Vulnerabilities > CVE-2012-1766 - Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0
Summary
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html 'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Msbulletin
bulletin_id MS12-067 bulletin_url date 2012-10-09T00:00:00 impact Remote Code Execution knowledgebase_id 2742321 knowledgebase_url severity Important title Vulnerability in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution bulletin_id MS12-058 bulletin_url date 2012-08-14T00:00:00 impact Remote Code Execution knowledgebase_id 2740358 knowledgebase_url severity Critical title Vulnerability in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS12-067.NASL description The remote host is using a vulnerable version of FAST Search Server 2010 for SharePoint. When the Advanced Filter Pack is enabled, vulnerable versions of the Oracle Outside In libraries are used to parse files. An attacker could exploit this by uploading a malicious file to a site using FAST Search to index, which could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 62462 published 2012-10-10 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62462 title MS12-067: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62462); script_version("1.19"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-1766", "CVE-2012-1767", "CVE-2012-1768", "CVE-2012-1769", "CVE-2012-1770", "CVE-2012-1771", "CVE-2012-1772", "CVE-2012-1773", "CVE-2012-3106", "CVE-2012-3107", "CVE-2012-3108", "CVE-2012-3109", "CVE-2012-3110" ); script_bugtraq_id( 54497, 54500, 54504, 54506, 54511, 54531, 54536, 54541, 54543, 54546, 54548, 54550, 54554 ); script_xref(name:"CERT", value:"118913"); script_xref(name:"MSFT", value:"MS12-067"); script_xref(name:"Secunia", value:"49936"); script_xref(name:"MSKB", value:"2553402"); script_name(english:"MS12-067: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)"); script_summary(english:"Checks version of Sccfa.dll"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by multiple code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is using a vulnerable version of FAST Search Server 2010 for SharePoint. When the Advanced Filter Pack is enabled, vulnerable versions of the Oracle Outside In libraries are used to parse files. An attacker could exploit this by uploading a malicious file to a site using FAST Search to index, which could result in arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2012/2737111"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-067"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for FAST Search Server 2010."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3110"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-12-497"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "fast_search_server_installed.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS12-067'; kb = '2553402'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (get_kb_item('SMB/fast_search_server/prodtype') == 'forSharePoint') fast_path = get_kb_item('SMB/fast_search_server/path'); if (isnull(fast_path)) audit(AUDIT_NOT_INST, 'FAST Search Server for SharePoint'); if (fast_path[strlen(fast_path) - 1] != "\") fast_path += "\"; fast_path += 'bin'; share = fast_path[0] + '$'; if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if (hotfix_is_vulnerable(path:fast_path, file:"Sccfa.dll", version:"8.3.7.171", bulletin:bulletin, kb:kb)) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_note(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
NASL family Windows NASL id GROUPWISE_IA_803_HP1.NASL description The version of Novell GroupWise Internet Agent running on the remote host is 8.x less than or equal to 8.0.2 HP3, or 12.x earlier than 12.0.1. As such, it is potentially affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists when parsing requests to the web-based admin interface with a specially crafted Content-Length header. - Multiple vulnerabilities exist in the bundled Oracle last seen 2020-06-01 modified 2020-06-02 plugin id 62283 published 2012-09-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62283 title Novell GroupWise Internet Agent 8.x <= 8.0.2 HP3 / 12.x < 12.0.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62283); script_version("1.13"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2012-0271", "CVE-2012-1766", "CVE-2012-1767", "CVE-2012-1768", "CVE-2012-1769", "CVE-2012-1770", "CVE-2012-1771", "CVE-2012-1772", "CVE-2012-1773", "CVE-2012-3106", "CVE-2012-3107", "CVE-2012-3108", "CVE-2012-3109", "CVE-2012-3110" ); script_bugtraq_id( 54497, 54500, 54504, 54506, 54511, 54531, 54536, 54541, 54543, 54546, 54548, 54550, 54554, 55551 ); script_name(english:"Novell GroupWise Internet Agent 8.x <= 8.0.2 HP3 / 12.x < 12.0.1 Multiple Vulnerabilities"); script_summary(english:"Checks GWIA version"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has an application that