Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 Tenable Network Security, Inc.SMB_NT_MS12-063.NASL
HistorySep 21, 2012 - 12:00 a.m.

MS12-063: Cumulative Security Update for Internet Explorer (2744842)

2012-09-2100:00:00
This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.
www.tenable.com
34

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.821 High

EPSS

Percentile

98.4%

JSON

The remote host is missing Internet Explorer (IE) Security Update 2744842.

The installed version of IE is affected by vulnerabilities that could allow an attacker to execute arbitrary code on the remote host.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(62223);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/08");

  script_cve_id(
    "CVE-2012-1529",
    "CVE-2012-2546",
    "CVE-2012-2548",
    "CVE-2012-2557",
    "CVE-2012-4969"
  );
  script_bugtraq_id(
    55562,
    55641,
    55645,
    55646,
    55647
  );
  script_xref(name:"CERT", value:"480095");
  script_xref(name:"MSFT", value:"MS12-063");
  script_xref(name:"MSKB", value:"2744842");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/22");

  script_name(english:"MS12-063: Cumulative Security Update for Internet Explorer (2744842)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by code execution vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing Internet Explorer (IE) Security Update
2744842.

The installed version of IE is affected by vulnerabilities that could
allow an attacker to execute arbitrary code on the remote host.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-063");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2012/2757760");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-200/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-199/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-198/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-007/");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524504/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/524505/30/0/threaded");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7,
and 2008 R2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4969");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS12-063';
kb = '2744842';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = ereg_replace(pattern:"^([A-Za-z]):.*", replace:"\1$", string:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);


if (
  # Windows 7 / 2008 R2
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.20557", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1",       file:"Mshtml.dll", version:"9.0.8112.16450", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.22099", min_version:"8.0.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mshtml.dll", version:"8.0.7601.17940", min_version:"8.0.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.21313", min_version:"8.0.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mshtml.dll", version:"8.0.7600.17115", min_version:"8.0.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / 2008
  #
  # - Internet Explorer 9
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.20557", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"9.0.8112.16450", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.23415", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"8.0.6001.19328", min_version:"8.0.6001.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.22920", min_version:"7.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Mshtml.dll", version:"7.0.6002.18686", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003 / XP 64-bit
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.23415", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"8.0.6001.19328", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.21316", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"7.0.6000.17114", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.5060",  min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows XP x86
  #
  # - Internet Explorer 8
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.23415", min_version:"8.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"8.0.6001.19328", min_version:"8.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 7
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.21316", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"7.0.6000.17114", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  # - Internet Explorer 6
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.6287",  min_version:"6.0.2900.0", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftiecpe:/a:microsoft:ie
microsoftwindowscpe:/o:microsoft:windows

Related

securityvulns 1
openvas 2
mskb 1
cvelist 5
zdi 4
prion 5
nvd 5
checkpoint_advisories 5
seebug 4
cve 5
cert 1
threatpost 6
nessus 1
canvas 1
saint 4
attackerkb 3
cisa_kev 1
thn 7
cisa 1
securityvulns
securityvulns
Microsoft Internet Explorer memory corruption
2012-10-25 00:00:00
openvas
openvas
Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
2012-09-18 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760)
2012-09-18 00:00:00
mskb
mskb
MS12-063: Cumulative Security Update for Internet Explorer: September 21, 2012
2012-09-21 00:00:00
cvelist
cvelist
CVE-2012-2557
2012-09-21 21:00:00
CVE-2012-2548
2012-09-21 21:00:00
CVE-2012-4969
2012-09-18 10:00:00
zdi
zdi
Microsoft Internet Explorer CMarkup outerText Remote Code Execution Vulnerability
2012-12-21 00:00:00
Microsoft Internet Explorer Layout Remote Code Execution Vulnerability
2013-02-01 00:00:00
Microsoft Internet Explorer 9 CTreeNode Remote Code Execution Vulnerability
2012-12-21 00:00:00
prion
prion
Design/Logic Flaw
2012-09-21 21:55:00
Design/Logic Flaw
2012-09-18 10:39:00
Design/Logic Flaw
2012-09-21 21:55:00
nvd
nvd
CVE-2012-2557
2012-09-21 21:55:01
CVE-2012-2548
2012-09-21 21:55:01
CVE-2012-2546
2012-09-21 21:55:01
checkpoint_advisories
checkpoint_advisories
Internet Explorer cloneNode Use After Free Remote Code Execution (MS12-063; CVE-2012-2557)
2012-09-22 00:00:00
Internet Explorer Layout Use After Free Remote Code Execution (MS12-063; CVE-2012-2548)
2012-09-22 00:00:00
Internet Explorer execCommand Use-After-Free (CVE-2012-4969)
2012-09-19 00:00:00
seebug
seebug
Microsoft IE cloneNode释放后重用远程代码执行漏洞(MS12-063)
2012-09-24 00:00:00
Microsoft Internet Explorer 9.x 事件监听器释放后重用远程代码执行漏洞(MS12-063)
2012-09-24 00:00:00
Microsoft IE布局释放后重用远程代码执行漏洞(MS12-063)
2012-09-24 00:00:00
cve
cve
CVE-2012-2557
2012-09-21 21:55:01
CVE-2012-2548
2012-09-21 21:55:01
CVE-2012-4969
2012-09-18 10:39:14
cert
cert
Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerability
2012-09-17 00:00:00
threatpost
threatpost
Another IE Exploit Targeting Defense Industry Discovered
2012-09-24 17:27:15
Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack
2013-01-02 21:41:29
IE Zero-Day Watering Hole Attack Expands to Handful of Political Sites
2013-01-03 22:02:04
nessus
nessus
MS KB2757760: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)
2012-09-19 00:00:00
canvas
canvas
Immunity Canvas: IE_EXECCOMMAND
2012-09-18 10:39:00
saint
saint
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
Internet Explorer CMshtmlEd execCommand Use After Free
2012-09-19 00:00:00
attackerkb
attackerkb
Microsoft Internet Explorer execCommand Use-After-Free
2012-09-18 00:00:00
CVE-2012-4969
2012-09-18 00:00:00
Microsoft Internet Explorer SetMouseCapture Use-After-Free
2020-10-14 00:00:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-06-08 00:00:00
thn
thn
Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969
2012-09-19 20:08:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 12:23:00
CFR watering hole attack also target Capstone Turbine Corporation
2013-01-02 01:23:00
cisa
cisa
Microsoft Releases Security Advisory for Internet Explorer
2012-09-19 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.821 High

EPSS

Percentile

98.4%

JSON
Related for SMB_NT_MS12-063.NASL
securityvulns1openvas2mskb1cvelist5zdi4prion5nvd5checkpoint_advisories5seebug4cve5cert1threatpost6nessus1canvas1saint4attackerkb3cisa_kev1thn7cisa1