Microsoft Internet Explorer CVE-2013-1310 Use-After-Free Remote Code Execution Vulnerability
2013-05-14T00:00:00
ID SMNTC-59751 Type symantec Reporter Symantec Security Response Modified 2013-05-14T00:00:00
Description
Description
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Internet Explorer 6 and 7 are vulnerable.
Technologies Affected
Avaya Aura Conferencing Standard
Avaya CallPilot
Avaya Communication Server 1000 Telephony Manager
Avaya Meeting Exchange - Client Registration Server
Avaya Meeting Exchange - Recording Server
Avaya Meeting Exchange - Streaming Server
Avaya Meeting Exchange - Web Conferencing Server
Avaya Meeting Exchange - Webportal
Avaya Messaging Application Server
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 7.0
Recommendations
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Implement multiple redundant layers of security.
Memory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.
Updates are available. Please see the references or vendor advisory for more information.
{"published": "2013-05-14T00:00:00", "id": "SMNTC-59751", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [{"differentElements": ["description", "href", "affectedSoftware"], "edition": 1, "lastseen": "2016-09-04T11:41:46", "bulletin": {"published": "2013-05-14T00:00:00", "href": "https://www.symantec.com/security_response/vulnerability.jsp?bid=59751", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "reporter": "Symantec Security Response", "history": [], "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Internet Explorer 6 and 7 are vulnerable. \n\n### Technologies Affected\n\n * Avaya Aura Conferencing Standard\n * Avaya CallPilot\n * Avaya Communication Server 1000 Telephony Manager\n * Avaya Meeting Exchange - Client Registration Server\n * Avaya Meeting Exchange - Recording Server\n * Avaya Meeting Exchange - Streaming Server\n * Avaya Meeting Exchange - Web Conferencing Server\n * Avaya Meeting Exchange - Webportal\n * Avaya Messaging Application Server\n * Microsoft Internet Explorer 6.0\n * Microsoft Internet Explorer 7.0\n\n### Recommendations\n\n#### Run all software as a nonprivileged user with minimal access rights.\n\nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n#### Deploy network intrusion detection systems to monitor network traffic for malicious activity.\n\nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n#### Do not follow links provided by unknown or untrusted sources.\n\nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n#### Implement multiple redundant layers of security.\n\nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities. \n\nUpdates are available. Please see the references or vendor advisory for more information. \n", "bulletinFamily": "software", "viewCount": 0, "cvelist": ["CVE-2013-1310"], "affectedSoftware": [{"version": "6.0", "name": "Microsoft Internet Explorer", "operator": "eq"}, {"version": "any", "name": "Avaya Aura Conferencing", "operator": "eq"}, {"version": "any", "name": "Avaya Messaging Application Server", "operator": "eq"}, {"version": "any", "name": "Avaya CallPilot", "operator": "eq"}, {"version": "7.0", "name": "Microsoft Internet Explorer", "operator": "eq"}], "type": "symantec", "hash": "cc50449532eb19a9ef43cebce7c0a587e8d8d5e410e517428a093db3b7080725", "references": [], "enchantments": {"score": {"value": 6.2, "modified": "2016-09-04T11:41:46"}}, "title": "Microsoft Internet Explorer CVE-2013-1310 Use-After-Free Remote Code Execution Vulnerability", "id": "SMNTC-59751", "lastseen": "2016-09-04T11:41:46", "edition": 1, "objectVersion": "1.2", "hashmap": [{"hash": "ed513c678534fcf29e6ccf3263401b2f", "key": "published"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e36da0954f14fd5cb99fd4cf611d6d9f", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "757b3919eaf1ed659db94fd0d8ad6322", "key": "href"}, {"hash": "3172963b1884348dfe72e6ced452cb05", "key": "title"}, {"hash": "1885df2290011da013382f94cebc3b03", "key": "cvelist"}, {"hash": "ed513c678534fcf29e6ccf3263401b2f", "key": "modified"}, {"hash": "6ef748f13a027cb2a6b4cd7ca2081be6", "key": "description"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}], "modified": "2013-05-14T00:00:00"}}], "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Internet Explorer 6 and 7 are vulnerable.