Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.SMB_NT_MS15-091.NASL
HistoryAug 11, 2015 - 12:00 a.m.

MS15-091: Cumulative Security Update for Microsoft Edge (3084525)

2015-08-1100:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
36

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.641 Medium

EPSS

Percentile

97.9%

JSON

The version of Microsoft Edge installed on the remote host is missing Cumulative Security Update 3081436. It is, therefore, affected by multiple vulnerabilities :

  • Multiple memory corruption issues exist due to improper access to objects in memory resulting from insufficient validation of user-supplied input. A remote attacker, using a specially crafted website, can exploit these issues to execute arbitrary code in the context of the current user. (CVE-2015-2441, CVE-2015-2442, CVE-2015-2446)

  • A security feature bypass vulnerability exists due to a failure to use Address Space Layout Randomization (ASLR). An attacker can exploit this to predict memory offsets in a call stack. (CVE-2015-2449)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(85324);
  script_version("1.11");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id(
    "CVE-2015-2441",
    "CVE-2015-2442",
    "CVE-2015-2446",
    "CVE-2015-2449"
  );
  script_bugtraq_id(
    76193,
    76196,
    76197,
    76199
  );
  script_xref(name:"MSFT", value:"MS15-091");
  script_xref(name:"MSKB", value:"3081436");

  script_name(english:"MS15-091: Cumulative Security Update for Microsoft Edge (3084525)");
  script_summary(english:"Checks the file version of edgehtml.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser installed that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote host is missing
Cumulative Security Update 3081436. It is, therefore, affected by
multiple vulnerabilities :

  - Multiple memory corruption issues exist due to improper
    access to objects in memory resulting from insufficient
    validation of user-supplied input. A remote attacker,
    using a specially crafted website, can exploit these
    issues to execute arbitrary code in the context of the
    current user. (CVE-2015-2441, CVE-2015-2442,
    CVE-2015-2446)

  - A security feature bypass vulnerability exists due to
    a failure to use Address Space Layout Randomization
    (ASLR). An attacker can exploit this to predict memory
    offsets in a call stack. (CVE-2015-2449)");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-091");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 10.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("misc_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS15-091';
kb = '3081436'; # Cumulative update for Windows 10: August 11, 2015

kbs = make_list(kb);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

# Server core is not affected
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 10
  hotfix_is_vulnerable(os:"10", sp:0, file:"edgehtml.dll", version:"11.0.10240.16428", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftedgecpe:/a:microsoft:edge

Related

openvas 2
mskb 2
symantec 4
kaspersky 2
nessus 1
checkpoint_advisories 2
nvd 7
cve 7
prion 7
cvelist 7
securityvulns 1
openvas
openvas
Microsoft Edge Multiple Vulnerabilities (3084525)
2016-01-08 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (3082442)
2015-08-12 00:00:00
mskb
mskb
MS15-091: Cumulative security update for Microsoft Edge: August 11, 2015
2015-08-11 00:00:00
MS15-079: Cumulative security update for Internet Explorer: August 11, 2015
2015-08-11 00:00:00
symantec
symantec
Microsoft Internet Explorer and Edge CVE-2015-2441 Remote Memory Corruption Vulnerability
2015-08-11 00:00:00
Microsoft Internet Explorer and Edge CVE-2015-2442 Remote Memory Corruption Vulnerability
2015-08-11 00:00:00
Microsoft Internet Explorer and Edge CVE-2015-2446 Remote Memory Corruption Vulnerability
2015-08-11 00:00:00
kaspersky
kaspersky
KLA10648 Multiple vulnerabilities in Internet Explorer
2015-08-11 00:00:00
KLA10646 Multiple vulnerabilities in Microsoft Windows
2015-08-11 00:00:00
nessus
nessus
MS15-079: Cumulative Security Update for Internet Explorer (3082442)
2015-08-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS15-079: CVE-2015-2442)
2015-08-11 00:00:00
Microsoft Internet Explorer Memory Corruption (MS15-079: CVE-2015-2446)
2015-08-11 00:00:00
nvd
nvd
CVE-2015-2449
2015-08-14 10:59:08
CVE-2015-2441
2015-08-14 10:59:00
CVE-2015-2452
2015-08-14 10:59:11
cve
cve
CVE-2015-2449
2015-08-14 10:59:08
CVE-2015-2441
2015-08-14 10:59:00
CVE-2015-2452
2015-08-14 10:59:11
prion
prion
Security feature bypass
2015-08-14 10:59:00
Memory corruption
2015-08-14 10:59:00
Memory corruption
2015-08-14 10:59:00
cvelist
cvelist
CVE-2015-2449
2015-08-14 10:00:00
CVE-2015-2452
2015-08-14 10:00:00
CVE-2015-2441
2015-08-14 10:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.641 Medium

EPSS

Percentile

97.9%

JSON
Related for SMB_NT_MS15-091.NASL
openvas2mskb2symantec4kaspersky2nessus1checkpoint_advisories2nvd7cve7prion7cvelist7securityvulns1