\n to execute arbitrary code in the context of another process.\n\n - An error in win32k.sys related to scrollbar calculations can be exploited\n to execute arbitrary code in the context of another process.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\ninclude(\"host_details.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\nif( infos = get_app_version_and_location( cpe:\"cpe:/a:microsoft:silverlight\", exit_no_version:FALSE ) ) {\n mslVers = infos['version'];\n mslPath = infos['location'];\n\n if( mslVers ) {\n if( version_is_less( version:mslVers, test_version:\"4.1.10329\" ) ||\n version_in_range( version:mslVers, test_version:\"5.0\", test_version2:\"5.1.10410\" ) ) {\n report = report_fixed_ver( installed_version:mslVers, vulnerable_range:\"< 4.1.10329 and 5.0 - 5.1.10410\", install_path:mslPath );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\4.0.30319.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"Path\");\n if(path){\n dllv4 = fetch_file_version(sysPath:path, file_name:\"WPF\\Presentationcore.dll\");\n }\n}\n\n## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7\nif(dllv4 &&\n (version_in_range(version:dllv4, test_version:\"4.0.30319.000\", test_version2:\"4.0.30319.274\") ||\n version_in_range(version:dllv4, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.549\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Printing.dll\");\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003\nif(dllv3 && (hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4020\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5809\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\n## .NET Framework 3.0 Service Pack 2 on Windows Vista and Windows Server 2008\nif(dllv3 && (hotfix_check_sp(winVista:3, win2008:3) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.4212\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5000\", test_version2:\"3.0.6920.5793\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif(dllv3 && (hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0))\n{\n if(version_in_range(version:dllv3, test_version:\"3.0.6920.4000\", test_version2:\"3.0.6920.5004\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5800\", test_version2:\"3.0.6920.5808\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5400\", test_version2:\"3.0.6920.5447\") ||\n version_in_range(version:dllv3, test_version:\"3.0.6920.5700\", test_version2:\"3.0.6920.5793\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nofficeVer = get_kb_item(\"MS/Office/Ver\");\n\n## MS Office 2007, 2010\nif(officeVer && officeVer =~ \"^1[24]\\.\")\n{\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"CommonFilesDir\");\n if(path)\n {\n foreach ver (make_list(\"OFFICE12\", \"OFFICE14\"))\n {\n offPath = path + \"\\Microsoft Shared\\\" + ver;\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Ogl.dll\");\n\n if(dllVer &&\n (version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.6117.5000\") ||\n version_in_range(version:dllVer, test_version:\"12.0\", test_version2:\"12.0.6659.4999\")))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n## MS Office 2003\nif(officeVer && officeVer =~ \"^11\\.\")\n{\n offPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"ProgramFilesDir\");\n if(offPath)\n {\n offPath = offPath + \"\\Microsoft Office\\OFFICE11\";\n dllVer = fetch_file_version(sysPath:offPath, file_name:\"Gdiplus.dll\");\n\n if(dllVer && version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.8344\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Win32k.sys\");\nif(sysVer)\n{\n if(hotfix_check_sp(xp:4) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6206\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(win2003:3, xpx64:3, win2003x64:3) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4980\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"6.0.6002.18607\") ||\n version_in_range(version:sysVer, test_version:\"6.0.6002.22000\", test_version2:\"6.0.6002.22830\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16988\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21178\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17802\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21954\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Dwrite.dll\");\nif(dllVer)\n{\n if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n {\n if(version_is_less(version:dllVer, test_version:\"7.0.6002.18592\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.22806\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n else if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n {\n if(version_is_less(version:dllVer, test_version:\"6.1.7600.16972\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21161\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17788\")||\n version_in_range(version:dllVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21934\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-06-05T15:45:40", "description": "### *Detect date*:\n05/08/2012\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Microsoft Silverlight. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed font data.