4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
58.4%
The remote Windows host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in Windows DVD Maker due to improper parsing of .msdvd files. An unauthenticated, remote attacker can exploit this issue, by convincing a user to execute a specially crafted application, to disclose sensitive information.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(97734);
script_version("1.11");
script_cvs_date("Date: 2019/11/13");
script_cve_id("CVE-2017-0045");
script_bugtraq_id(96103);
script_xref(name:"MSFT", value:"MS17-020");
script_xref(name:"MSKB", value:"3205715");
script_xref(name:"MSKB", value:"4012212");
script_xref(name:"MSKB", value:"4012215");
script_xref(name:"IAVB", value:"2017-B-0030");
script_name(english:"MS17-020: Security Update for Windows DVD Maker (3208223)");
script_summary(english:"Checks the version of dvdmaker.exe or the installed rollup.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by an information disclosure
vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is missing a security update. It is,
therefore, affected by an information disclosure vulnerability in
Windows DVD Maker due to improper parsing of .msdvd files. An
unauthenticated, remote attacker can exploit this issue, by convincing
a user to execute a specially crafted application, to disclose
sensitive information.");
script_set_attribute(attribute:"see_also", value:"https://technet.microsoft.com/library/security/MS17-020");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Vista and 7.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-0045");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/14");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "smb_check_rollup.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS17-020';
kbs = make_list(
'3205715',
'4012212',
'4012215'
);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);
get_kb_item_or_exit("SMB/Registry/Enumerated");
version = get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(vista:'2', win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
# Windows Server 2008 and 2008 R2 are not affected.
if ("Server 2008" >< productname) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
vuln = 0;
# Windows Vista
if ("6.0" >< version) {
path = hotfix_get_programfilesdir();
path = hotfix_append_path(path:path, value:"\Movie Maker\");
if (
(hotfix_check_fversion(file:"dvdmaker.exe", version:"6.0.6002.19725", min_version:"6.0.6002.18000", path:path, bulletin:bulletin, kb:'3205715', product:'Windows DVD Maker') == HCF_OLDER) ||
(hotfix_check_fversion(file:"dvdmaker.exe", version:"6.0.6002.24048", min_version:"6.0.6002.23000", path:path, bulletin:bulletin, kb:'3205715', product:'Windows DVD Maker') == HCF_OLDER)
) vuln++;
}
# Windows 7
if (smb_check_rollup(os:"6.1",
sp:1,
rollup_date: "03_2017",
bulletin:bulletin,
rollup_kb_list:make_list(4012212, 4012215))
) vuln++;
if (vuln)
{
set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
hotfix_security_warning();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
58.4%