Vulnerabilities > CVE-2013-3128 - Unspecified vulnerability in Microsoft products

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

microsoft

critical

nessus

NVD

Published: 2013-10-09

Updated: 2020-12-08

Summary

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 7 - Microsoft Windows 8 - Microsoft Windows RT - Microsoft Windows Server 2003 - Microsoft Windows Server 2008 - Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 - Microsoft Windows Vista - Microsoft Windows XP -	18
Application	Microsoft Microsoft .Net Framework 3.0 Microsoft .Net Framework 3.5 Microsoft .Net Framework 3.5.1 Microsoft .Net Framework 4.0 Microsoft .Net Framework 4.5	5

Msbulletin

bulletin_id	MS13-081
bulletin_url
date	2013-10-08T00:00:00
impact	Remote Code Execution
knowledgebase_id	2870008
knowledgebase_url
severity	Critical
title	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

bulletin_id	MS13-082
bulletin_url
date	2013-10-08T00:00:00
impact	Remote Code Execution
knowledgebase_id	2878890
knowledgebase_url
severity	Critical
title	Vulnerabilities in .NET Framework Could Allow Remote Code Execution

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS13-081.NASL
description	The remote Windows host has the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in the way the Windows kernel-mode driver parses OpenType and TrueType fonts. (CVE-2013-3128, CVE-2013-3894) - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode drivers. (CVE-2013-3879, CVE-2013-3880, CVE-2013-3880, CVE-2013-3888) - A privilege escalation vulnerability exists in the Windows USB drivers. (CVE-2013-3200) An attacker who successfully exploited these vulnerabilities could read arbitrary amounts of kernel memory or gain elevated privileges. Note that the update was re-offered for Windows 7 and 2008 R2 as of January 14, 2014.
last seen	2020-06-01
modified	2020-06-02
plugin id	70333
published	2013-10-09
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/70333
title	MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70333); script_version("1.23"); script_cvs_date("Date: 2018/11/15 20:50:31"); script_cve_id( "CVE-2013-3128", "CVE-2013-3200", "CVE-2013-3879", "CVE-2013-3880", "CVE-2013-3881", "CVE-2013-3888", "CVE-2013-3894" ); script_bugtraq_id( 62819, 62821, 62823, 62828, 62830, 62831, 62833 ); script_xref(name:"MSFT", value:"MS13-081"); script_xref(name:"MSKB", value:"2847311"); script_xref(name:"MSKB", value:"2847311"); script_xref(name:"MSKB", value:"2862330"); script_xref(name:"MSKB", value:"2862335"); script_xref(name:"MSKB", value:"2863725"); script_xref(name:"MSKB", value:"2864202"); script_xref(name:"MSKB", value:"2868038"); script_xref(name:"MSKB", value:"2876284"); script_xref(name:"MSKB", value:"2883150"); script_xref(name:"MSKB", value:"2884256"); script_name(english:"MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)"); script_summary(english:"Checks file version of the affected files."); script_set_attribute( attribute:"synopsis", value: "The Windows kernel drivers on the remote host are affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote Windows host has the following vulnerabilities : - Multiple remote code execution vulnerabilities exist in the way the Windows kernel-mode driver parses OpenType and TrueType fonts. (CVE-2013-3128, CVE-2013-3894) - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode drivers. (CVE-2013-3879, CVE-2013-3880, CVE-2013-3880, CVE-2013-3888) - A privilege escalation vulnerability exists in the Windows USB drivers. (CVE-2013-3200) An attacker who successfully exploited these vulnerabilities could read arbitrary amounts of kernel memory or gain elevated privileges. Note that the update was re-offered for Windows 7 and 2008 R2 as of January 14, 2014."); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-235/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-237/"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-081"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 8, Windows RT, and 2012." