Vulnerabilities > CVE-2008-2255 - Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
CWE-399
critical
nessus

Summary

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
5

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS08-045.NASL
descriptionThe remote host is missing the IE cumulative security update 953838. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id33874
published2008-08-13
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/33874
titleMS08-045: Cumulative Security Update for Internet Explorer (953838)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(33874);
 script_version("1.28");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id(
  "CVE-2008-2254",
  "CVE-2008-2255",
  "CVE-2008-2256",
  "CVE-2008-2257",
  "CVE-2008-2258",
  "CVE-2008-2259"
 );
 script_bugtraq_id(28295, 30610, 30611, 30612, 30613, 30614);
 script_xref(name:"MSFT", value:"MS08-045");
 script_xref(name:"MSKB", value:"953838");

 script_name(english:"MS08-045: Cumulative Security Update for Internet Explorer (953838)");
 script_summary(english:"Determines the presence of update 953838");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web
client.");
 script_set_attribute(attribute:"description", value:
"The remote host is missing the IE cumulative security update 953838.

The remote version of IE is vulnerable to several flaws that could allow
an attacker to execute arbitrary code on the remote host.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-045");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 399);

 script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2008/08/12");
 script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS08-045';
kb       = '953838';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);


get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'1,2', vista:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.22212", min_version:"7.0.6001.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Mshtml.dll", version:"7.0.6001.18099", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Mshtml.dll", version:"7.0.6000.20868", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Mshtml.dll", version:"7.0.6000.16711", dir:"\system32", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.2", sp:1, file:"Mshtml.dll", version:"6.0.3790.3167", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.4324", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"7.0.6000.20861", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"7.0.6000.16705", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.1", file:"Mshtml.dll", version:"7.0.6000.20861", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", file:"Mshtml.dll", version:"7.0.6000.16705", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Mshtml.dll", version:"6.0.2900.3395", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Mshtml.dll", version:"6.0.2900.5626", dir:"\system32", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"6.0.2800.1613", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"5.0.3866.2000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

accepted2014-08-18T04:05:59.772-04:00
classvulnerability
contributors
  • nameSudhir Gandhe
    organizationSecure Elements, Inc.
  • namePooja Shetty
    organizationSecPod Technologies
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Windows 2000 is installed
    ovaloval:org.mitre.oval:def:85
  • commentMicrosoft Internet Explorer 6 is installed
    ovaloval:org.mitre.oval:def:563
  • commentMicrosoft Windows 2000 is installed
    ovaloval:org.mitre.oval:def:85
  • commentMicrosoft Internet Explorer 5.01 SP4 is installed
    ovaloval:org.mitre.oval:def:325
  • commentMicrosoft Windows XP is installed
    ovaloval:org.mitre.oval:def:105
  • commentMicrosoft Windows XP (32-bit) is installed
    ovaloval:org.mitre.oval:def:1353
  • commentMicrosoft Internet Explorer 7 is installed
    ovaloval:org.mitre.oval:def:627
  • commentMicrosoft Windows XP is installed
    ovaloval:org.mitre.oval:def:105
  • commentMicrosoft Windows Server 2003 (32-bit) is installed
    ovaloval:org.mitre.oval:def:1870
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Windows Server 2003 (ia64) Gold is installed
    ovaloval:org.mitre.oval:def:396
  • commentMicrosoft Internet Explorer 6 is installed
    ovaloval:org.mitre.oval:def:563
  • commentMicrosoft Windows Server 2003 (32-bit) is installed
    ovaloval:org.mitre.oval:def:1870
  • commentMicrosoft Windows Server 2003 (ia64) Gold is installed
    ovaloval:org.mitre.oval:def:396
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Windows XP x64 is installed
    ovaloval:org.mitre.oval:def:15247
  • commentMicrosoft Internet Explorer 6 is installed
    ovaloval:org.mitre.oval:def:563
  • commentMicrosoft Windows Server 2003 (32-bit) is installed
    ovaloval:org.mitre.oval:def:1870
  • commentMicrosoft Windows Server 2003 (x64) is installed
    ovaloval:org.mitre.oval:def:730
  • commentMicrosoft Windows Server 2003 (ia64) Gold is installed
    ovaloval:org.mitre.oval:def:396
  • commentMicrosoft Windows XP x64 is installed
    ovaloval:org.mitre.oval:def:15247
  • commentMicrosoft Windows Vista is installed
    ovaloval:org.mitre.oval:def:228
  • commentMicrosoft Internet Explorer 7 is installed
    ovaloval:org.mitre.oval:def:627
  • commentMicrosoft Internet Explorer 7 is installed
    ovaloval:org.mitre.oval:def:627
  • commentMicrosoft Windows Vista (32-bit) is installed
    ovaloval:org.mitre.oval:def:1282
  • commentMicrosoft Windows Vista x64 Edition is installed
    ovaloval:org.mitre.oval:def:2041
  • commentMicrosoft Windows Server 2008 (32-bit) is installed
    ovaloval:org.mitre.oval:def:4870
  • commentMicrosoft Windows Server 2008 (64-bit) is installed
    ovaloval:org.mitre.oval:def:5356
  • commentMicrosoft Windows Server 2008 (ia-64) is installed
    ovaloval:org.mitre.oval:def:5667
descriptionMicrosoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
familywindows
idoval:org.mitre.oval:def:5602
statusaccepted
submitted2008-08-13T09:28:00
titleHTML Objects Memory Corruption Vulnerability
version74