\n\n### *Affected products*:\nMicrosoft Silverlight 4 earlier than 4.1.10329 \nMicrosoft Silverlight 5 earlier than 5.1.10411\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS12-034](<https://technet.microsoft.com/library/security/ms12-034>) \n[CVE-2011-3402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2011-3402>) \n[CVE-2012-0159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2012-0159>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Silverlight](<https://threats.kaspersky.com/en/product/Microsoft-Silverlight/>)\n\n### *CVE-IDS*:\n[CVE-2011-3402](<https://vulners.com/cve/CVE-2011-3402>)9.3Critical \n[CVE-2012-0159](<https://vulners.com/cve/CVE-2012-0159>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[2690729](<http://support.microsoft.com/kb/2690729>) \n[2636927](<http://support.microsoft.com/kb/2636927>)\n\n### *Exploitation*:\nThis vulnerability can be exploited by the following malware:", "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "kaspersky", "title": "KLA10544 Code execution vulnerabilities in Microsoft Silverlight", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "modified": "2021-04-22T00:00:00", "id": "KLA10544", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10544/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:23:24", "description": "The version of Microsoft Silverlight installed on the remote host is reportedly affected by several vulnerabilities :\n\n - Incorrect handling of TrueType font (TTF) files could lead to arbitrary code execution. (CVE-2011-3402 / CVE-2012-0159)\n\n - A double-free condition leading to arbitrary code execution could be triggered when rendering specially crafted XAML glyphs. (CVE-2012-0176)", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "nessus", "title": "MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159", "CVE-2012-0176"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:microsoft:silverlight"], "id": "MACOSX_MS12-034.NASL", "href": "https://www.tenable.com/plugins/nessus/59045", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59045);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-0176\");\n script_bugtraq_id(50462, 53335, 53360);\n script_xref(name:\"MSFT\", value:\"MS12-034\");\n script_xref(name:\"MSKB\", value:\"2690729\");\n script_xref(name:\"MSKB\", value:\"2636927\");\n script_xref(name:\"IAVA\", value:\"2012-A-0079\");\n\n script_name(english:\"MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) (Mac OS X)\");\n script_summary(english:\"Checks version of Microsoft Silverlight\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A multimedia application framework installed on the remote Mac OS X\nhost is affected by a remote code execution vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Microsoft Silverlight installed on the remote host\nis reportedly affected by several vulnerabilities :\n\n - Incorrect handling of TrueType font (TTF) files could\n lead to arbitrary code execution. (CVE-2011-3402 /\n CVE-2012-0159)\n\n - A double-free condition leading to arbitrary code\n execution could be triggered when rendering specially\n crafted XAML glyphs. (CVE-2012-0176)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms12-034\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released patches for Silverlight 4 and 5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:silverlight\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_silverlight_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Silverlight/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"MacOSX/Silverlight\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\n\n\nbulletin = \"MS12-034\";\nfixed_version = \"\";\n\n# nb: Multiple installs of Silverlight are not possible.\nif (version =~ \"^4\\.\")\n{\n fixed_version = \"4.1.10329.0\";\n kb = \"2690729\";\n}\nelse if (version =~ \"^5\\.\")\n{\n fixed_version = \"5.1.10411.0\";\n kb = \"2636927\";\n}\n\nif (fixed_version && ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)\n{\n if (defined_func(\"report_xml_tag\")) report_xml_tag(tag:bulletin, value:kb);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : '+fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The Microsoft Silverlight \"+version+\" install is not reported to be affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:53", "description": "The remote Windows host is potentially affected by the following vulnerabilities :\n\n - Multiple code execution vulnerabilities exist in the handling of specially crafted TrueType font files.\n (CVE-2011-3402, CVE-2012-0159)\n\n - An insecure library loading vulnerability exists in the way that Microsoft Lync handles the loading of DLL files. (CVE-2012-1849)\n\n - An HTML sanitization vulnerability exists in the way that HTML is filtered. (CVE-2012-1858)", "cvss3": {}, "published": "2012-06-13T00:00:00", "type": "nessus", "title": "MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159", "CVE-2012-1849", "CVE-2012-1858"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:microsoft:office_communicator", "cpe:/a:microsoft:lync"], "id": "SMB_NT_MS12-039.NASL", "href": "https://www.tenable.com/plugins/nessus/59457", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59457);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\", \"CVE-2012-1849\", \"CVE-2012-1858\");\n script_bugtraq_id(50462, 53335, 53831, 53842);\n script_xref(name:\"EDB-ID\", value:\"19777\");\n script_xref(name:\"MSFT\", value:\"MS12-039\");\n script_xref(name:\"MSKB\", value:\"2693282\");\n script_xref(name:\"MSKB\", value:\"2693283\");\n script_xref(name:\"MSKB\", value:\"2696031\");\n script_xref(name:\"MSKB\", value:\"2702444\");\n script_xref(name:\"MSKB\", value:\"2708980\");\n\n script_name(english:\"MS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)\");\n script_summary(english:\"Checks version of multiple files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host through Microsoft\nLync.