Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS16-002.NASL
HistoryJan 12, 2016 - 12:00 a.m.

MS16-002: Cumulative Security Update for Microsoft Edge (3124904)

2016-01-1200:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.952

Percentile

99.4%

JSON

The version of Microsoft Edge installed on the remote host is missing Cumulative Security Update 3124904. It is, therefore, affected by multiple remote code execution vulnerabilities :

  • A remote code execution vulnerability exists due to improper handling of objects in memory. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in execution of arbitrary code in the context of the current user.
    (CVE-2016-0003)

  • A remote code execution vulnerability exists in the Chakra JavaScript engine due to improper handling of objects in memory. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0024)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(87878);
  script_version("1.12");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id("CVE-2016-0003", "CVE-2016-0024");
  script_bugtraq_id(79893);
  script_xref(name:"MSFT", value:"MS16-002");
  script_xref(name:"MSKB", value:"3124263");
  script_xref(name:"MSKB", value:"3124266");

  script_name(english:"MS16-002: Cumulative Security Update for Microsoft Edge (3124904)");
  script_summary(english:"Checks the file version of edgehtml.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a web browser installed that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote host is missing
Cumulative Security Update 3124904. It is, therefore, affected by
multiple remote code execution vulnerabilities :

  - A remote code execution vulnerability exists due to
    improper handling of objects in memory. An attacker can
    exploit this vulnerability by convincing a user to visit
    a specially crafted website, resulting in execution of
    arbitrary code in the context of the current user.
    (CVE-2016-0003)

  - A remote code execution vulnerability exists in the
    Chakra JavaScript engine due to improper handling of
    objects in memory. An attacker can exploit this
    vulnerability by convincing a user to visit a specially
    crafted website, resulting in execution of arbitrary
    code in the context of the current user. (CVE-2016-0024)");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-002");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 10.

Note that Windows 10 with Citrix XenDesktop installed will not be
offered the patch due to an issue with the XenDesktop software that
prevents users from logging on when the patch is applied. To apply the
patch you must first uninstall XenDesktop or contact Citrix for help
with the issue.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0024");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("misc_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS16-002';
kbs = make_list('3124263', '3124266');

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

# Server core is not affected
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
# Windows 10
  hotfix_is_vulnerable(os:"10", sp:0, file:"edgehtml.dll", version:"11.0.10586.63", min_version:"11.0.10586.0", dir:"\system32", bulletin:bulletin, kb:"3124263") ||
  hotfix_is_vulnerable(os:"10", sp:0, file:"edgehtml.dll", version:"11.0.10240.16644", dir:"\system32", bulletin:bulletin, kb:"3124266")
)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Related

openvas 1
kaspersky 1
checkpoint_advisories 2
cvelist 2
symantec 2
nvd 2
github 1
osv 1
prion 2
cve 2
mskb 2
zdi 1
ibm 1
openvas
openvas
Microsoft Edge Multiple Vulnerabilities (3124904)
2016-01-13 00:00:00
kaspersky
kaspersky
KLA10740 Multiple vulnerabilities in Microsoft Internet Explorer and Edge
2016-01-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Scripting Engine Memory Corruption (MS16-002: CVE-2016-0024)
2016-01-12 00:00:00
Microsoft Edge Memory Corruption (MS16-002: CVE-2016-0003)
2016-01-12 00:00:00
cvelist
cvelist
CVE-2016-0024
2016-01-13 02:00:00
CVE-2016-0003
2016-01-13 02:00:00
symantec
symantec
Microsoft Edge CVE-2016-0024 Remote Memory Corruption Vulnerability
2016-01-12 00:00:00
Microsoft Edge CVE-2016-0003 Remote Memory Corruption Vulnerability
2016-01-12 00:00:00
nvd
nvd
CVE-2016-0024
2016-01-13 05:59:17
CVE-2016-0003
2016-01-13 05:59:02
github
github
ChakraCore RCE Vulnerability
2022-05-14 02:26:20
osv
osv
ChakraCore RCE Vulnerability
2022-05-14 02:26:20
prion
prion
Memory corruption
2016-01-13 05:59:00
Memory corruption
2016-01-13 05:59:00
cve
cve
CVE-2016-0024
2016-01-13 05:59:17
CVE-2016-0003
2016-01-13 05:59:02
mskb
mskb
MS16-002: Cumulative security update for Microsoft Edge: January 12, 2016
2016-01-12 00:00:00
MS16-003: Cumulative security update for JScript and VBScript to address remote code execution: January 12, 2016
2016-01-12 00:00:00
zdi
zdi
Microsoft Edge TextData Type Confusion Information Disclosure Vulnerability
2016-01-12 00:00:00
ibm
ibm
Security Bulletin: IBM TRIRIGA Application Platform is vulneraible to multiple vunerabilities [CVE-2016-0003], [CVE-2016-1000031] and [CVE-2016-0248]
2023-07-28 19:57:26

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.952

Percentile

99.4%

JSON
Related for SMB_NT_MS16-002.NASL
openvas1kaspersky1checkpoint_advisories2cvelist2symantec2nvd2github1osv1prion2cve2mskb2zdi1ibm1