\n\n### Technologies Affected\n\n * Avaya Aura Conferencing Standard \n * Avaya CallPilot \n * Avaya Communication Server 1000 Telephony Manager \n * Avaya Meeting Exchange - Client Registration Server \n * Avaya Meeting Exchange - Recording Server \n * Avaya Meeting Exchange - Streaming Server \n * Avaya Meeting Exchange - Web Conferencing Server \n * Avaya Meeting Exchange - Webportal \n * Avaya Messaging Application Server \n * Microsoft Internet Explorer 6.0 \n * Microsoft Internet Explorer 7.0 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "hash": "2b1699ed8f3ef7591ef565b7d3d956162c22965daf4d84adcf7344ff5ed35209", "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1310"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13082"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310903307", "OPENVAS:903307"]}, {"type": "nessus", "idList": ["SMB_NT_MS13-037.NASL"]}], "modified": "2018-03-14T22:40:12"}, "vulnersScore": 9.3}, "type": "symantec", "lastseen": "2018-03-14T22:40:12", "edition": 2, "title": "Microsoft Internet Explorer CVE-2013-1310 Use-After-Free Remote Code Execution Vulnerability", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/59751", "modified": "2013-05-14T00:00:00", "bulletinFamily": "software", "viewCount": 1, "cvelist": ["CVE-2013-1310"], "affectedSoftware": [{"version": "6.0 ", "name": "Microsoft Internet Explorer", "operator": "eq"}, {"version": "1000 Telephony Manager ", "name": "Avaya Communication Server", "operator": "eq"}, {"version": "7.0 ", "name": "Microsoft Internet Explorer", "operator": "eq"}], "references": [], "reporter": "Symantec Security Response", "hashmap": [{"hash": "f82489a56a8bd32d27d94dfac471f5c7", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "1885df2290011da013382f94cebc3b03", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "e8867a574d570da92a753f75b66b7fcd", "key": "description"}, {"hash": "ec197f5910abcaaf55a18c3583e19eb5", "key": "href"}, {"hash": "ed513c678534fcf29e6ccf3263401b2f", "key": "modified"}, {"hash": "ed513c678534fcf29e6ccf3263401b2f", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}, {"hash": "3172963b1884348dfe72e6ced452cb05", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}], "objectVersion": "1.3"}
{"cve": [{"lastseen": "2018-10-13T11:06:05", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer Use After Free Vulnerability.\"", "modified": "2018-10-12T18:04:11", "published": "2013-05-14T23:36:34", "id": "CVE-2013-1310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1310", "title": "CVE-2013-1310", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:11:02", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS13-037.", "modified": "2017-05-09T00:00:00", "published": "2013-05-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=903307", "id": "OPENVAS:903307", "title": "Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-037.nasl 6086 2017-05-09 09:03:30Z teissa $\n#\n# Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to corrupt memory by the\n execution of arbitrary code in the context of the current user and gain\n access to potentially sensitive information stored in JSON data files.\n Impact Level: System/Application\";\n\ntag_affected = \"Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x\";\ntag_insight = \"Multiple unspecified use-after-free error occurs when accessing already\n freed memory.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms13-037\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS13-037.\";\n\nif(description)\n{\n script_id(903307);\n script_version(\"$Revision: 6086 $\");\n script_cve_id(\"CVE-2013-1297\", \"CVE-2013-0811\", \"CVE-2013-1306\", \"CVE-2013-1307\",\n \"CVE-2013-1308\", \"CVE-2013-1309\", \"CVE-2013-1310\", \"CVE-2013-1311\",\n \"CVE-2013-1312\", \"CVE-2013-2551\", \"CVE-2013-3140\");\n script_bugtraq_id(59734, 59737, 59745, 59746, 59747, 59748,\n 59751, 59752, 59753, 59754, 59755, 58570);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-09 11:03:30 +0200 (Tue, 09 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-15 08:20:51 +0530 (Wed, 15 May 2013)\");\n script_name(\"Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53327\");\n script_xref(name : \"URL\" , value : \"https://technet.microsoft.com/en-us/security/bulletin/ms13-037\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_mandatory_keys(\"MS/IE/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nsysPath = \"\";\nieVer = \"\";\ndllVer = NULL;\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:2, win2008:3, win8:1) <= 0){\n exit(0);\n}\n\n## Get IE Version from KB\nieVer = get_kb_item(\"MS/IE/Version\");\nif(!ieVer || !(ieVer =~ \"^(6|7|8|9|10)\")){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\n## Get Version from Mshtml.dll\ndllVer = fetch_file_version(sysPath, file_name:\"system32\\Mshtml.dll\");\nif(!dllVer){\n exit(0);\n}\n\n## Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n ## Check for Mshtml.dll version\n if(version_is_less(version:dllVer, test_version:\"6.0.2900.6380\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6000.00000\", test_version2:\"7.0.6000.21334\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.23485\")){\n security_message(0);\n }\n exit(0);\n}\n\n## Windows 2003\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n ## Check for Mshtml.dll version\n if(version_is_less(version:dllVer, test_version:\"6.0.3790.5149\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6000.00000\", test_version2:\"7.0.6000.21334\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.23485\")){\n security_message(0);\n }\n exit(0);\n}\n\n## Windows Vista and Server 2008\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n ## Check for Mshtml.dll