is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The version of Novell GroupWise Internet Agent running on the remote host is 8.x less than or equal to 8.0.2 HP3, or 12.x earlier than 12.0.1. As such, it is potentially affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists when parsing requests to the web-based admin interface with a specially crafted Content-Length header. - Multiple vulnerabilities exist in the bundled Oracle 'Outside In' viewer technology. By exploiting these flaws, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application."); script_set_attribute(attribute:"see_also", value:"https://support.microfocus.com/kb/doc.php?id=7010769"); script_set_attribute(attribute:"solution", value:"Update GWIA to version 8.0.3 Hot Patch 1, 12.0.1, or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-12-497"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/09/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe",value:"cpe:/a:novell:groupwise"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("smb_enum_services.nasl", "groupwise_ia_detect.nasl"); script_require_keys("SMB/GWIA/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("smb_func.inc"); version = get_kb_item_or_exit("SMB/GWIA/Version"); path = get_kb_item_or_exit("SMB/GWIA/Path"); # Unless we're paranoid, make sure the service is running. if (report_paranoia < 2) { status = get_kb_item_or_exit("SMB/svc/GWIA"); if (status != SERVICE_ACTIVE) exit(0, "The GroupWise Internet Agent service is installed but not active."); } if (version =~ '^8\\.' && ver_compare(ver:version, fix:'8.0.2.16933') <= 0) fixed_version = '8.0.3.23395'; else if (version =~ '^12\\.' && ver_compare(ver:version, fix:'12.0.1.13731') == -1) fixed_version = '12.0.1.13731'; # Check the version number. if (fixed_version); { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); exit(0); } audit (AUDIT_INST_PATH_NOT_VULN, 'GroupWise Internet Agent', version, path);
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS12-058.NASL description The version of Microsoft Exchange running on the remote host is using a vulnerable set of the Oracle Outside In libraries. These libraries are used by the WebReady Document Viewing feature to display certain kinds of attachments viewed via Outlook Web App (OWA). An attacker could exploit this by sending a malicious email attachment to a user who views it in OWA, resulting in arbitrary code execution as LocalService. last seen 2020-06-01 modified 2020-06-02 plugin id 61533 published 2012-08-15 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61533 title MS12-058: Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(61533); script_version("1.22"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-1766", "CVE-2012-1767", "CVE-2012-1768", "CVE-2012-1769", "CVE-2012-1770", "CVE-2012-1771", "CVE-2012-1772", "CVE-2012-1773", "CVE-2012-3106", "CVE-2012-3107", "CVE-2012-3108", "CVE-2012-3109", "CVE-2012-3110" ); script_bugtraq_id( 54497, 54500, 54504, 54506, 54511, 54531, 54536, 54541, 54543, 54546, 54548, 54550, 54554 ); script_xref(name:"CERT", value:"118913"); script_xref(name:"MSFT", value:"MS12-058"); script_xref(name:"Secunia", value:"49936"); script_xref(name:"MSKB", value:"2706690"); script_xref(name:"MSKB", value:"2734323"); script_xref(name:"MSKB", value:"2743248"); script_name(english:"MS12-058: Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)"); script_summary(english:"Checks version of transcodingservice.exe"); script_set_attribute(attribute:"synopsis", value: "The remote mail server has multiple code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Microsoft Exchange running on the remote host is using a vulnerable set of the Oracle Outside In libraries. These libraries are used by the WebReady Document Viewing feature to display certain kinds of attachments viewed via Outlook Web App (OWA). An attacker could exploit this by sending a malicious email attachment to a user who views it in OWA, resulting in arbitrary code execution as LocalService."); # http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=57&Itemid=57 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a339f216"); # http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=58&Itemid=58 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?689a4e3d"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2012/2737111"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-058"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Exchange 2007 and 2010."