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is potentially affected by the following\nvulnerabilities :\n\n - Multiple code execution vulnerabilities exist in the\n handling of specially crafted TrueType font files.\n (CVE-2011-3402, CVE-2012-0159)\n\n - An insecure library loading vulnerability exists in the\n way that Microsoft Lync handles the loading of DLL\n files. (CVE-2012-1849)\n\n - An HTML sanitization vulnerability exists in the way\n that HTML is filtered. (CVE-2012-1858)\");\n # http://blog.watchfire.com/wfblog/2012/07/tostatichtml-the-second-encounter-cve-2012-1858-html-sanitizing-information-disclosure-introduction-t.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c7d49512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-129/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Aug/58\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-039\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Lync 2010, Lync 2010\nAttendee, Lync 2010 Attendant, and Communicator 2007 R2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_communicator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:lync\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin;\n\nfunction get_user_dirs()\n{\n local_var appdir, dirpat, domain, hklm, iter, lcpath, login, pass;\n local_var path, paths, pdir, port, rc, root, share, user, ver;\n\n paths = make_list();\n\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n pdir = get_registry_value(handle:hklm, item:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory\");\n if (pdir && stridx(tolower(pdir), \"%systemdrive%\") == 0)\n {\n root = get_registry_value(handle:hklm, item:\"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRoot\");\n if (!isnull(root))\n {\n share = ereg_replace(string:root, pattern:\"^([A-Za-z]):.*\", replace:\"\\1:\");\n pdir = share + substr(pdir, strlen(\"%systemdrive%\"));\n }\n }\n RegCloseKey(handle:hklm);\n close_registry(close:FALSE);\n\n if (!pdir)\n return NULL;\n\n ver = get_kb_item(\"SMB/WindowsVersion\");\n\n share = ereg_replace(string:pdir, pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\");\n dirpat = ereg_replace(string:pdir, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\*\");\n\n port = kb_smb_transport();\n if (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n login = kb_smb_login();\n pass = kb_smb_password();\n domain = kb_smb_domain();\n\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\n if (rc != 1)\n {\n NetUseDel(close:FALSE);\n return NULL;\n }\n\n # 2000 / XP / 2003\n if (ver < 6)\n appdir += \"\\Local Settings\\Application Data\";\n # Vista / 7 / 2008\n else\n appdir += \"\\AppData\\Local\";\n\n paths = make_array();\n iter = FindFirstFile(pattern:dirpat);\n while (!isnull(iter[1]))\n {\n user = iter[1];\n iter = FindNextFile(handle:iter);\n\n if (user == \".\" || user == \"..\")\n continue;\n\n path = pdir + \"\\\" + user + appdir;\n\n lcpath = tolower(path);\n if (isnull(paths[lcpath]))\n paths[lcpath] = path;\n }\n\n NetUseDel(close:FALSE);\n\n return paths;\n}\n\nfunction check_vuln(file, fix, kb, key, min, paths)\n{\n local_var base, hklm, path, result, rc, share;\n\n if (!isnull(key))\n {\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n base = get_registry_value(handle:hklm, item:key);\n RegCloseKey(handle:hklm);\n close_registry(close:FALSE);\n\n if (isnull(base))\n return FALSE;\n }\n\n if (isnull(paths))\n paths = make_list(\"\");\n\n result = FALSE;\n foreach path (paths)\n {\n path = base + path;\n\n share = ereg_replace(string:path, pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\");\n if (!is_accessible_share(share:share))\n continue;\n\n rc = hotfix_check_fversion(file:file, version:fix, min_version:min, path:path, bulletin:bulletin, kb:kb);\n\n if (rc == HCF_OLDER)\n result = TRUE;\n }\n\n return result;\n}\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS12-039\";\nkbs = make_list(\"2693282\", \"2693283\", \"2696031\", \"2702444\", \"2708980\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# Add an extra node to the registry key if needed.