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Windows TrackPopupMenuEx Win32k NULL Page'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS13-081'; kbs = make_list('2847311', '2855844', '2862330', '2862335', '2863725', '2864202', '2868038', '2876284', '2883150', '2884256'); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1); if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); # Check if this is a virtual host registry_init(); hcf_init = TRUE; hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE); biosproductname = get_registry_value(handle:hklm, item:"HARDWARE\Description\System\BIOS\SystemProductName"); if (biosproductname) biosproductname = tolower(biosproductname); RegCloseKey(handle:hklm); close_registry(close:FALSE); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); vuln = 0; ########## KB2847311 ########### # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # # Windows Server 8 # # Windows Server 2012 # ################################ if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Atmfd.dll", version:"5.1.2.237", dir:"\system32", bulletin:bulletin, kb:'2847311') \|\| # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Atmfd.dll", version:"5.1.2.238", dir:"\system32", bulletin:bulletin, kb:'2847311') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Atmfd.dll", version:"5.1.2.236", dir:"\system32", bulletin:bulletin, kb:'2847311') \|\| # Windows 2003 / XP x64 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Atmfd.dll", version:"5.2.2.236", dir:"\system32", bulletin:bulletin, kb:'2847311') \|\| # Windows XP x86 hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Atmfd.dll", version:"5.1.2.236", dir:"\system32", bulletin:bulletin, kb:'2847311') ) vuln++; ########## KB2855844 ########### # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008, # # Windows Server 2008 R2 # ################################ if ( # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Fntcache.dll", version:"6.1.7601.22434", min_version:"6.1.7601.22000", dir:"\system32", bulletin:bulletin, kb:'2855844') \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Fntcache.dll", version:"6.1.7601.18245", min_version:"6.1.7600.18000", dir:"\system32", bulletin:bulletin, kb:'2855844') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Fntcache.dll", version:"7.0.6002.23200", min_version:"7.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:'2855844') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Fntcache.dll", version:"7.0.6002.18923", min_version:"7.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:'2855844') ) vuln++; ########## KB2862330 ########### # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # # Windows Server 8 # # Windows Server 2012 # ################################ # Don't check for KB2862330 if the host is a virtual host if (biosproductname && ('vmware' >!< biosproductname && 'virtual box' >!< biosproductname && 'vbox' >!< biosproductname && 'virtual machine' >!< biosproductname && 'seabios' >< biosproductname)) { if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbport.sys", version:"6.2.9200.20761", min_version:"6.2.9200.20000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbport.sys", version:"6.2.9200.16654", min_version:"6.2.9200.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') \|\| # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbport.sys", version:"6.1.7601.22526", min_version:"6.1.7601.22000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbport.sys", version:"6.1.7601.18328", min_version:"6.1.7600.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbport.sys", version:"6.0.6002.23147", min_version:"6.0.6002.23000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbport.sys", version:"6.0.6002.18875", min_version:"6.0.6002.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') \|\| # Windows 2003 / XP x64 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Usbport.sys", version:"5.2.3790.5203", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') \|\| # Windows XP x86 hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Usbport.sys", version:"5.1.2600.6437", dir:"\system32\drivers", bulletin:bulletin, kb:'2862330') ) vuln++; } ########## KB2862335 ########### # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # # Windows Server 8 # # Windows Server 2012 # ################################ if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbscan.sys", version:"6.2.9200.20763", min_version:"6.2.9200.20000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbscan.sys", version:"6.2.9200.16656", min_version:"6.2.9200.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') \|\| # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbscan.sys", version:"6.1.7601.22374", min_version:"6.1.7601.22000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbscan.sys", version:"6.1.7601.18199", min_version:"6.1.7600.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbscan.sys", version:"6.0.6002.23150", min_version:"6.0.6002.23000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbscan.sys", version:"6.0.6002.18878", min_version:"6.0.6002.