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3110"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-12-497"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS12-058'; kbs = make_list('2706690', '2734323', '2743248'); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE); get_kb_item_or_exit("SMB/Registry/Enumerated"); version = get_kb_item_or_exit('SMB/Exchange/Version', exit_code:1); if (version != 80 && version != 140) audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version); sp = get_kb_item_or_exit('SMB/Exchange/SP', exit_code:1); if (version == 80) { if (sp == 3) { kb = '2734323'; ver = '8.3.279.4'; min_ver = '8.0.0.0'; } else audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2007 SP' + sp); } else if (version == 140) { if (sp == 1) { kb = '2743248'; ver = '14.1.421.2'; min_ver = '14.1.0.0'; } else if (sp == 2) { kb = '2706690'; ver = '14.2.318.4'; min_ver = '14.2.0.0'; } else audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2010 SP' + sp); } path = get_kb_item_or_exit('SMB/Exchange/Path', exit_code:1); path += "\ClientAccess\Owa\Bin\DocumentViewing"; match = eregmatch(string:path, pattern:'^([A-Za-z]):.+'); if (isnull(match)) exit(1, "Error parsing path (" + path + ")."); share = match[1] + '$'; if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if (hotfix_is_vulnerable(path:path, file:"transcodingservice.exe", version:ver, min_version:min_ver, bulletin:bulletin, kb:kb)) { set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_note(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
NASL family Windows NASL id SYMANTEC_ENTERPRISE_VAULT_SYM12-015.NASL description The version of Symantec Enterprise Vault installed on the remote host uses a version of the Oracle Outside-In libraries that contains multiple vulnerabilities. A remote attacker could send an email with a malicious attachment to be downloaded and stored in a user last seen 2020-06-01 modified 2020-06-02 plugin id 62458 published 2012-10-09 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62458 title Symantec Enterprise Vault < 10.0.2 Multiple Vulnerabilities in Oracle Outside-In Libraries (SYM12-015) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(62458); script_version("1.15"); script_cvs_date("Date: 2019/12/04"); script_cve_id( "CVE-2012-1766", "CVE-2012-1767", "CVE-2012-1768", "CVE-2012-1769", "CVE-2012-1770", "CVE-2012-1771", "CVE-2012-1772", "CVE-2012-1773", "CVE-2012-3106", "CVE-2012-3107", "CVE-2012-3108", "CVE-2012-3109", "CVE-2012-3110" ); script_bugtraq_id( 54497, 54500, 54504, 54506, 54511, 54531, 54536, 54541, 54543, 54546, 54548, 54550, 54554 ); script_xref(name:"CERT", value:"118913"); script_name(english:"Symantec Enterprise Vault < 10.0.2 Multiple Vulnerabilities in Oracle Outside-In Libraries (SYM12-015)"); script_summary(english:"Checks version of EVConverterSandbox.exe"); script_set_attribute(attribute:"synopsis", value: "An archiving application installed on the remote host has multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Symantec Enterprise Vault installed on the remote host uses a version of the Oracle Outside-In libraries that contains multiple vulnerabilities. A remote attacker could send an email with a malicious attachment to be downloaded and stored in a user's mail box until processed for archiving thus potentially resulting in a denial of service in the application or allow arbitrary code execution."); # https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?07dc310c"); # https://support.symantec.com/en_US/article.SYMSA1259.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ea261c73"); script_set_attribute(attribute:"solution", value: "Upgrade to Symantec Enterprise Vault version 10.0.2 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3110"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-12-497"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/20"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:symantec:enterprise_vault"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("symantec_enterprise_vault_installed.nasl"); script_require_keys("SMB/enterprise_vault/path", "SMB/enterprise_vault/ver"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); function pretty() { local_var match, ver; ver = _FCT_ANON_ARGS[0]; match = eregmatch(string:ver, pattern:"^([0-9.]+)\.([0-9]+)$"); if (isnull(match)) exit(1, "Error parsing version ('" + ver + "')."); return match[1] + " build " + match[2]; } path = get_kb_item_or_exit("SMB/enterprise_vault/path"); ver = get_kb_item_or_exit("SMB/enterprise_vault/ver"); pretty_ver = pretty(ver); fix = "10.0.2.1112"; if (ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) { port = get_kb_item("SMB/transport"); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + pretty_ver + '\n Fixed version : ' + pretty(fix) + '\n'; security_note(port:port, extra:report); } else security_note(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Symantec Enterprise Vault", pretty_ver, path);