version\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.18822\")||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.23094\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.19417\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.20000\", test_version2:\"8.0.6001.23485\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16482\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20592\")){\n security_message(0);\n }\n exit(0);\n}\n\n## Windows 7\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n ## Check for Mshtml.dll version\n if(version_in_range(version:dllVer, test_version:\"8.0.7601.16000\", test_version2:\"8.0.7601.18125\")||\n version_in_range(version:dllVer, test_version:\"8.0.7601.21000\", test_version2:\"8.0.7601.22295\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16482\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20592\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.16575\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.20680\")){\n security_message(0);\n }\n exit(0);\n}\n\n## Windows 8\nelse if(hotfix_check_sp(win8:1) > 0)\n{\n ## Check for Mshtml.dll version\n if(version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.16577\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.20681\")){\n security_message(0);\n }\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:41:58", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS13-037.", "modified": "2018-10-12T00:00:00", "published": "2013-05-15T00:00:00", "id": "OPENVAS:1361412562310903307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903307", "title": "Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-037.nasl 11876 2018-10-12 12:20:01Z cfischer $\n#\n# Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903307\");\n script_version(\"$Revision: 11876 $\");\n script_cve_id(\"CVE-2013-1297\", \"CVE-2013-0811\", \"CVE-2013-1306\", \"CVE-2013-1307\",\n \"CVE-2013-1308\", \"CVE-2013-1309\", \"CVE-2013-1310\", \"CVE-2013-1311\",\n \"CVE-2013-1312\", \"CVE-2013-2551\", \"CVE-2013-3140\");\n script_bugtraq_id(59734, 59737, 59745, 59746, 59747, 59748,\n 59751, 59752, 59753, 59754, 59755, 58570);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:20:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-05-15 08:20:51 +0530 (Wed, 15 May 2013)\");\n script_name(\"Microsoft Internet Explorer Multiple Use After Free Vulnerabilities (2829530)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/53327\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-037\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to corrupt memory by the\n execution of arbitrary code in the context of the current user and gain\n access to potentially sensitive information stored in JSON data files.\");\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x\");\n script_tag(name:\"insight\", value:\"Multiple unspecified use-after-free error occurs when accessing already\n freed memory.\");\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed hotfixes or download and\n install the hotfixes from the referenced advisory.\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS13-037.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms13-037\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:2, win2008:3, win8:1) <= 0){\n exit(0);\n}\n\nieVer = get_kb_item(\"MS/IE/Version\");\nif(!ieVer || !(ieVer =~ \"^(6|7|8|9|10)\")){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Mshtml.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.0.2900.6380\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6000.00000\", test_version2:\"7.0.6000.21334\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.23485\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.0.3790.5149\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6000.00000\", test_version2:\"7.0.6000.21334\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.23485\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.18822\")||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.23094\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.19417\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.20000\", test_version2:\"8.0.6001.23485\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16482\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20592\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"8.0.7601.16000\", test_version2:\"8.0.7601.18125\")||\n version_in_range(version:dllVer, test_version:\"8.0.7601.21000\", test_version2:\"8.0.7601.22295\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16482\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20592\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.16575\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.20680\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win8:1) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.16577\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.20681\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:18:54", "bulletinFamily": "scanner", "description": "The remote host is missing Internet Explorer (IE) Security Update 2829530.