\narch = get_kb_item_or_exit(\"SMB/ARCH\", exit_code:1);\nif (arch == \"x64\")\n extra = \"\\Wow6432Node\";\n\n######################################################################\n# Microsoft Communicator 2007 R2\n######################################################################\nvuln = check_vuln(\n key : \"SOFTWARE\\Microsoft\\Communicator\\InstallationDirectory\",\n file : \"Communicator.exe\",\n min : \"3.5.0.0\",\n fix : \"3.5.6907.253\",\n kb : \"2708980\"\n);\n\n######################################################################\n# Microsoft Lync 2010\n######################################################################\nif (!vuln)\n{\n vuln = check_vuln(\n key : \"SOFTWARE\" + extra + \"\\Microsoft\\Communicator\\InstallationDirectory\",\n file : \"Communicator.exe\",\n min : \"4.0.0.0\",\n fix : \"4.0.7577.4098\",\n kb : \"2693282\"\n );\n}\n\n######################################################################\n# Microsoft Lync 2010 Attendant\n######################################################################\nvuln = check_vuln(\n key : \"SOFTWARE\" + extra + \"\\Microsoft\\Attendant\\InstallationDirectory\",\n file : \"AttendantConsole.exe\",\n min : \"4.0.0.0\",\n fix : \"4.0.7577.4098\",\n kb : \"2702444\"\n) || vuln;\n\n######################################################################\n# Microsoft Lync 2010 Attendee (admin-level install)\n######################################################################\nvuln = check_vuln(\n key : \"SOFTWARE\\Microsoft\\AttendeeCommunicator\\InstallationDirectory\",\n file : \"CURes.dll\",\n min : \"4.0.0.0\",\n fix : \"4.0.7577.4098\",\n kb : \"2696031\"\n) || vuln;\n\n######################################################################\n# Microsoft Lync 2010 Attendee (user-level install)\n######################################################################\npaths = get_user_dirs();\n\nif (!isnull(paths))\n{\n vuln = check_vuln(\n paths : paths,\n file : \"\\Microsoft Lync Attendee\\System.dll\",\n min : \"4.0.0.0\",\n fix : \"4.0.60831.0\",\n kb : \"2693283\"\n ) || vuln;\n}\n\n# Disconnect from registry.\nclose_registry();\n\nif (vuln)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n set_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\n hotfix_security_hole();\n\n hotfix_check_fversion_end();\n exit(0);\n}\n\nhotfix_check_fversion_end();\nexit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:24", "description": "The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data.\n (CVE-2011-3402)\n\n - A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159)\n\n - A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162)\n\n - A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.\n (CVE-2012-0164)\n\n - A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165)\n\n - A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167)\n\n - A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176)\n\n - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.\n (CVE-2012-0180)\n\n - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181)\n\n - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848)", "cvss3": {}, "published": "2012-05-09T00:00:00", "type": "nessus", "title": "MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0165", "CVE-2012-0167", "CVE-2012-0176", "CVE-2012-0180", "CVE-2012-0181", "CVE-2012-1848"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:office", "cpe:/a:microsoft:silverlight", "cpe:/a:microsoft:.net_framework"], "id": "SMB_NT_MS12-034.NASL", "href": "https://www.tenable.com/plugins/nessus/59042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59042);\n script_version(\"1.49\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2011-3402\",\n \"CVE-2012-0159\",\n \"CVE-2012-0162\",\n \"CVE-2012-0164\",\n \"CVE-2012-0165\",\n \"CVE-2012-0167\",\n \"CVE-2012-0176\",\n \"CVE-2012-0180\",\n \"CVE-2012-0181\",\n \"CVE-2012-1848\"\n );\n script_bugtraq_id(\n 50462,\n 53324,\n 53326,\n 53327,\n 53335,\n 53347,\n 53351,\n 53358,\n 53360,\n 53363\n );\n script_xref(name:\"MSFT\", value:\"MS12-034\");\n script_xref(name:\"IAVA\", value:\"2012-A-0079\");\n script_xref(name:\"EDB-ID\", value:\"18894\");\n script_xref(name:\"ZDI\", value:\"ZDI-12-131\");\n script_xref(name:\"MSKB\", value:\"2589337\");\n script_xref(name:\"MSKB\", value:\"2596672\");\n script_xref(name:\"MSKB\", value:\"2596792\");\n script_xref(name:\"MSKB\", value:\"2598253\");\n script_xref(name:\"MSKB\", value:\"2636927\");\n script_xref(name:\"MSKB\", value:\"2656405\");\n script_xref(name:\"MSKB\", value:\"2656407\");\n script_xref(name:\"MSKB\", value:\"2656409\");\n script_xref(name:\"MSKB\", value:\"2656410\");\n script_xref(name:\"MSKB\", value:\"2656411\");\n script_xref(name:\"MSKB\", value:\"2658846\");\n script_xref(name:\"MSKB\", value:\"2659262\");\n script_xref(name:\"MSKB\", value:\"2660649\");\n script_xref(name:\"MSKB\", value:\"2676562\");\n script_xref(name:\"MSKB\", value:\"2686509\");\n script_xref(name:\"MSKB\", value:\"2690729\");\n\n script_name(english:\"MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)\");\n script_summary(english:\"Checks the version of multiple files.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - A flaw exists in the Win32k TrueType font parsing engine\n that allows an unauthenticated, remote attacker to\n execute arbitrary code by convincing a user to open a\n Word document containing malicious font data.