Vulnerabilities > CVE-2012-0176 - Resource Management Errors vulnerability in Microsoft Silverlight
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Msbulletin
| bulletin_id | MS12-034 |
| bulletin_url | |
| date | 2012-05-08T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2681578 |
| knowledgebase_url | |
| severity | Critical |
| title | Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS12-034.NASL description The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data. (CVE-2011-3402) - A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159) - A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162) - A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2012-0164) - A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165) - A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167) - A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0180) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848) last seen 2020-06-01 modified 2020-06-02 plugin id 59042 published 2012-05-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59042 title MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59042); script_version("1.49"); script_cvs_date("Date: 2018/11/15 20:50:31"); script_cve_id( "CVE-2011-3402", "CVE-2012-0159", "CVE-2012-0162", "CVE-2012-0164", "CVE-2012-0165", "CVE-2012-0167", "CVE-2012-0176", "CVE-2012-0180", "CVE-2012-0181", "CVE-2012-1848" ); script_bugtraq_id( 50462, 53324, 53326, 53327, 53335, 53347, 53351, 53358, 53360, 53363 ); script_xref(name:"MSFT", value:"MS12-034"); script_xref(name:"IAVA", value:"2012-A-0079"); script_xref(name:"EDB-ID", value:"18894"); script_xref(name:"ZDI", value:"ZDI-12-131"); script_xref(name:"MSKB", value:"2589337"); script_xref(name:"MSKB", value:"2596672"); script_xref(name:"MSKB", value:"2596792"); script_xref(name:"MSKB", value:"2598253"); script_xref(name:"MSKB", value:"2636927"); script_xref(name:"MSKB", value:"2656405"); script_xref(name:"MSKB", value:"2656407"); script_xref(name:"MSKB", value:"2656409"); script_xref(name:"MSKB", value:"2656410"); script_xref(name:"MSKB", value:"2656411"); script_xref(name:"MSKB", value:"2658846"); script_xref(name:"MSKB", value:"2659262"); script_xref(name:"MSKB", value:"2660649"); script_xref(name:"MSKB", value:"2676562"); script_xref(name:"MSKB", value:"2686509"); script_xref(name:"MSKB", value:"2690729"); script_name(english:"MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)"); script_summary(english:"Checks the version of multiple files."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data. (CVE-2011-3402) - A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159) - A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162) - A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2012-0164) - A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165) - A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167) - A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0180) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181) - A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848)"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-12-131/"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Aug/60"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-034"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2; Office 2003, 2007, and 2010; .NET Framework 3.0, 3.5.1, and 4.0; and Silverlight 4 and 5."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:silverlight"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies( "smb_hotfixes.nasl", "office_installed.nasl", "silverlight_detect.nasl", "ms_bulletin_checks_possible.nasl" ); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS12-034'; kbs = make_list( '2589337', '2596672', '2596672', '2596792', '2598253', '2636927', '2656405', '2656407', '2656409', '2656410', '2656411', '2658846', '2659262', '2660649', '2676562', '2686509', '2690729' ); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); vuln = 0; ####################### # KB2686509 # ####################### winver = get_kb_item('SMB/WindowsVersion'); spver = get_kb_item('SMB/CSDVersion'); prodname = get_kb_item('SMB/ProductName'); if (spver) spver = int(ereg_replace(string:spver, pattern:'.*Service Pack ([0-9]).