Cumulative Security Update for Internet Explorer (939653)

2010-07-0800:00:00

plugins.openvas.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.921

Percentile

99.0%

JSON

This critical security update resolves three privately reported
vulnerabilities and one publicly disclosed vulnerability.
The vulnerability with the most serious security impact could allow
remote code execution if a user viewed a specially crafted Web page
using Internet Explorer. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users
who operate with administrative user rights.

# SPDX-FileCopyrightText: 2010 LSS
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.102060");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)");
  script_cve_id("CVE-2007-3892", "CVE-2007-3893", "CVE-2007-3826");
  script_name("Cumulative Security Update for Internet Explorer (939653)");
  script_xref(name:"URL", value:"http://secunia.com/secunia_research/2007-1/");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/24911");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/25915");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/25916");
  script_tag(name:"qod_type", value:"executable_version");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 LSS");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("gb_ms_ie_detect.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("MS/IE/Version");

  script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"summary", value:"This critical security update resolves three privately reported
  vulnerabilities and one publicly disclosed vulnerability.
  The vulnerability with the most serious security impact could allow
  remote code execution if a user viewed a specially crafted Web page
  using Internet Explorer. Users whose accounts are configured to have
  fewer user rights on the system could be less impacted than users
  who operate with administrative user rights.");

  script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057");

  exit(0);
}

include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp( win2k:5 ,xp:4 ,win2003:3 ,vista:3 ) <= 0){
  exit(0);
}

ieVer = get_kb_item("MS/IE/Version");
if(!ieVer){
  exit(0);
}

# MS07-033 Hotfix (939653)
if(hotfix_missing(name:"939653") == 0){
  exit(0);
}

dllPath = registry_get_sz(item:"Install Path", key:"SOFTWARE\Microsoft\COM3\Setup");
dllPath += "\mshtml.dll";
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath);

vers = GetVer(file:file, share:share);
if(!vers){
  exit(0);
}

#CVE-2007-3892, CVE-2007-3893, CVE-2007-3826
if(hotfix_check_sp(win2k:5) > 0)
{
  SP = get_kb_item("SMB/Win2K/ServicePack");
  if("Service Pack 4" >< SP)
  {
    if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3856.1700") ||
       version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1601")){
     security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
    }
  }
}
else if(hotfix_check_sp(xp:4) > 0)
{
  SP = get_kb_item("SMB/WinXP/ServicePack");
  if("Service Pack 2" >< SP)
  {
    if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3199") ||
       version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16544")){
      security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
    }
  }
}

else if(hotfix_check_sp(win2003:3) > 0)
{
  SP = get_kb_item("SMB/Win2003/ServicePack");
  if("Service Pack 1" >< SP)
  {
    if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.2993") ||
       version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16544")){
      security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
    }
  }
  else if("Service Pack 2" >< SP)
  {
    if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3199") ||
       version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4134") ||
       version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16544")){
      security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
    }
  }
  else if("Service Pack 0" >< SP)
  {
    if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.2993")){
      security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
    }
  }
}

else if(hotfix_check_sp(vista:2) > 0)
{
  SP = get_kb_item("SMB/WinVista/ServicePack");
  if("Service Pack 0" >< SP)
  {
    if(version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16546")){
      security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
    }
  }
}

exit(99);