\n (CVE-2011-3402)\n\n - A flaw exists in the t2embed.dll module when parsing\n TrueType fonts. An unauthenticated, remote attacker can\n exploit this, via a crafted TTF file, to execute\n arbitrary code. (CVE-2012-0159)\n\n - A flaw exists in the .NET Framework due to a buffer\n allocation error when handling an XBAP or .NET\n application. An unauthenticated, remote attacker can\n exploit this, via a specially crafted application, to\n execute arbitrary code. (CVE-2012-0162)\n\n - A flaw exists in the .NET Framework due to an error\n when comparing the value of an index in a WPF\n application. An unauthenticated, remote attacker can\n exploit this to cause a denial of service condition.\n (CVE-2012-0164)\n\n - A flaw exists in GDI+ when handling specially crafted\n EMF images that allows an unauthenticated, remote\n attacker to execute arbitrary code. (CVE-2012-0165)\n\n - A heap buffer overflow condition exists in Microsoft\n Office in the GDI+ library when handling EMF images\n embedded in an Office document. An unauthenticated,\n remote attacker can exploit this to execute arbitrary\n code by convincing a user to open a specially crafted\n document. (CVE-2012-0167)\n\n - A double-free error exists in agcore.dll when rendering\n XAML strings containing Hebrew Unicode glyphs of certain\n values. An unauthenticated, remote attacker can exploit\n this to execute arbitrary code by convincing a user to\n visit a specially crafted web page. (CVE-2012-0176)\n\n - A privilege escalation vulnerability exists in the\n way the Windows kernel-mode driver manages the functions\n related to Windows and Messages handling. A local\n attacker can exploit this, via a specially crafted\n application, to gain elevated privileges.\n (CVE-2012-0180)\n\n - A privilege escalation vulnerability exists in the way\n the Windows kernel-mode driver manages Keyboard Layout\n files. A local attacker can exploit this, via a\n specially crafted application, to gain elevated\n privileges. (CVE-2012-0181)\n\n - A privilege escalation vulnerability exists in the way\n the Windows kernel-mode driver manages scrollbar\n calculations. A local attacker can exploit this, via a\n specially crafted application, to gain elevated\n privileges. (CVE-2012-1848)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-12-131/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2012/Aug/60\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-034\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows XP, 2003, Vista,\n2008, 7, 2008 R2; Office 2003, 2007, and 2010; .NET Framework 3.0,\n3.5.1, and 4.0; and Silverlight 4 and 5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:silverlight\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\n \"smb_hotfixes.nasl\",\n \"office_installed.nasl\",\n \"silverlight_detect.nasl\",\n \"ms_bulletin_checks_possible.nasl\"\n );\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS12-034';\nkbs = make_list(\n '2589337',\n '2596672',\n '2596672',\n '2596792',\n '2598253',\n '2636927',\n '2656405',\n '2656407',\n '2656409',\n '2656410',\n '2656411',\n '2658846',\n '2659262',\n '2660649',\n '2676562',\n '2686509',\n '2690729'\n);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nvuln = 0;\n\n#######################\n# KB2686509 #\n#######################\nwinver = get_kb_item('SMB/WindowsVersion');\nspver = get_kb_item('SMB/CSDVersion');\nprodname = get_kb_item('SMB/ProductName');\nif (spver)\n spver = int(ereg_replace(string:spver, pattern:'.*Service Pack ([0-9]).*', replace:\"\\1\"));\nif (\n winver && spver && prodname &&\n ((winver == '5.2' && spver == 2) ||\n (winver == '5.1' && spver == 3))\n)\n{\n if (winver == '5.2' && spver == 2 && 'XP' >< prodname)\n reg_name = \"SOFTWARE\\Microsoft\\Updates\\Windows XP Version 2003\\SP3\\KB2686509\\Description\";\n else if (winver == '5.2' && spver == 2)\n reg_name = \"SOFTWARE\\Microsoft\\Updates\\Windows Server 2003\\SP3\\KB2686509\\Description\";\n else if (winver == '5.1' && spver == 3)\n reg_name = \"SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP4\\KB2686509\\Description\";\n\n registry_init();\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n desc = get_registry_value(handle:hklm, item:reg_name);\n RegCloseKey(handle:hklm);\n close_registry();\n\n if (isnull(desc))\n {\n hotfix_add_report(' According to the registry, KB2686509 is missing.\\n', bulletin:bulletin, kb:\"2686509\");\n vuln++;\n }\n}\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\npath = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1$\", string:rootfile);\n\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\nhcf_init = TRUE;\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\noffice_versions = hotfix_check_office_version();\ncdir = hotfix_get_commonfilesdir();\n\n################################################################\n# Office Checks #\n################################################################\n\n#############################\n# Office 2003 SP3 KB2598253 #\n#############################\nif (office_versions[\"11.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2003/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n path = hotfix_get_officeprogramfilesdir(officever:'11.0') + \"\\Microsoft Office\\Office11\";\n\n if (hotfix_is_vulnerable(file:\"Gdiplus.dll\", version:\"11.0.8345.0\", min_version:\"11.0.0.0\", path:path, bulletin:bulletin, kb:'2598253'))\n vuln++;\n }\n}\n\n#############################\n# Office 2007 SP2 #\n# KB2596672, KB2596792 #\n#############################\nif (office_versions[\"12.