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') \|\| # Windows 2003 / XP x64 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Usbscan.sys", version:"5.2.3790.5189", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') \|\| # Windows XP x86 hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Usbscan.sys", version:"5.1.2600.6418", dir:"\system32\drivers", bulletin:bulletin, kb:'2862335') ) vuln++; ########## KB2863725 ########### # Windows Server 8 # # Windows Server 2012 # ################################ if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbhub3.sys", version:"6.2.9200.20763", min_version:"6.2.9200.20000", dir:"\system32\drivers", bulletin:bulletin, kb:'2863725') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbhub3.sys", version:"6.2.9200.16654", min_version:"6.2.9200.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2863725') ) vuln++; ########## KB2864202 ########### # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # # Windows Server 8 # # Windows Server 2012 # ################################ if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Wdfres.dll", version:"6.2.9200.16384", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:'2864202') \|\| # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Wdfres.dll", version:"6.2.9200.16384", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:'2864202') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Wdfres.dll", version:"6.2.9200.16384", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:'2864202') ) vuln++; ########## KB2868038 ########### # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # # Windows Server 8 # # Windows Server 2012 # ################################ if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbcir.sys", version:"6.2.9200.20772", min_version:"6.2.9200.20000", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, arch:"x86", file:"Usbcir.sys", version:"6.2.9200.16659", min_version:"6.2.9200.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, arch:"x64", file:"Usbcir.sys", version:"6.2.9200.16658", min_version:"6.2.9200.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbcir.sys", version:"6.1.7601.22382", min_version:"6.1.7601.22000", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbcir.sys", version:"6.1.7601.18208", min_version:"6.1.7600.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbcir.sys", version:"6.0.6002.23160", min_version:"6.0.6002.23000", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbcir.sys", version:"6.0.6002.18887", min_version:"6.0.6002.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| # Windows 2003 / XP x64 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Usbaudio.sys", version:"5.2.3790.5198", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') \|\| # Windows XP x86 hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Usbaudio.sys", version:"5.1.2600.6425", dir:"\system32\drivers", bulletin:bulletin, kb:'2868038') ) vuln++; ########## KB2876284 ########### # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # ################################ if ( # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Dxgkrnl.sys", version:"6.1.7601.22410", min_version:"6.1.7601.21000", dir:"\system32\drivers", bulletin:bulletin, kb:'2876284') \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Dxgkrnl.sys", version:"6.1.7601.18228", min_version:"6.1.7600.17000", dir:"\system32\drivers", bulletin:bulletin, kb:'2876284') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Dxgkrnl.sys", version:"6.0.6002.23181", min_version:"6.0.6002.22000", dir:"\system32\drivers", bulletin:bulletin, kb:'2876284') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Dxgkrnl.sys", version:"7.0.6002.18908", min_version:"6.0.6002.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2876284') ) vuln++; ########## KB2883150 ########### # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # # Windows Server 8 # # Windows Server 2012 # ################################ if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Win32k.sys", version:"6.2.9200.20807", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:'2883150') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, file:"Win32k.sys", version:"6.2.9200.16699", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:'2883150') \|\| # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.22435", min_version:"6.1.7601.22000", dir:"\system32", bulletin:bulletin, kb:'2883150') \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Win32k.sys", version:"6.1.7601.18246", min_version:"6.1.7600.18000", dir:"\system32", bulletin:bulletin, kb:'2883150') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.23204", min_version:"6.