Vulnerabilities > CVE-2018-8653 - Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
microsoft
CWE-787
nessus

Summary

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_DEC_OOB_4483229.NASL
    descriptionThe remote Windows host is missing security update 4483229. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)
    last seen2020-06-01
    modified2020-06-02
    plugin id119769
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119769
    titleKB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Microsoft Security Updates API. The text
    # itself is copyright (C) Microsoft Corporation.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(119769);
      script_version("1.8");
      script_cvs_date("Date: 2019/04/30 14:30:16");
    
      script_cve_id("CVE-2018-8653");
      script_xref(name:"MSKB", value:"4483229");
      script_xref(name:"MSFT", value:"MS18-4483229");
    
      script_name(english:"KB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update");
      script_summary(english:"Checks for rollup.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is missing security update 4483229.
    It is, therefore, affected by a remote code execution vulnerability:
    
      - A remote code execution vulnerability exists in the way that the
        scripting engine handles objects in memory in Internet Explorer.
        The vulnerability could corrupt memory in such a way that an
        attacker could execute arbitrary code in the context of the
        current user. An attacker who successfully exploited the
        vulnerability could gain the same user rights as the current
        user. If the current user is logged on with administrative user
        rights, an attacker who successfully exploited the vulnerability
        could take control of an affected system. An attacker could then
        install programs; view, change, or delete data; or create new
        accounts with full user rights. (CVE-2018-8653)");
      # https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa53d350");
      script_set_attribute(attribute:"solution", value:
      "Apply Cumulative Update KB4483229.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = "MS18-12";
    kbs = make_list('4483229');
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      smb_check_rollup(os:"10",
                       sp:0,
                       os_build:"14393",
                       rollup_date:"13_2018",
                       bulletin:bulletin,
                       rollup_kb_list:[4483229])
    )
    {
      replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
    }
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_DEC_OOB_4483228.NASL
    descriptionThe remote Windows host is missing security update 4483228. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)
    last seen2020-06-01
    modified2020-06-02
    plugin id119768
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119768
    titleKB4483228: Windows 10 December 2018 OOB Security Update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the Microsoft Security Updates API. The text
    # itself is copyright (C) Microsoft Corporation.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(119768);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/31 15:18:52");
    
      script_cve_id("CVE-2018-8653");
      script_xref(name:"MSKB", value:"4483228");
      script_xref(name:"MSFT", value:"MS18-4483228");
    
      script_name(english:"KB4483228: Windows 10 December 2018 OOB Security Update");
      script_summary(english:"Checks for rollup.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is missing security update 4483228.
    It is, therefore, affected by a remote code execution vulnerability:
    
      - A remote code execution vulnerability exists in the way that the
        scripting engine handles objects in memory in Internet Explorer.
        The vulnerability could corrupt memory in such a way that an
        attacker could execute arbitrary code in the context of the
        current user. An attacker who successfully exploited the
        vulnerability could gain the same user rights as the current
        user. If the current user is logged on with administrative user
        rights, an attacker who successfully exploited the vulnerability
        could take control of an affected system. An attacker could then
        install programs; view, change, or delete data; or create new
        accounts with full user rights. (CVE-2018-8653)");
      # https://support.microsoft.com/en-us/help/4483228/december192018kb4483228osbuild1024018064
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?68af54aa");
      script_set_attribute(attribute:"solution", value:
    "Apply Cumulative Update KB4483228.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = "MS18-12";
    kbs = make_list('4483228');
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      smb_check_rollup(os:"10",
                       sp:0,
                       os_build:"10240",
                       rollup_date:"13_2018",
                       bulletin:bulletin,
                       rollup_kb_list:[4483228])
    )
    {
      replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
    }
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_DEC_OOB_4483230.NASL
    descriptionThe remote Windows host is missing security update 4483230. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)
    last seen2020-06-01
    modified2020-06-02
    plugin id119770
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119770
    titleKB4483230: Windows 10 Version 1703 December 2018 OOB Security Update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the Microsoft Security Updates API. The text
    # itself is copyright (C) Microsoft Corporation.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(119770);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/31 15:18:52");
    
      script_cve_id("CVE-2018-8653");
      script_xref(name:"MSKB", value:"4483230");
      script_xref(name:"MSFT", value:"MS18-4483230");
    
      script_name(english:"KB4483230: Windows 10 Version 1703 December 2018 OOB Security Update");
      script_summary(english:"Checks for rollup.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is missing security update 4483230.
    It is, therefore, affected by a remote code execution vulnerability:
    