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && (office_sp == 2 || office_sp == 3))\n {\n path = cdir + \"\\Microsoft Shared\\Office12\";\n if (hotfix_is_vulnerable(file:\"Ogl.dll\", version:\"12.0.6659.5000\", path:path, bulletin:bulletin, kb:'2596672'))\n vuln++;\n\n path = cdir + \"\\Microsoft SHared\\MODI\\12.0\";\n if (hotfix_is_vulnerable(file:\"Mspcore.dll\", version:\"12.0.6658.5001\", path:path, bulletin:bulletin, kb:'2596792'))\n vuln++;\n }\n}\n\n#############################\n# Office 2010 KB2589337 #\n#############################\nif (office_versions[\"14.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && (office_sp == 0 || office_sp == 1))\n {\n path = cdir + \"\\Microsoft Shared\\Office14\";\n if (hotfix_is_vulnerable(file:\"Ogl.dll\", version:\"14.0.6117.5001\", path:path, bulletin:bulletin, kb:'2589337'))\n vuln++;\n }\n}\n\n# Silverlight 4.x / 5.x\nslfix = NULL;\nslkb = NULL;\nver = get_kb_item(\"SMB/Silverlight/Version\");\nif (ver =~ '^4\\\\.' && ver_compare(ver:ver, fix:'4.1.10329.0') == -1)\n{\n slfix = '4.1.10329';\n slkb = '2690729';\n}\nelse if (ver =~ '^5\\\\.' && ver_compare(ver:ver, fix:'5.1.10411.0') == -1)\n{\n slfix = '5.1.10411';\n slkb = '2636927';\n}\nif (slfix)\n{\n path = get_kb_item(\"SMB/Silverlight/Path\");\n report +=\n '\\n Product : Microsoft Silverlight' +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + slfix + '\\n';\n hotfix_add_report(report, bulletin:bulletin, kb:slkb);\n vuln++;\n}\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0)\n{\n if (vuln > 0)\n {\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n }\n else audit(AUDIT_OS_SP_NOT_VULN);\n}\n\nif (!is_accessible_share()) exit(1, \"is_accessible_share() failed.\");\n################################################################\n# .NET Framework Checks #\n################################################################\n\n\nnet3path = hotfix_get_programfilesdir() + \"\\Reference Assemblies\\Microsoft\\Framework\\v3.0\";\nif (!isnull(net3path))\n{\n # .NET Framework 3.0 on Windows XP / Windows Server 2003\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"3.0.6920.4021\", min_version:\"3.0.6920.0\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"3.0.6920.5810\", min_version:\"3.0.6920.5700\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"3.0.6920.4021\", min_version:\"3.0.6920.0\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"3.0.6920.5810\", min_version:\"3.0.6920.5700\", dir:net3path);\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656407\");\n vuln += missing;\n\n # .NET Framework 3.0 on Windows Vista / Windows Server 2008\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"3.0.6920.4213\", min_version:\"3.0.6920.0\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"3.0.6920.5794\", min_version:\"3.0.6920.5700\", dir:net3path);\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656409\");\n vuln += missing;\n\n # .NET Framework 3.5.1 on Windows 7 / Server 2008 R2\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"PresentationCore.dll\", version:\"3.0.6920.5809\", min_version:\"3.0.6920.5700\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"PresentationCore.dll\", version:\"3.0.6920.5005\", min_version:\"3.0.6920.5000\", dir:net3path);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656410\");\n vuln += missing;\n\n # .NET Framework 3.5.1 on Windows 7 SP1 / Server 2008 R2 SP1\n missing = 0;\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"PresentationCore.dll\", version:\"3.0.6920.5794\", min_version:\"3.0.6920.5700\", dir:net3path);\n missing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"PresentationCore.dll\", version:\"3.0.6920.5448\", min_version:\"3.0.6920.5000\", dir:net3path);\n\n if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2633873\");\n vuln += missing;\n}\n# .NET Framework 4.0 on all supported versions of Windows\nmissing = 0;\nmissing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"5.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"5.2\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.275\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", file:\"PresentationCore.dll\", version:\"4.0.30319.550\", min_version:\"4.0.30319.400\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\");\n\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:\"2656405\");\nvuln += missing;\n\n################################################################\n# Windows Checks #\n################################################################\n\n#######################\n# KB2676562 #\n#######################\nmissing = 0;\n# Windows 7 / 2008 R2\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.21955\", min_version:\"6.1.7601.21000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.17803\", min_version:\"6.1.7601.17000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.21179\", min_version:\"6.1.7600.20000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.16988\", min_version:\"6.1.7600.16000\", dir:\"\\system32\");\n\n# Windows Vista / 