CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.0%
This critical security update resolves three privately reported
vulnerabilities and one publicly disclosed vulnerability.
The vulnerability with the most serious security impact could allow
remote code execution if a user viewed a specially crafted Web page
using Internet Explorer. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users
who operate with administrative user rights.
# SPDX-FileCopyrightText: 2010 LSS
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.102060");
script_version("2023-08-01T13:29:10+0000");
script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
script_tag(name:"creation_date", value:"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)");
script_cve_id("CVE-2007-3892", "CVE-2007-3893", "CVE-2007-3826");
script_name("Cumulative Security Update for Internet Explorer (939653)");
script_xref(name:"URL", value:"http://secunia.com/secunia_research/2007-1/");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/24911");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/25915");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/25916");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 LSS");
script_family("Windows : Microsoft Bulletins");
script_dependencies("gb_ms_ie_detect.nasl");
script_require_ports(139, 445);
script_mandatory_keys("MS/IE/Version");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"summary", value:"This critical security update resolves three privately reported
vulnerabilities and one publicly disclosed vulnerability.
The vulnerability with the most serious security impact could allow
remote code execution if a user viewed a specially crafted Web page
using Internet Explorer. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users
who operate with administrative user rights.");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(hotfix_check_sp( win2k:5 ,xp:4 ,win2003:3 ,vista:3 ) <= 0){
exit(0);
}
ieVer = get_kb_item("MS/IE/Version");
if(!ieVer){
exit(0);
}
# MS07-033 Hotfix (939653)
if(hotfix_missing(name:"939653") == 0){
exit(0);
}
dllPath = registry_get_sz(item:"Install Path", key:"SOFTWARE\Microsoft\COM3\Setup");
dllPath += "\mshtml.dll";
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath);
vers = GetVer(file:file, share:share);
if(!vers){
exit(0);
}
#CVE-2007-3892, CVE-2007-3893, CVE-2007-3826
if(hotfix_check_sp(win2k:5) > 0)
{
SP = get_kb_item("SMB/Win2K/ServicePack");
if("Service Pack 4" >< SP)
{
if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3856.1700") ||
version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1601")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
}
else if(hotfix_check_sp(xp:4) > 0)
{
SP = get_kb_item("SMB/WinXP/ServicePack");
if("Service Pack 2" >< SP)
{
if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3199") ||
version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16544")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
}
else if(hotfix_check_sp(win2003:3) > 0)
{
SP = get_kb_item("SMB/Win2003/ServicePack");
if("Service Pack 1" >< SP)
{
if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.2993") ||
version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16544")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
else if("Service Pack 2" >< SP)
{
if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2900.3199") ||
version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4134") ||
version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16544")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
else if("Service Pack 0" >< SP)
{
if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.2993")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
}
else if(hotfix_check_sp(vista:2) > 0)
{
SP = get_kb_item("SMB/WinVista/ServicePack");
if("Service Pack 0" >< SP)
{
if(version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16546")){
security_message( port: 0, data: "The target host was found to be vulnerable" ); exit(0);
}
}
}
exit(99);