      - A remote code execution vulnerability exists in the way that the
        scripting engine handles objects in memory in Internet Explorer.
        The vulnerability could corrupt memory in such a way that an
        attacker could execute arbitrary code in the context of the
        current user. An attacker who successfully exploited the
        vulnerability could gain the same user rights as the current
        user. If the current user is logged on with administrative user
        rights, an attacker who successfully exploited the vulnerability
        could take control of an affected system. An attacker could then
        install programs; view, change, or delete data; or create new
        accounts with full user rights. (CVE-2018-8653)");
      # https://support.microsoft.com/en-us/help/4483230/december192018kb4483230osbuild150631508
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7669964f");
      script_set_attribute(attribute:"solution", value:
    "Apply Cumulative Update KB4483230.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = "MS18-12";
    kbs = make_list('4483230');
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      smb_check_rollup(os:"10",
                       sp:0,
                       os_build:"15063",
                       rollup_date:"13_2018",
                       bulletin:bulletin,
                       rollup_kb_list:[4483230])
    )
    {
      replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
    }
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_DEC_OOB_4483235.NASL
    descriptionThe remote Windows host is missing security update 4483235. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)
    last seen2020-06-01
    modified2020-06-02
    plugin id119773
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119773
    titleKB4483235: Windows 10 Version 1809 and Windows Server 2019 December 2018 OOB Security Update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the Microsoft Security Updates API. The text
    # itself is copyright (C) Microsoft Corporation.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(119773);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/31 15:18:52");
    
      script_cve_id("CVE-2018-8653");
      script_xref(name:"MSKB", value:"4483235");
      script_xref(name:"MSFT", value:"MS18-4483235");
    
      script_name(english:"KB4483235: Windows 10 Version 1809 and Windows Server 2019 December 2018 OOB Security Update");
      script_summary(english:"Checks for rollup.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is missing security update 4483235.
    It is, therefore, affected by a remote code execution vulnerability:
    
      - A remote code execution vulnerability exists in the way that the
        scripting engine handles objects in memory in Internet Explorer.
        The vulnerability could corrupt memory in such a way that an
        attacker could execute arbitrary code in the context of the
        current user. An attacker who successfully exploited the
        vulnerability could gain the same user rights as the current
        user. If the current user is logged on with administrative user
        rights, an attacker who successfully exploited the vulnerability
        could take control of an affected system. An attacker could then
        install programs; view, change, or delete data; or create new
        accounts with full user rights. (CVE-2018-8653)");
      # https://support.microsoft.com/en-us/help/4483235/december192018kb4483235osbuild17763195
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?765bc8c1");
      script_set_attribute(attribute:"solution", value:
    "Apply Cumulative Update KB4483235.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = "MS18-12";
    kbs = make_list('4483235');
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      smb_check_rollup(os:"10",
                       sp:0,
                       os_build:"17763",
                       rollup_date:"13_2018",
                       bulletin:bulletin,
                       rollup_kb_list:[4483235])
    )
    {
      replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
    }
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_DEC_OOB_INTERNET_EXPLORER.NASL
    descriptionThe Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)
    last seen2020-06-01
    modified2020-06-02
    plugin id119774
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119774
    titleSecurity Updates for Internet Explorer (December 2018 OOB)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the Microsoft Security Updates API. The text
    # itself is copyright (C) Microsoft Corporation.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(119774);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/31 15:18:52");
    
      script_cve_id("CVE-2018-8653");
      script_xref(name:"MSKB", value:"4483187");
      script_xref(name:"MSFT", value:"MS18-4483187");
    
      script_name(english:"Security Updates for Internet Explorer (December 2018 OOB)");
      script_summary(english:"Checks for Microsoft security updates.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The Internet Explorer installation on the remote host is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The Internet Explorer installation on the remote host is
    missing security updates. It is, therefore, affected by a remote
    code execution vulnerability:
    
      - A remote code execution vulnerability exists in the way that the
        scripting engine handles objects in memory in Internet Explorer.
        The vulnerability could corrupt memory in such a way that an
        attacker could execute arbitrary code in the context of the
        current user. An attacker who successfully exploited the
        vulnerability could gain the same user rights as the current
        user. If the current user is logged on with administrative user
        rights, an attacker who successfully exploited the vulnerability
        could take control of an affected system. An attacker could then
        install programs; view, change, or delete data; or create new
        accounts with full user rights. (CVE-2018-8653)");
      # https://support.microsoft.com/en-us/help/4483187/cumulative-security-update-for-internet-explorer-december-19-2018
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7cb04547");
      script_set_attribute(attribute:"solution", value:
    "Microsoft has released the following security updates to address this issue:  
      -KB4483187");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS18-12';
    kbs = make_list(
      '4483187'
    );
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    os = get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0',  win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
    if ("Windows 8" >< productname && "8.1" >!< productname)
     audit(AUDIT_OS_SP_NOT_VULN);
    if ("Vista" >< productname) audit(AUDIT_OS_SP_NOT_VULN);
    
    if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      # Windows 8.1 / Windows Server 2012 R2
      # Internet Explorer 11
      hotfix_is_vulnerable(os:"6.3", sp:0, file:"jscript.dll", version:"5.8.9600.19230", min_version:"5.8.9600.16000", dir:"\system32", bulletin:bulletin, kb:"4483187") ||
    