2008\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.22831\", min_version:\"6.0.6002.22000\", dir:\"\\system32\");\nmissing += hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.18607\", min_version:\"6.0.6002.18000\", dir:\"\\system32\");\n\n# Windows 2003 / XP 64-bit\nmissing += hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Win32k.sys\", version:\"5.2.3790.4980\", dir:\"\\system32\");\n\n# Windows XP 32-bit\nmissing += hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Win32k.sys\", version:\"5.1.2600.6206\", dir:\"\\system32\");\nif (missing > 0) hotfix_add_report(bulletin:bulletin, kb:'2676562');\nvuln+= missing;\n\n################################\n# WinSxS Checks #\n################################\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:rootfile);\n\n#######################\n# KB2659262 #\n#######################\nkb = '2659262';\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft.windows.gdiplus', file_pat:'^gdiplus\\\\.dll$');\n\n# Windows XP / 2003\nvuln += hotfix_check_winsxs(os:'5.1', sp:3, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb);\nvuln += hotfix_check_winsxs(os:'5.2', sp:2, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb);\n\n# Windows Vista / 2008\nversions = make_list('5.2.6002.18581', '5.2.6002.22795', '6.0.6002.18581', '6.0.6002.22795');\nmax_versions = make_list('5.2.6002.20000', '5.2.6002.99999', '6.0.6002.20000', '6.0.6002.99999');\nvuln += hotfix_check_winsxs(os:'6.0', sp:2, files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb);\n\n# Windows 7 / 2008 R2\nversions = make_list('5.2.7600.17007', '5.2.7600.21198', '5.2.7601.17825', '5.2.7601.21977', '6.1.7600.17007', '6.1.7600.21198', '6.1.7601.17825', '6.1.7601.21977');\nmax_versions = make_list('5.2.7600.20000', '5.2.7600.99999', '5.2.7601.20000', '5.2.7601.99999', '6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', '6.1.7601.99999');\nvuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb);\n\n#######################\n# KB2658846 #\n#######################\nkb = '2658846';\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft-windows-directwrite', file_pat:'^Dwrite\\\\.dll$');\n\n# Windows Vista / Windows Server 2008\nvuln += hotfix_check_winsxs(os:'6.0', files:files, versions:make_list('7.0.6002.18592', '7.0.6002.22807'), max_versions:make_list('7.0.6002.20000', '7.0.6002.99999'), bulletin:bulletin, kb:kb);\n\n# Windows 7 2008 R2\nversions = make_list('6.1.7600.16972', '6.1.7600.21162', '6.1.7601.17789', '6.1.7601.21935');\nmax_versions = make_list('6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', '');\nvuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb);\n\n#######################\n# KB2660649 #\n#######################\nkb = '2660649';\n\n# Windows XP / Windows Server 2003\n#(hotfix_check_sp(xp:4, win2003:3) > 0 && (version_cmp(a:ver, b:'1.7.2600.6189') >= 0)) ||\n\nbase_path = hotfix_get_programfilesdir();\nif (!base_path) base_path = hotfix_get_programfilesdirx86();\n\nif (!base_path) audit(AUDIT_PATH_NOT_DETERMINED, \"Common Files\");\n\nfull_path = hotfix_append_path(path:base_path, value:\"\\windows journal\");\n\nif (\n # Vista\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"jnwdrv.dll\", version:\"0.3.6002.22789\", min_version:\"0.3.6002.20000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"jnwdrv.dll\", version:\"0.3.6002.18579\", min_version:\"0.3.6002.18000\", path:full_path, bulletin:bulletin, kb:kb) ||\n\n # Windows 7\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7601.21955\", min_version:\"0.3.7601.18000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7601.17803\", min_version:\"0.3.7601.16000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7600.21179\", min_version:\"0.3.7600.18000\", path:full_path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"jnwdrv.dll\", version:\"0.3.7600.16988\", min_version:\"0.3.7600.16000\", path:full_path, bulletin:bulletin, kb:kb)\n)\n vuln += 1;\nhotfix_check_fversion_end();\n#######################\n# Report #\n#######################\nif (vuln > 0)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2021-01-01T22:47:17", "description": "<html><body><p>Resolves a vulnerability in the .NET Framework and Silverlight that could allow remote code execution on a client system if a user views a specially crafted webpage by using a web browser that can run Silverlight applications or XAML Browser Applications (XBAPs).</p><h2>Introduction</h2><div class=\"kb-summary-section section\">Microsoft has released the security bulletin MS12-034. You can view the complete security bulletin by visiting one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<br/><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201205.