NASL family Windows NASL id SMB_KB2737111.NASL description This plugin originally checked for the workaround described in Microsoft Security Advisory 2737111, and has been deprecated due to the publication of MS12-067. Microsoft has released a patch that makes the workaround unnecessary. To check for the patch, use Nessus plugin ID xxxxx. last seen 2017-10-29 modified 2014-06-09 plugin id 60155 published 2012-07-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=60155 title Microsoft Security Advisory 2737111: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2012/10/09. Deprecated by smb_nt_ms12-067.nasl. include("compat.inc"); if (description) { script_id(60155); script_version("1.14"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_cve_id( "CVE-2012-1766", "CVE-2012-1767", "CVE-2012-1768", "CVE-2012-1769", "CVE-2012-1770", "CVE-2012-1771", "CVE-2012-1772", "CVE-2012-1773", "CVE-2012-3106", "CVE-2012-3107", "CVE-2012-3108", "CVE-2012-3109", "CVE-2012-3110" ); script_bugtraq_id( 54497, 54500, 54504, 54506, 54511, 54531, 54536, 54541, 54543, 54546, 54548, 54550, 54554 ); script_xref(name:"CERT", value:"118913"); script_xref(name:"Secunia", value:"49936"); script_name(english:"Microsoft Security Advisory 2737111: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (deprecated)"); script_summary(english:"Checks if workarounds are being used"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "This plugin originally checked for the workaround described in Microsoft Security Advisory 2737111, and has been deprecated due to the publication of MS12-067. Microsoft has released a patch that makes the workaround unnecessary. To check for the patch, use Nessus plugin ID xxxxx." ); script_set_attribute(attribute:"solution",value:"n/a"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("fast_search_server_installed.nasl"); script_require_keys("SMB/fast_search_server/path", "SMB/fast_search_server/prodtype"); script_require_ports(139, 445); exit(0); } exit(0, "This plugin has been deprecated. Use smb_nt_ms12-067.nasl (plugin ID 62462) instead."); include("smb_func.inc"); include("smb_hotfixes.inc"); include("audit.inc"); global_var login, pass, domain; ## # checks whether or not the given configuration file is using the # workaround described by kb2737111 # # @anonparam path path of the XML configuration file to check # @return the line of the config file that indicates the workaround isn't being used, # NULL otherwise ## function _is_fast_vulnerable() { local_var path, vuln_line, rc, fh, len, data, match, share, dir, parts, xml, line; path = _FCT_ANON_ARGS[0]; vuln_line = NULL; parts = split(path, sep:':', keep:FALSE); share = parts[0] + '$'; xml = parts[1]; rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) { NetUseDel(close:FALSE); return NULL; } fh = CreateFile( file:xml, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_NORMAL, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING ); if (fh) { # This file was a little over 2k. the 4k cap is a sanity check and should be more than enough len = GetFileSize(handle:fh); if (len > 4096) len = 4096; data = ReadFile(handle:fh, length:len, offset:0); if (strlen(data) == len) { foreach line (split(data, sep:'\n', keep:FALSE)) { match = eregmatch(string:line, pattern:'name="SearchExportConverter" active="([^"]+)"'); if (match[1] == 'yes') vuln_line = line; } } CloseFile(handle:fh); } NetUseDel(close:FALSE); return vuln_line; } if (get_kb_item('SMB/fast_search_server/prodtype') == 'forSharePoint') fast_path = get_kb_item('SMB/fast_search_server/path'); if (isnull(fast_path)) audit(AUDIT_NOT_INST, 'FAST Search Server for SharePoint'); name = kb_smb_name(); port = kb_smb_transport(); if (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); soc = open_sock_tcp(port); if (!soc) audit(AUDIT_SOCK_FAIL, port); session_init(socket:soc, hostname:name); report = NULL; if (fast_path) { xml_path = fast_path + "\etc\config_data\DocumentProcessor\optionalprocessing.xml"; if (line = _is_fast_vulnerable(xml_path)) { report += '\nThe workaround for FAST Search Server 2010 for SharePoint is not being' + '\nused. Nessus determined this by reading the following file : ' + '\n\n' + xml_path + '\n\nwhich contains the following line :' + '\n\n' + line; } } NetUseDel(); if (isnull(report)) audit(AUDIT_HOST_NOT, 'affected'); if (report_verbosity > 0) { report += '\n'; security_hole(port:port, extra:report); } else security_hole(port);
Oval
accepted | 2012-11-05T04:00:15.227-05:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||||||||||||||||
family | windows | ||||||||||||||||
id | oval:org.mitre.oval:def:15724 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2012-08-20T10:24:13 | ||||||||||||||||
title | Oracle Outside In contains multiple exploitable vulnerabilities - I | ||||||||||||||||
version | 8 |
References
- http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx
- http://technet.microsoft.com/security/advisory/2737111
- http://www.kb.cert.org/vuls/id/118913
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.securityfocus.com/bid/54531
- http://www.securitytracker.com/id?1027264
- http://www-01.ibm.com/support/docview.wss?uid=swg21660640
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76999
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15724