CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.3%
The version of Microsoft XML Core Services installed on the remote Windows host is affected by multiple code execution vulnerabilities when visiting a specially crafted web page using Internet Explorer.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(63420);
script_version("1.11");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id("CVE-2013-0006", "CVE-2013-0007");
script_bugtraq_id(57116, 57122);
script_xref(name:"MSFT", value:"MS13-002");
script_xref(name:"MSKB", value:"2687497");
script_xref(name:"MSKB", value:"2687499");
script_xref(name:"MSKB", value:"2757638");
script_xref(name:"MSKB", value:"2758694");
script_xref(name:"MSKB", value:"2758696");
script_xref(name:"MSKB", value:"2760574");
script_xref(name:"IAVA", value:"2013-A-0004");
script_name(english:"MS13-002: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)");
script_summary(english:"Checks the versions of Msxml3.dll, Msxml4.dll, and Msxml6.dll");
script_set_attribute(
attribute:"synopsis",
value:
"Arbitrary code can be executed on the remote host through Microsoft XML
Core Services."
);
script_set_attribute(
attribute:"description",
value:
"The version of Microsoft XML Core Services installed on the remote
Windows host is affected by multiple code execution vulnerabilities when
visiting a specially crafted web page using Internet Explorer."
);
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-002");
script_set_attribute(
attribute:"solution",
value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, and 2008 R2, 8, 2012, Office 2003, 2007, Word Viewer, Office
Compatibility Pack, Expression Web Service, Expression Web 2, SharePoint
Server 2007 and Groove Server 2007."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/08");
script_set_attribute(attribute:"patch_publication_date", value:"2013/01/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:xml_core_services");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:expression_web");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:groove_server");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint_server");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word_viewer");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS13-002';
kbs = make_list(
"2687497",
"2687499",
"2757638",
"2758694",
"2758696",
"2760574"
);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (!is_accessible_share()) audit(AUDIT_SHARE_FAIL, 'is_accessible_share');
vuln = 0;
arch = get_kb_item_or_exit("SMB/ARCH");
if (arch == "x86")
commonfiles = hotfix_get_commonfilesdir();
else commonfiles = hotfix_get_commonfilesdirx86();
if (commonfiles)
msxml5_dir = commonfiles + '\\Microsoft Shared\\Office11';
# XML Core Services 5 (this could be one of three KBs - KB2760574, KB2687497, KB2687499)
if (msxml5_dir)
vuln += hotfix_is_vulnerable(path:msxml5_dir, file:"Msxml5.dll", version:"5.20.1099.0", min_version:"5.0.0.0", bulletin:bulletin);
# If a vulnerable version of XML Core Services 5 was detected, we should report on that
# regardless of the OS version.
if ((hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0))
{
if (!vuln) audit(AUDIT_OS_SP_NOT_VULN);
}
else
{
productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
# Windows 8 / Server 2012
vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.16447", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.20551", min_version:"8.110.9200.20000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.9200.16447", min_version:"6.30.9200.16000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.9200.20551", min_version:"6.30.9200.20000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.16447", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.2", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.9200.20551", min_version:"8.110.9200.20000", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.2", sp:0, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"6.2", sp:0, file:"Msxml6.dll", version:"6.30.9200.16447", min_version:"6.30.9200.16000", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.2", sp:0, file:"Msxml6.dll", version:"6.30.9200.20551", min_version:"6.30.9200.20000", dir:"\System32", bulletin:bulletin, kb:"2757638");
# Windows 7 / Server 2008 R2
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.17157", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.21360", min_version:"8.110.7600.21000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.17988", min_version:"8.110.7601.17000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.22149", min_version:"8.110.7601.22000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.7600.17157", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml6.dll", version:"6.30.7600.21360", min_version:"6.30.7600.21000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml6.dll", version:"6.30.7601.17988", min_version:"6.30.7601.17000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml6.dll", version:"6.30.7601.22149", min_version:"6.30.7601.22000", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.17157", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:0, file:"Msxml3.dll", version:"8.110.7600.21360", min_version:"8.110.7600.21000", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.17988", min_version:"8.110.7601.17000", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", arch:"x64", sp:1, file:"Msxml3.dll", version:"8.110.7601.22149", min_version:"8.110.7601.22000", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Msxml6.dll", version:"6.30.7600.17157", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Msxml6.dll", version:"6.30.7600.21360", min_version:"6.30.7600.21000", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Msxml6.dll", version:"6.30.7601.17988", min_version:"6.30.7601.17000", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Msxml6.dll", version:"6.30.7601.22149", min_version:"6.30.7601.22000", dir:"\System32", bulletin:bulletin, kb:"2757638");
# Vista / Windows Server 2008
vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.5006.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml6.dll", version:"6.20.5006.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.0", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.5006.0", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Msxml6.dll", version:"6.20.5006.0", dir:"\System32", bulletin:bulletin, kb:"2757638");
# Windows 2003 and XP x64
vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.1053.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml6.dll", version:"6.20.2016.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758696");
vuln += hotfix_is_vulnerable(os:"5.2", arch:"x64", sp:2, file:"Msxml3.dll", version:"8.100.1053.0", dir:"\System32", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"5.2", sp:2, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"5.2", sp:2, file:"Msxml6.dll", version:"6.20.2016.0", dir:"\System32", bulletin:bulletin, kb:"2758696");
# Windows XP
vuln += hotfix_is_vulnerable(os:"5.1", arch:"x64", sp:3, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"5.1", arch:"x64", sp:3, file:"Msxml6.dll", version:"6.20.2502.0", dir:"\SysWOW64", bulletin:bulletin, kb:"2757638");
vuln += hotfix_is_vulnerable(os:"5.1", sp:3, file:"Msxml4.dll", version:"4.30.2117.0", min_version:"4.30.0.0", dir:"\System32", bulletin:bulletin, kb:"2758694");
vuln += hotfix_is_vulnerable(os:"5.1", sp:3, file:"Msxml6.dll", version:"6.20.2502.0", dir:"\System32", bulletin:bulletin, kb:"2757638");
}
if (vuln > 0)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}