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201205.aspx</a></li><li>IT professionals:<br/><a href=\"http://technet.microsoft.com/security/bulletin/ms12-034\" id=\"kb-link-2\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS12-034</a></li></ul></div><h2></h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-3\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-4\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-5\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-6\" target=\"_self\">International Support</a></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Additional information about this update</h4>The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as download URL, prerequisites and command line switches. <br/><br/><br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2656405\" id=\"kb-link-7\">2656405 </a> MS12-034: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656407\" id=\"kb-link-8\">2656407 </a> MS12-034: Description of the Security Update for the .NET Framework 3.0 Service Pack 2 on Windows XP and Windows Server 2003: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656409\" id=\"kb-link-9\">2656409 </a> MS12-034: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656410\" id=\"kb-link-10\">2656410 </a> MS12-034: Description of the security update for the .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2656411\" id=\"kb-link-11\">2656411 </a> MS12-034: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2659262\" id=\"kb-link-12\">2659262 </a> MS12-034: Description of the security update for Windows GDI+: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2690729\" id=\"kb-link-13\">2690729 </a> MS12-034: Description of the security update for Silverlight 4: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2636927\" id=\"kb-link-14\">2636927 </a> MS12-034: Description of the security update for Silverlight 5: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2589337\" id=\"kb-link-15\">2589337 </a> MS12-034: Description of the security update for Office 2010: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2598253\" id=\"kb-link-16\">2598253 </a> MS12-034: Description of the security update for Office 2003 Service Pack 3: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596792\" id=\"kb-link-17\">2596792 </a> MS12-034: Description of the security update for the 2007 Office suite: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2596672\" id=\"kb-link-18\">2596672 </a> MS12-034: Description of the security update for the 2007 Office suite: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2676562\" id=\"kb-link-19\">2676562 </a> MS12-034: Description of the security update for Windows kernel-mode drivers: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2660649\" id=\"kb-link-20\">2660649 </a> MS12-034: Description of the security update for Windows Journal: May 8, 2012</li><li><a href=\"https://support.microsoft.com/en-us/help/2658846\" id=\"kb-link-21\">2658846 </a> MS12-034: Description of the security update for DirectWrite in Windows: May 8, 2012<br/><br/><br/><span class=\"text-base\">Note</span> Security update 2658846 will only be offered to systems on which the affected component (DirectWrite) is installed. <br/><br/><br/></li><li><a href=\"https://support.microsoft.com/en-us/help/2686509\" id=\"kb-link-22\">2686509 </a> MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003: May 8, 2012<br/><br/><br/>Known issues in security update 2686509:<br/><ul class=\"sbody-free_list\"><li>In some scenarios, the %windir%\\FaultyKeyboard.log file might not have been created on your computer. </li></ul></li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"><h4 class=\"sbody-h4\">Update replacement information</h4>Update replacement information for each specific update can be found in the Knowledge Base articles that correspond to this update.</div><h2></h2><div class=\"kb-notice-section section\"><h3 class=\"sbody-h3\">Applies to</h3>This article applies to the following:<ul class=\"sbody-free_list\"><li>Microsoft Silverlight 5</li><li>Microsoft Silverlight 4</li><li>Microsoft .NET Framework 4 when used with:<ul class=\"sbody-free_list\"><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Microsoft Windows XP Service Pack 3</li><li>Microsoft Windows Server 2003 Service Pack 2</li></ul></li><li>Microsoft .NET Framework 3.5.1 when used with:<ul class=\"sbody-free_list\"><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li></ul></li><li>Microsoft .NET Framework 3.0 Service Pack 2 when used with:<ul class=\"sbody-free_list\"><li>Microsoft Windows XP Service Pack 3</li><li>Microsoft Windows Server 2003 Service Pack 2</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li></ul></li><li>Microsoft Office 2010</li><li>2007 Microsoft Office suite</li><li>Microsoft Office 2003 Service Pack 3</li><li>Windows 7</li><li>Windows 7 Service Pack 1</li><li>Windows Server 2008 R2</li><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows Vista Service Pack 2</li><li>Windows Server 2008 Service Pack 2</li><li>Windows XP Service Pack 3</li><li>Windows Server 2003 Service Pack 2</li></ul></div></body></html>", "edition": 2, "cvss3": {}, "published": "2012-05-08T00:00:00", "type": "mskb", "title": "MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight: May 8, 2012", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402", "CVE-2012-1848", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0180", "CVE-2012-0176", "CVE-2012-0167", "CVE-2012-0159", "CVE-2012-0165", "CVE-2012-0181"], "modified": "2012-09-13T00:45:24", "id": "KB2681578", "href": "https://support.microsoft.com/en-us/help/2681578/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}