*', replace:"\1")); if ( winver && spver && prodname && ((winver == '5.2' && spver == 2) || (winver == '5.1' && spver == 3)) ) { if (winver == '5.2' && spver == 2 && 'XP' >< prodname) reg_name = "SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB2686509\Description"; else if (winver == '5.2' && spver == 2) reg_name = "SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2686509\Description"; else if (winver == '5.1' && spver == 3) reg_name = "SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2686509\Description"; registry_init(); hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE); desc = get_registry_value(handle:hklm, item:reg_name); RegCloseKey(handle:hklm); close_registry(); if (isnull(desc)) { hotfix_add_report(' According to the registry, KB2686509 is missing.\n', bulletin:bulletin, kb:"2686509"); vuln++; } } rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); path = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:"\1$", string:rootfile); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); hcf_init = TRUE; get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); office_versions = hotfix_check_office_version(); cdir = hotfix_get_commonfilesdir(); ################################################################ # Office Checks # ################################################################ ############################# # Office 2003 SP3 KB2598253 # ############################# if (office_versions["11.0"]) { office_sp = get_kb_item("SMB/Office/2003/SP"); if (!isnull(office_sp) && office_sp == 3) { path = hotfix_get_officeprogramfilesdir(officever:'11.0') + "\Microsoft Office\Office11"; if (hotfix_is_vulnerable(file:"Gdiplus.dll", version:"11.0.8345.0", min_version:"11.0.0.0", path:path, bulletin:bulletin, kb:'2598253')) vuln++; } } ############################# # Office 2007 SP2 # # KB2596672, KB2596792 # ############################# if (office_versions["12.0"]) { office_sp = get_kb_item("SMB/Office/2007/SP"); if (!isnull(office_sp) && (office_sp == 2 || office_sp == 3)) { path = cdir + "\Microsoft Shared\Office12"; if (hotfix_is_vulnerable(file:"Ogl.dll", version:"12.0.6659.5000", path:path, bulletin:bulletin, kb:'2596672')) vuln++; path = cdir + "\Microsoft SHared\MODI\12.0"; if (hotfix_is_vulnerable(file:"Mspcore.dll", version:"12.0.6658.5001", path:path, bulletin:bulletin, kb:'2596792')) vuln++; } } ############################# # Office 2010 KB2589337 # ############################# if (office_versions["14.0"]) { office_sp = get_kb_item("SMB/Office/2010/SP"); if (!isnull(office_sp) && (office_sp == 0 || office_sp == 1)) { path = cdir + "\Microsoft Shared\Office14"; if (hotfix_is_vulnerable(file:"Ogl.dll", version:"14.0.6117.5001", path:path, bulletin:bulletin, kb:'2589337')) vuln++; } } # Silverlight 4.x / 5.x slfix = NULL; slkb = NULL; ver = get_kb_item("SMB/Silverlight/Version"); if (ver =~ '^4\\.' && ver_compare(ver:ver, fix:'4.1.10329.0') == -1) { slfix = '4.1.10329'; slkb = '2690729'; } else if (ver =~ '^5\\.' && ver_compare(ver:ver, fix:'5.1.10411.0') == -1) { slfix = '5.1.10411'; slkb = '2636927'; } if (slfix) { path = get_kb_item("SMB/Silverlight/Path"); report += '\n Product : Microsoft Silverlight' + '\n Path : ' + path + '\n Installed version : ' + ver + '\n Fixed version : ' + slfix + '\n'; hotfix_add_report(report, bulletin:bulletin, kb:slkb); vuln++; } if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) { if (vuln > 0) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else audit(AUDIT_OS_SP_NOT_VULN); } if (!is_accessible_share()) exit(1, "is_accessible_share() failed."); ################################################################ # .NET Framework Checks # ################################################################ net3path = hotfix_get_programfilesdir() + "\Reference Assemblies\Microsoft\Framework\v3.0"; if (!isnull(net3path)) { # .NET Framework 3.0 on Windows XP / Windows Server 2003 missing = 0; missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"3.0.6920.4021", min_version:"3.0.6920.0", dir:net3path); missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"3.0.6920.5810", min_version:"3.0.6920.5700", dir:net3path); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"3.0.6920.4021", min_version:"3.0.6920.0", dir:net3path); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"3.0.6920.5810", min_version:"3.0.6920.5700", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656407"); vuln += missing; # .NET Framework 3.0 on Windows Vista / Windows Server 2008 missing = 0; missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"3.0.6920.4213", min_version:"3.0.6920.0", dir:net3path); missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"3.0.6920.5794", min_version:"3.0.6920.5700", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656409"); vuln += missing; # .NET Framework 3.5.1 on Windows 7 / Server 2008 R2 missing = 0; missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"PresentationCore.dll", version:"3.0.6920.5809", min_version:"3.0.6920.5700", dir:net3path); missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"PresentationCore.dll", version:"3.0.6920.5005", min_version:"3.0.6920.5000", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656410"); vuln += missing; # .NET Framework 3.5.1 on Windows 7 SP1 / Server 2008 R2 SP1 missing = 0; missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"PresentationCore.dll", version:"3.0.6920.5794", min_version:"3.0.6920.5700", dir:net3path); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"PresentationCore.dll", version:"3.0.6920.5448", min_version:"3.0.6920.5000", dir:net3path); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2633873"); vuln += missing; } # .NET Framework 4.0 on all supported versions of Windows missing = 0; missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.1", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.2", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.0", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.1", file:"PresentationCore.dll", version:"4.0.30319.275", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.1", file:"PresentationCore.dll", version:"4.0.30319.550", min_version:"4.0.30319.400", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2656405"); vuln += missing; ################################################################ # Windows Checks # ################################################################ ####################### # KB2676562 # ####################### missing = 0; # Windows 7 / 2008 R2 missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.21955", min_version:"6.1.7601.21000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.17803", min_version:"6.1.7601.17000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Win32k.sys", version:"6.1.7600.21179", min_version:"6.1.7600.20000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.1", sp:0, file:"Win32k.sys", version:"6.1.7600.16988", min_version:"6.1.7600.16000", dir:"\system32"); # Windows Vista / 2008 missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.22831", min_version:"6.0.6002.22000", dir:"\system32"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.18607", min_version:"6.0.6002.18000", dir:"\system32"); # Windows 2003 / XP 64-bit missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"Win32k.sys", version:"5.2.3790.4980", dir:"\system32"); # Windows XP 32-bit missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"Win32k.sys", version:"5.1.2600.6206", dir:"\system32"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:'2676562'); vuln+= missing; ################################ # WinSxS Checks # ################################ winsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:"\1\WinSxS", string:rootfile); ####################### # KB2659262 # ####################### kb = '2659262'; files = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft.windows.gdiplus', file_pat:'^gdiplus\\.dll$'); # Windows XP / 2003 vuln += hotfix_check_winsxs(os:'5.1', sp:3, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb); vuln += hotfix_check_winsxs(os:'5.2', sp:2, files:files, versions:make_list('5.2.6002.22791'), bulletin:bulletin, kb:kb); # Windows Vista / 2008 versions = make_list('5.2.6002.18581', '5.2.6002.22795', '6.0.6002.18581', '6.0.6002.22795'); max_versions = make_list('5.2.6002.20000', '5.2.6002.99999', '6.0.6002.20000', '6.0.6002.99999'); vuln += hotfix_check_winsxs(os:'6.0', sp:2, files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb); # Windows 7 / 2008 R2 versions = make_list('5.2.7600.17007', '5.2.7600.21198', '5.2.7601.17825', '5.2.7601.21977', '6.1.7600.17007', '6.1.7600.21198', '6.1.7601.17825', '6.1.7601.21977'); max_versions = make_list('5.2.7600.20000', '5.2.7600.99999', '5.2.7601.20000', '5.2.7601.99999', '6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', '6.1.7601.99999'); vuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb); ####################### # KB2658846 # ####################### kb = '2658846'; files = list_dir(basedir:winsxs, level:0, dir_pat:'microsoft-windows-directwrite', file_pat:'^Dwrite\\.dll$'); # Windows Vista / Windows Server 2008 vuln += hotfix_check_winsxs(os:'6.0', files:files, versions:make_list('7.0.6002.18592', '7.0.6002.22807'), max_versions:make_list('7.0.6002.20000', '7.0.6002.99999'), bulletin:bulletin, kb:kb); # Windows 7 2008 R2 versions = make_list('6.1.7600.16972', '6.1.7600.21162', '6.1.7601.17789', '6.1.7601.21935'); max_versions = make_list('6.1.7600.20000', '6.1.7600.99999', '6.1.7601.20000', ''); vuln += hotfix_check_winsxs(os:'6.1', files:files, versions:versions, max_versions:max_versions, bulletin:bulletin, kb:kb); ####################### # KB2660649 # ####################### kb = '2660649'; # Windows XP / Windows Server 2003 #(hotfix_check_sp(xp:4, win2003:3) > 0 && (version_cmp(a:ver, b:'1.7.2600.6189') >= 0)) || base_path = hotfix_get_programfilesdir(); if (!base_path) base_path = hotfix_get_programfilesdirx86(); if (!base_path) audit(AUDIT_PATH_NOT_DETERMINED, "Common Files"); full_path = hotfix_append_path(path:base_path, value:"\windows journal"); if ( # Vista hotfix_is_vulnerable(os:"6.0", sp:2, file:"jnwdrv.dll", version:"0.3.6002.22789", min_version:"0.3.6002.20000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.0", sp:2, file:"jnwdrv.dll", version:"0.3.6002.18579", min_version:"0.3.6002.18000", path:full_path, bulletin:bulletin, kb:kb) || # Windows 7 hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7601.21955", min_version:"0.3.7601.18000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7601.17803", min_version:"0.3.7601.16000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7600.21179", min_version:"0.3.7600.18000", path:full_path, bulletin:bulletin, kb:kb) || hotfix_is_vulnerable(os:"6.1", sp:1, file:"jnwdrv.dll", version:"0.3.7600.16988", min_version:"0.3.7600.16000", path:full_path, bulletin:bulletin, kb:kb) ) vuln += 1; hotfix_check_fversion_end(); ####################### # Report # ####################### if (vuln > 0) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family MacOS X Local Security Checks NASL id MACOSX_MS12-034.NASL description The version of Microsoft Silverlight installed on the remote host is reportedly affected by several vulnerabilities : - Incorrect handling of TrueType font (TTF) files could lead to arbitrary code execution. (CVE-2011-3402 / CVE-2012-0159) - A double-free condition leading to arbitrary code execution could be triggered when rendering specially crafted XAML glyphs. (CVE-2012-0176) last seen 2020-06-01 modified 2020-06-02 plugin id 59045 published 2012-05-09 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59045 title MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) (Mac OS X)
Oval
| accepted | 2013-04-22T04:00:10.921-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:15574 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2012-05-08T13:00:00 | ||||||||||||
| title | Silverlight Double-Free Vulnerability | ||||||||||||
| version | 8 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 53360 CVE ID: CVE-2012-0176 Microsoft Silverlight是跨浏览器、跨平台的.NET实现,用于为Web构建媒体体验和交互应用。 Microsoft Silverlight 中存在一个远程执行代码漏洞,它可能允许特制的 Silverlight 应用程序以不安全的方式访问内存。成功利用此漏洞的攻击者可以在登录用户的安全上下文中运行任意代码。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 0 Microsoft Silverlight 4.0 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-034)以及相应补丁: MS12-034:Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-034.asp |
| id | SSV:60105 |
| last seen | 2017-11-19 |
| modified | 2012-05-09 |
| published | 2012-05-09 |
| reporter | Root |
| title | Microsoft Silverlight双重释放远程代码执行漏洞(CVE-2012-0176)(MS12-034) |
References
- http://secunia.com/advisories/49122
- http://www.securityfocus.com/bid/53360
- http://www.securitytracker.com/id?1027040
- http://www.us-cert.gov/cas/techalerts/TA12-129A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15574