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:'2883150') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Win32k.sys", version:"6.0.6002.18927", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:'2883150') \|\| # Windows 2003 / XP x64 hotfix_is_vulnerable(os:"5.2", sp:2, file:"Win32k.sys", version:"5.2.3790.5216", dir:"\system32", bulletin:bulletin, kb:'2883150') \|\| # Windows XP x86 hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Win32k.sys", version:"5.1.2600.6442", dir:"\system32", bulletin:bulletin, kb:'2883150') ) vuln++; ########## KB2884256 ########### # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 7 SP1, # # Windows Server 2008 R2 # # Windows Server 8 # # Windows Server 2012 # ################################ if ( # Windows 8 / Windows Server 2012 hotfix_is_vulnerable(os:"6.2", sp:0, file:"Usbser.sys", version:"6.2.9200.20810", min_version:"6.2.9200.20000", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, arch:"x64", file:"Usbser.sys", version:"6.2.9200.16702", min_version:"6.2.9200.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| hotfix_is_vulnerable(os:"6.2", sp:0, arch:"x86", file:"Usbser.sys", version:"6.2.9200.16697", min_version:"6.2.9200.16000", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| # Windows 7 and Windows Server 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbser.sys", version:"6.1.7601.22436", min_version:"6.1.7601.22000", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Usbser.sys", version:"6.1.7601.18247", min_version:"6.1.7600.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| # Vista / Windows 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbser.sys", version:"6.0.6002.23204", min_version:"6.0.6002.23000", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Usbser.sys", version:"6.0.6002.18927", min_version:"6.0.6002.18000", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| # Windows 2003 / XP hotfix_is_vulnerable(os:"5.2", sp:2, file:"Usbser.sys", version:"5.2.3790.5216", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') \|\| # Windows XP x86 hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Usbser.sys", version:"5.1.2600.6442", dir:"\system32\drivers", bulletin:bulletin, kb:'2884256') ) vuln++; if (vuln > 0) { set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS13-082.NASL
description	The version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities : - A vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF) that could lead to remote code execution. An attacker could leverage this issue by enticing a user to visit a web page containing a specially crafted OTF font file. (CVE-2013-3128) - The .NET Framework is affected by a denial of service vulnerability when parsing a specially crafted document type definition (DTD) for XML data. (CVE-2013-3860) - The .NET Framework is affected by a denial of service vulnerability when parsing specially crafted JavaScript Object Notation (JSON) data. (CVE-2013-3861)
last seen	2020-05-16
modified	2013-10-09
plugin id	70334
published	2013-10-09
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/70334
title	MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70334); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/15"); script_cve_id("CVE-2013-3128", "CVE-2013-3860", "CVE-2013-3861"); script_bugtraq_id(62807, 62819, 62820); script_xref(name:"MSFT", value:"MS13-082"); script_xref(name:"MSKB", value:"2864058"); script_xref(name:"MSKB", value:"2877175"); script_xref(name:"MSKB", value:"2861702"); script_xref(name:"MSKB", value:"2861208"); script_xref(name:"MSKB", value:"2861193"); script_xref(name:"MSKB", value:"2858302"); script_xref(name:"MSKB", value:"2861188"); script_xref(name:"MSKB", value:"2861698"); script_xref(name:"MSKB", value:"2863240"); script_xref(name:"MSKB", value:"2861191"); script_xref(name:"MSKB", value:"2861697"); script_xref(name:"MSKB", value:"2863243"); script_xref(name:"MSKB", value:"2861704"); script_xref(name:"MSKB", value:"2861194"); script_xref(name:"MSKB", value:"2876919"); script_xref(name:"MSKB", value:"2861190"); script_xref(name:"MSKB", value:"2861189"); script_xref(name:"MSKB", value:"2863253"); script_xref(name:"MSKB", value:"2863239"); script_xref(name:"IAVA", value:"2013-A-0187-S"); script_name(english:"MS13-082: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)"); script_summary(english:"Checks version of .NET .dll files"); script_set_attribute( attribute:"synopsis", value: "The .NET Framework install on the remote Windows host could allow arbitrary code execution." ); script_set_attribute( attribute:"description", value: "The version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities : - A vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF) that could lead to remote code execution. An attacker could leverage this issue by enticing a user to visit a web page containing a specially crafted OTF font file. (CVE-2013-3128) - The .NET Framework is affected by a denial of service vulnerability when parsing a specially crafted document type definition (DTD) for XML data. (CVE-2013-3860) - The .NET Framework is affected by a denial of service vulnerability when parsing specially crafted JavaScript Object Notation (JSON) data. (CVE-2013-3861)" ); # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-082 script_set_attribute(attribute:"see_also", value:"https://www.nessus.org/u?110ff0dd"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.0, and 4.5." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); include("smb_reg_query.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS13-082'; kbs = make_list( "2877175", # .NET 4.5.1 Vista, 2008 SP2 "2861702", # .NET 4.5 Windows 8, Server 2012 "2861208", # .NET 4.5 Vista SP2, Server 2008 SP2, 7, 2008 R2 "2861193", # .NET 4.5 Vista SP2, Server 2008 SP2 "2858302", # .NET 4 XP SP3, Server 2003 SP2, Vista SP2, 2008 SP2, 7, 2008 R2 "2861188", # .NET 4 XP SP3, Server 2003 SP2, Vista SP2, 2008 SP2 "2861698", # .NET 3.5.1 Windows 7 SP1, Server 2008 R2 SP1 "2863240", # .NET 3.5.1 Windows 7 SP1, Server 2008 R2 SP1 "2861191", # .NET 3.5.1 Windows 7 SP1, Server 2008 R2 SP1 "2861697", # .NET 3.5 SP1 XP SP3, Server 2003 SP2, Vista SP2, 2008 SP2 "2863243", # .NET 3.5 Windows 8, Server 2012 "2861704", # .NET 3.5 Windows 8, Server 2012 "2861194", # .NET 3.5 Windows 8, Server 2012 "2876919", # .NET 3.5 Windows 8.1, Server 2012 R2 "2861190", # .NET 3.0 Vista SP2, Server 2008 SP2 "2861189", # .NET 3.0 XP SP3, Server 2003 SP2 "2863253", # .NET 2.0 Vista SP2, Server 2008 SP2 "2863239" # .NET 2.0 XP SP3, Server 2003 SP2 ); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); win_ver = get_kb_item_or_exit('SMB/WindowsVersion'); if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); # The .NET Framework is not applicable on Server Core installations of Windows # Server 2008 for 32-bit systems Service Pack 2 and Windows Server 2008 for # x64-based systems Service Pack 2. if (win_ver == '6.0' && hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); # RT 8.1 is not affected productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1); if (win_ver == '6.3' && "Windows Embedded" >< productname) exit(0, "The host is running "+productname+" and is, therefore, not affected."); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); registry_init(); hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE); assembly_dir_30 = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.0\All Assemblies In"); assembly_dir_35 = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.5\All Assemblies In"); RegCloseKey(handle:hklm); close_registry(); vuln = 0; ########## KB2877175 ############ # .NET Framework 4.5.1 Preview # # Windows Vista SP2, # # Server 2008 SP2, # ################################# missing = 0; # Windows Vista SP2 / Server 2008 SP2 missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"wpftxt_v0400.dll", version: "4.0.30319.18222", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"wpftxt_v0400.dll", version: "4.0.30319.19221", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2877175"); vuln += missing; ########## KB2861702 ########### # .NET Framework 4.5 # # Windows 8 # # Server 2012 # ################################ missing = 0; missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.web.dll", version : "4.0.30319.18056", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.web.dll", version : "4.0.30319.19109", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861702"); vuln += missing; ########## KB2861208 ########### # .NET Framework 4.5 # # Windows Vista SP2, # # Server 2008 SP2, # # Windows 7 SP1, # # Windows 2008 R2 SP1 # ################################ missing = 0; # Windows Vista SP2 / Server 2008 SP2 missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Web.dll", version: "4.0.30319.18055", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Web.dll", version: "4.0.30319.19108", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319"); # Windows 7 SP1 / 2008 R2 SP1 missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Web.dll", version: "4.0.30319.18055", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Web.dll", version: "4.0.30319.19108", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861208"); vuln += missing; ########## KB2861193 ########### # .NET Framework 4.5 # # Windows Vista SP2, # # Server 2008 SP2, # ################################ missing = 0; missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Wpftxt_v0400.dll", version: "4.0.30319.18059", min_version:"4.0.30319.17900", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"Wpftxt_v0400.dll", version: "4.0.30319.19114", min_version:"4.0.30319.19000", dir:"\Microsoft.NET\Framework\v4.0.30319"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861193"); vuln += missing; ########## KB2858302 ########### # .NET Framework 4.0 # # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 7, # # Windows Server 2008 SP2, # # Windows Server 2008 R2 # ################################ missing = 0; # Windows XP SP3 missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Web.dll", version:"4.0.30319.1016", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Web.dll", version:"4.0.30319.2026", min_version:"4.0.30319.2000", dir:"\Microsoft.NET\Framework\v4.0.30319"); # Windows XP SP2 x64 / Server 2003 SP2 missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Web.dll", version:"4.0.30319.1016", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Web.dll", version:"4.0.30319.2026", min_version:"4.0.30319.2000", dir:"\Microsoft.NET\Framework\v4.0.30319"); # Windows Vista SP2 / Server 2008 SP2 missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Web.dll", version:"4.0.30319.1016", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Web.dll", version:"4.0.30319.2026", min_version:"4.0.30319.2000", dir:"\Microsoft.NET\Framework\v4.0.30319"); # Windows 7 / 2008 R2 missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Web.dll", version:"4.0.30319.1016", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319"); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"System.Web.dll", version:"4.0.30319.2026", min_version:"4.0.30319.2000", dir:"\Microsoft.NET\Framework\v4.0.30319"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2858302"); vuln += missing; ########## KB2861188 ########### # .NET Framework 4.0 # # Windows XP SP3, # # Windows XP SP2 x64, # # Windows 2003 SP2, # # Windows Vista SP2, # # Windows 2008 SP2 # ################################ missing = 0; # Windows XP SP3 missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"PresentationCore.dll", version:"4.0.30319.1014", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"PresentationCore.dll", version:"4.0.30319.2021", min_version:"4.0.30319.2000", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); # Windows XP SP2 x64 / Server 2003 SP2 missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"PresentationCore.dll", version:"4.0.30319.1014", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"PresentationCore.dll", version:"4.0.30319.2021", min_version:"4.0.30319.2000", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); # Windows Vista SP2 / Server 2008 SP2 missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"PresentationCore.dll", version:"4.0.30319.1014", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"PresentationCore.dll", version:"4.0.30319.2021", min_version:"4.0.30319.2000", dir:"\Microsoft.NET\Framework\v4.0.30319\WPF"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861188"); vuln += missing; ######### KB2861698 ########### # .NET Framework 3.5.1 # # Windows 7 SP1, # # Server 2008 R2 SP1 # ############################### if (!isnull(assembly_dir_35)) { missing = 0; missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.web.extensions.dll", version:"3.5.30729.5458", min_version:"3.5.30729.4000", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.web.extensions.dll", version:"3.5.30729.7057", min_version:"3.5.30729.5600", path:assembly_dir_35); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861698"); vuln += missing; } ########## KB2863240 ########### # .NET Framework 3.5.1 # # Windows 7 SP1 # # Server 2008 R2 SP1 # ################################ missing = 0; missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.security.dll", version: "2.0.50727.5475", min_version:"2.0.50727.4000", dir:"\Microsoft.NET\Framework\v2.0.50727"); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.security.dll", version: "2.0.50727.7032", min_version:"2.0.50727.5600", dir:"\Microsoft.NET\Framework\v2.0.50727"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2863240"); vuln += missing; ######### KB2861191 ########### # .NET Framework 3.5.1 # # Windows 7 SP1, # # Server 2008 R2 SP1 # ############################### if (!isnull(assembly_dir_30)) { # .NET Framework 3.5.1 on Windows 7 SP1 / Server 2008 R2 SP1 missing = 0; missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"presentationcffrasterizernative_v0300.dll", version:"3.0.6920.5459", min_version:"3.0.6920.5000", path:assembly_dir_30); missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"presentationcffrasterizernative_v0300.dll", version:"3.0.6920.7062", min_version:"3.0.6920.5700", path:assembly_dir_30); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861191"); vuln += missing; } ######### KB2861697 ########### # .NET Framework 3.5 SP1 # # Windows XP SP3, # # Server 2003 SP2 # # Vista SP2 # # Server 2008 SP2 # ############################### if (!isnull(assembly_dir_35)) { missing = 0; missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Web.Extensions.dll", version:"3.5.30729.4056", min_version:"3.5.30729.1", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Web.Extensions.dll", version:"3.5.30729.7056", min_version:"3.5.30729.5400", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Web.Extensions.dll", version:"3.5.30729.4056", min_version:"3.5.30729.1", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Web.Extensions.dll", version:"3.5.30729.7056", min_version:"3.5.30729.5400", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Web.Extensions.dll", version:"3.5.30729.4056", min_version:"3.5.30729.1", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"System.Web.Extensions.dll", version:"3.5.30729.7056", min_version:"3.5.30729.5400", path:assembly_dir_35); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861697"); vuln += missing; } ########## KB2863243 ########### # .NET Framework 3.5 # # Windows 8, # # Server 2012 # ################################ missing = 0; missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.security.dll", version : "2.0.50727.6410", min_version:"2.0.50727.6000", dir:"\Microsoft.NET\Framework\v2.0.50727"); missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.security.dll", version : "2.0.50727.7032", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2863243"); vuln += missing; ########## KB2861704 ########### # .NET Framework 3.5 # # Windows 8, # # Server 2012 # ################################ if (!isnull(assembly_dir_35)) { missing = 0; missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.web.extensions.dll", version: "3.5.30729.6407", min_version:"3.5.30729.6000", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.web.extensions.dll", version: "3.5.30729.7057", min_version:"3.5.30729.7000", path:assembly_dir_35); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861704"); vuln += missing; } ########## KB2861194 ########### # .NET Framework 3.5 # # Windows 8, # # Server 2012 # ################################ if (!isnull(assembly_dir_35)) { missing = 0; missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"presentationcffrasterizernative_v0300.dll", version: "3.0.6920.6409", min_version:"3.0.6920.6000", path:assembly_dir_35); missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"presentationcffrasterizernative_v0300.dll", version: "3.0.6920.7062", min_version:"3.0.6920.7000", path:assembly_dir_35); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861194"); vuln += missing; } ########## KB2876919 ########### # .NET Framework 3.5 # # Windows 8.1, # # Server 2012 R2 # ################################ if (!isnull(assembly_dir_35)) { missing = 0; missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"presentationcffrasterizernative_v0300.dll", version: "3.0.6920.7821", min_version:"3.0.6920.7000", path:assembly_dir_35); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2876919"); vuln += missing; } ######### KB2861190 ########### # .NET Framework 3.0 SP2 # # Windows Vista SP2, # # Server 2008 SP2 # ############################### if (!isnull(assembly_dir_30)) { missing = 0; missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"presentationcffrasterizernative_v0300.dll", version:"3.0.6920.4218", min_version:"3.0.6920.0", path:assembly_dir_30); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"presentationcffrasterizernative_v0300.dll", version:"3.0.6920.7062", min_version:"3.0.6920.5700", path:assembly_dir_30); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861190"); vuln += missing; } ######### KB2861189 ########### # .NET Framework 3.0 SP2 # # Windows XP SP 3, # # Server 2003 SP2 # ############################### if (!isnull(assembly_dir_30)) { missing = 0; # XP SP3 missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"PresentationCFFRasterizerNative_v0300.dll", version:"3.0.6920.4058", min_version:"3.0.6920.0", path:assembly_dir_30); missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"PresentationCFFRasterizerNative_v0300.dll", version:"3.0.6920.7061", min_version:"3.0.6920.5700", path:assembly_dir_30); # XP