\n\nThe installed version of IE is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.", "modified": "2018-11-15T00:00:00", "id": "SMB_NT_MS13-037.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66412", "published": "2013-05-15T00:00:00", "title": "MS13-037: Cumulative Security Update for Internet Explorer (2829530)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(66412);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2013-0811\",\n \"CVE-2013-1297\",\n \"CVE-2013-1306\",\n \"CVE-2013-1307\",\n \"CVE-2013-1308\",\n \"CVE-2013-1309\",\n \"CVE-2013-1310\",\n \"CVE-2013-1311\",\n \"CVE-2013-1312\",\n \"CVE-2013-2551\",\n \"CVE-2013-3140\"\n );\n script_bugtraq_id(\n 58570,\n 59734,\n 59737,\n 59745,\n 59746,\n 59747,\n 59748,\n 59751,\n 59752,\n 59753,\n 59754\n );\n script_xref(name:\"MSFT\", value:\"MS13-037\");\n script_xref(name:\"MSKB\", value:\"2829530\");\n\n script_name(english:\"MS13-037: Cumulative Security Update for Internet Explorer (2829530)\");\n script_summary(english:\"Checks version of Mshtml.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple code execution\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing Internet Explorer (IE) Security Update\n2829530.\n\nThe installed version of IE is affected by multiple vulnerabilities that\ncould allow an attacker to execute arbitrary code on the remote host.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/526657/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/526659/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-081/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-082/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-083/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-084/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-085/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-102/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-103/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-037\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,\n2008 R2, 8, and 2012.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MS13-037 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS13-037';\nkb = '2829530';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8 / 2012\n #\n # - Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", file:\"Mshtml.dll\", version:\"10.0.9200.20682\", min_version:\"10.0.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.2\", arch:\"x64\", file:\"Mshtml.dll\", version:\"10.0.9200.16579\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.2\", arch:\"x86\", file:\"Mshtml.dll\", version:\"10.0.9200.16578\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 7 / 2008 R2\n #\n # - Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"10.0.9200.20681\", min_version:\"10.0.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"10.0.9200.16576\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.1\", file:\"Mshtml.dll\", version:\"9.0.8112.20593\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", file:\"Mshtml.dll\", version:\"9.0.8112.16483\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"8.0.7601.22296\", min_version:\"8.0.7601.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Mshtml.dll\", version:\"8.0.7601.18126\", min_version:\"8.0.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Vista / 2008\n #\n # - Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"9.0.8112.20593\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"9.0.8112.16483\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.23486\", min_version:\"8.0.6001.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.19418\", min_version:\"8.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6002.23095\", min_version:\"7.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6002.18823\", min_version:\"7.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2003 / XP 64-bit\n #\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"8.0.6001.23486\", min_version:\"8.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6000.21335\", min_version:\"7.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 6\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"6.0.3790.5149\", min_version:\"6.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows XP x86\n #\n # - Internet Explorer 8\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"8.0.6001.23486\", min_version:\"8.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 7\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"7.0.6000.21335\", min_version:\"7.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n # - Internet Explorer 6\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Mshtml.dll\", version:\"6.0.2900.6380\", min_version:\"6.0.2900.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "Information leakage, multiple use-after-free vulnerabilities", "modified": "2013-05-27T00:00:00", "published": "2013-05-27T00:00:00", "id": "SECURITYVULNS:VULN:13082", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13082", "title": "Microsoft Internet Explorer multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