      # Windows Server 2012
      # Internet Explorer 10
      hotfix_is_vulnerable(os:"6.2", sp:0, file:"jscript.dll", version:"5.8.9200.22641", min_version:"5.8.9200.16000", dir:"\system32", bulletin:bulletin, kb:"4483187") ||
    
      # Windows 7 / Server 2008 R2
      # Internet Explorer 11
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"jscript.dll", version:"5.8.9600.19230", min_version:"5.8.9600.16000", dir:"\system32", bulletin:bulletin, kb:"4483187") ||
    
      # Windows Server 2008
      # Internet Explorer 9
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"jscript.dll", version:"5.8.7601.21269", min_version:"5.8.7601.16000", dir:"\system32", bulletin:bulletin, kb:"4483187")
    )
    {
      set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
    }
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_DEC_OOB_4483232.NASL
    descriptionThe remote Windows host is missing security update 4483232. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)
    last seen2020-06-01
    modified2020-06-02
    plugin id119771
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119771
    titleKB4483232: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 OOB Security Update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the Microsoft Security Updates API. The text
    # itself is copyright (C) Microsoft Corporation.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(119771);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/31 15:18:52");
    
      script_cve_id("CVE-2018-8653");
      script_xref(name:"MSKB", value:"4483232");
      script_xref(name:"MSFT", value:"MS18-4483232");
    
      script_name(english:"KB4483232: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 OOB Security Update");
      script_summary(english:"Checks for rollup.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is missing security update 4483232.
    It is, therefore, affected by a remote code execution vulnerability:
    
      - A remote code execution vulnerability exists in the way that the
        scripting engine handles objects in memory in Internet Explorer.
        The vulnerability could corrupt memory in such a way that an
        attacker could execute arbitrary code in the context of the
        current user. An attacker who successfully exploited the
        vulnerability could gain the same user rights as the current
        user. If the current user is logged on with administrative user
        rights, an attacker who successfully exploited the vulnerability
        could take control of an affected system. An attacker could then
        install programs; view, change, or delete data; or create new
        accounts with full user rights. (CVE-2018-8653)");
      # https://support.microsoft.com/en-us/help/4483232/december192018kb4483232osbuild16299847
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e09e9111");
      script_set_attribute(attribute:"solution", value:
    "Apply Cumulative Update KB4483232.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = "MS18-12";
    kbs = make_list('4483232');
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      smb_check_rollup(os:"10",
                       sp:0,
                       os_build:"16299",
                       rollup_date:"13_2018",
                       bulletin:bulletin,
                       rollup_kb_list:[4483232])
    )
    {
      replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
    }
    
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_DEC_OOB_4483234.NASL
    descriptionThe remote Windows host is missing security update 4483234. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)
    last seen2020-06-01
    modified2020-06-02
    plugin id119772
    published2018-12-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119772
    titleKB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the Microsoft Security Updates API. The text
    # itself is copyright (C) Microsoft Corporation.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(119772);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/31 15:18:52");
    
      script_cve_id("CVE-2018-8653");
      script_xref(name:"MSKB", value:"4483234");
      script_xref(name:"MSFT", value:"MS18-4483234");
    
      script_name(english:"KB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update");
      script_summary(english:"Checks for rollup.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is missing security update 4483234.
    It is, therefore, affected by a remote code execution vulnerability:
    
      - A remote code execution vulnerability exists in the way that the
        scripting engine handles objects in memory in Internet Explorer.
        The vulnerability could corrupt memory in such a way that an
        attacker could execute arbitrary code in the context of the
        current user. An attacker who successfully exploited the
        vulnerability could gain the same user rights as the current
        user. If the current user is logged on with administrative user
        rights, an attacker who successfully exploited the vulnerability
        could take control of an affected system. An attacker could then
        install programs; view, change, or delete data; or create new
        accounts with full user rights. (CVE-2018-8653)");
      # https://support.microsoft.com/en-us/help/4483234/december192018kb4483234osbuild17134472
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fe383ae9");
      script_set_attribute(attribute:"solution", value:
    "Apply Cumulative Update KB4483234.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = "MS18-12";
    kbs = make_list('4483234');
    
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    if (
      smb_check_rollup(os:"10",
                       sp:0,
                       os_build:"17134",
                       rollup_date:"13_2018",
                       bulletin:bulletin,
                       rollup_kb_list:[4483234])
    )
    {
      replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
    }
    

The Hacker News