x64 / Server 2003 SP2 missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"PresentationCFFRasterizerNative_v0300.dll", version:"3.0.6920.4058", min_version:"3.0.6920.0", path:assembly_dir_30); missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"PresentationCFFRasterizerNative_v0300.dll", version:"3.0.6920.7061", min_version:"3.0.6920.5700", path:assembly_dir_30); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2861189"); vuln += missing; } ########## KB2863253 ########### # .NET Framework 2.0 SP2 # # Windows Vista SP2, # # Server 2008 SP2 # ################################ missing = 0; missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.security.dll", version:"2.0.50727.4245", min_version:"2.0.50727.4000", dir:"\Microsoft.NET\Framework\v2.0.50727"); missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.security.dll", version:"2.0.50727.7032", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2863253"); vuln += missing; ########## KB2863239 ########### # .NET Framework 2.0 SP2 # # Windows XP SP3, # # Windows 2003 SP2 # ################################ missing = 0; # Windows XP SP3 missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Security.dll", version:"2.0.50727.3652", min_version:"2.0.50727.3000", dir:"\Microsoft.NET\Framework\v2.0.50727"); missing += hotfix_is_vulnerable(os:"5.1", sp:3, file:"System.Security.dll", version:"2.0.50727.7032", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727"); # Server 2003 SP2 missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Security.dll", version:"2.0.50727.3652", min_version:"2.0.50727.3000", dir:"\Microsoft.NET\Framework\v2.0.50727"); missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"System.Security.dll", version:"2.0.50727.7032", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727"); if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2863239"); vuln += missing; # Reporting if (vuln > 0) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2014-08-18T04:02:03.737-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Sharath S
organization SecPod Technologies
name Maria Kedovskaya
organization ALTX-SOFT
name Bhavya K
organization SecPod Technologies
name Bhavya K
organization SecPod Technologies
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft .NET Framework 3.0 SP2 is installed
oval oval:org.mitre.oval:def:15312
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft .NET Framework 3.5 SP1 is installed
oval oval:org.mitre.oval:def:12542
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft .NET Framework 4.0 is installed
oval oval:org.mitre.oval:def:6749
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Windows Server 2003 (ia64) Gold is installed
oval oval:org.mitre.oval:def:396
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft .NET Framework 4.5 is installed
oval oval:org.mitre.oval:def:15925
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft .NET Framework 3.5 SP1 is installed
oval oval:org.mitre.oval:def:12542
comment Microsoft Windows 8 (x86) is installed
oval oval:org.mitre.oval:def:14914
comment Microsoft Windows 8 (x64) is installed
oval oval:org.mitre.oval:def:15571
comment Microsoft Windows Server 2012 (64-bit) is installed
oval oval:org.mitre.oval:def:15585
comment Microsoft Windows XP (32-bit) is installed
oval oval:org.mitre.oval:def:1353
comment Microsoft Windows XP x64 is installed
oval oval:org.mitre.oval:def:15247
comment Microsoft Windows Server 2003 (ia64) Gold is installed
oval oval:org.mitre.oval:def:396
comment Microsoft Windows Server 2003 (32-bit) is installed
oval oval:org.mitre.oval:def:1870
comment Microsoft Windows Server 2003 (x64) is installed
oval oval:org.mitre.oval:def:730
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista x64 Edition is installed
oval oval:org.mitre.oval:def:2041
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows Server 2008 (ia-64) is installed
oval oval:org.mitre.oval:def:5667
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft Windows 8 (x86) is installed
oval oval:org.mitre.oval:def:14914
comment Microsoft Windows 8 (x64) is installed
oval oval:org.mitre.oval:def:15571
comment Microsoft Windows Server 2012 (64-bit) is installed
oval oval:org.mitre.oval:def:15585

description

family

windows

oval:org.mitre.oval:def:18847

status

accepted

submitted

2013-10-15T15:40:52

title

OpenType Font Parsing Vulnerability (CVE-2013-3128) - MS13-081, MS13-082

version

Summary

Vulnerable Configurations

Msbulletin

Nessus

Oval

References