Vulnerabilities > CVE-2018-8653 - Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_DEC_OOB_4483229.NASL description The remote Windows host is missing security update 4483229. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653) last seen 2020-06-01 modified 2020-06-02 plugin id 119769 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119769 title KB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(119769); script_version("1.8"); script_cvs_date("Date: 2019/04/30 14:30:16"); script_cve_id("CVE-2018-8653"); script_xref(name:"MSKB", value:"4483229"); script_xref(name:"MSFT", value:"MS18-4483229"); script_name(english:"KB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update"); script_summary(english:"Checks for rollup."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing security update 4483229. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)"); # https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa53d350"); script_set_attribute(attribute:"solution", value: "Apply Cumulative Update KB4483229."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS18-12"; kbs = make_list('4483229'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( smb_check_rollup(os:"10", sp:0, os_build:"14393", rollup_date:"13_2018", bulletin:bulletin, rollup_kb_list:[4483229]) ) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, hotfix_get_audit_report()); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_DEC_OOB_4483228.NASL description The remote Windows host is missing security update 4483228. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653) last seen 2020-06-01 modified 2020-06-02 plugin id 119768 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119768 title KB4483228: Windows 10 December 2018 OOB Security Update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(119768); script_version("1.7"); script_cvs_date("Date: 2019/10/31 15:18:52"); script_cve_id("CVE-2018-8653"); script_xref(name:"MSKB", value:"4483228"); script_xref(name:"MSFT", value:"MS18-4483228"); script_name(english:"KB4483228: Windows 10 December 2018 OOB Security Update"); script_summary(english:"Checks for rollup."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing security update 4483228. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)"); # https://support.microsoft.com/en-us/help/4483228/december192018kb4483228osbuild1024018064 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?68af54aa"); script_set_attribute(attribute:"solution", value: "Apply Cumulative Update KB4483228."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS18-12"; kbs = make_list('4483228'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( smb_check_rollup(os:"10", sp:0, os_build:"10240", rollup_date:"13_2018", bulletin:bulletin, rollup_kb_list:[4483228]) ) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, hotfix_get_audit_report()); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_DEC_OOB_4483230.NASL description The remote Windows host is missing security update 4483230. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653) last seen 2020-06-01 modified 2020-06-02 plugin id 119770 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119770 title KB4483230: Windows 10 Version 1703 December 2018 OOB Security Update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(119770); script_version("1.7"); script_cvs_date("Date: 2019/10/31 15:18:52"); script_cve_id("CVE-2018-8653"); script_xref(name:"MSKB", value:"4483230"); script_xref(name:"MSFT", value:"MS18-4483230"); script_name(english:"KB4483230: Windows 10 Version 1703 December 2018 OOB Security Update"); script_summary(english:"Checks for rollup."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing security update 4483230. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)"); # https://support.microsoft.com/en-us/help/4483230/december192018kb4483230osbuild150631508 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7669964f"); script_set_attribute(attribute:"solution", value: "Apply Cumulative Update KB4483230."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS18-12"; kbs = make_list('4483230'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( smb_check_rollup(os:"10", sp:0, os_build:"15063", rollup_date:"13_2018", bulletin:bulletin, rollup_kb_list:[4483230]) ) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, hotfix_get_audit_report()); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_DEC_OOB_4483235.NASL description The remote Windows host is missing security update 4483235. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653) last seen 2020-06-01 modified 2020-06-02 plugin id 119773 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119773 title KB4483235: Windows 10 Version 1809 and Windows Server 2019 December 2018 OOB Security Update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(119773); script_version("1.7"); script_cvs_date("Date: 2019/10/31 15:18:52"); script_cve_id("CVE-2018-8653"); script_xref(name:"MSKB", value:"4483235"); script_xref(name:"MSFT", value:"MS18-4483235"); script_name(english:"KB4483235: Windows 10 Version 1809 and Windows Server 2019 December 2018 OOB Security Update"); script_summary(english:"Checks for rollup."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing security update 4483235. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)"); # https://support.microsoft.com/en-us/help/4483235/december192018kb4483235osbuild17763195 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?765bc8c1"); script_set_attribute(attribute:"solution", value: "Apply Cumulative Update KB4483235."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS18-12"; kbs = make_list('4483235'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( smb_check_rollup(os:"10", sp:0, os_build:"17763", rollup_date:"13_2018", bulletin:bulletin, rollup_kb_list:[4483235]) ) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, hotfix_get_audit_report()); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_DEC_OOB_INTERNET_EXPLORER.NASL description The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653) last seen 2020-06-01 modified 2020-06-02 plugin id 119774 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119774 title Security Updates for Internet Explorer (December 2018 OOB) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(119774); script_version("1.7"); script_cvs_date("Date: 2019/10/31 15:18:52"); script_cve_id("CVE-2018-8653"); script_xref(name:"MSKB", value:"4483187"); script_xref(name:"MSFT", value:"MS18-4483187"); script_name(english:"Security Updates for Internet Explorer (December 2018 OOB)"); script_summary(english:"Checks for Microsoft security updates."); script_set_attribute(attribute:"synopsis", value: "The Internet Explorer installation on the remote host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)"); # https://support.microsoft.com/en-us/help/4483187/cumulative-security-update-for-internet-explorer-december-19-2018 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7cb04547"); script_set_attribute(attribute:"solution", value: "Microsoft has released the following security updates to address this issue: -KB4483187"); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS18-12'; kbs = make_list( '4483187' ); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); os = get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1); if ("Windows 8" >< productname && "8.1" >!< productname) audit(AUDIT_OS_SP_NOT_VULN); if ("Vista" >< productname) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( # Windows 8.1 / Windows Server 2012 R2 # Internet Explorer 11 hotfix_is_vulnerable(os:"6.3", sp:0, file:"jscript.dll", version:"5.8.9600.19230", min_version:"5.8.9600.16000", dir:"\system32", bulletin:bulletin, kb:"4483187") || # Windows Server 2012 # Internet Explorer 10 hotfix_is_vulnerable(os:"6.2", sp:0, file:"jscript.dll", version:"5.8.9200.22641", min_version:"5.8.9200.16000", dir:"\system32", bulletin:bulletin, kb:"4483187") || # Windows 7 / Server 2008 R2 # Internet Explorer 11 hotfix_is_vulnerable(os:"6.1", sp:1, file:"jscript.dll", version:"5.8.9600.19230", min_version:"5.8.9600.16000", dir:"\system32", bulletin:bulletin, kb:"4483187") || # Windows Server 2008 # Internet Explorer 9 hotfix_is_vulnerable(os:"6.0", sp:2, file:"jscript.dll", version:"5.8.7601.21269", min_version:"5.8.7601.16000", dir:"\system32", bulletin:bulletin, kb:"4483187") ) { set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, hotfix_get_audit_report()); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_DEC_OOB_4483232.NASL description The remote Windows host is missing security update 4483232. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653) last seen 2020-06-01 modified 2020-06-02 plugin id 119771 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119771 title KB4483232: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 OOB Security Update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(119771); script_version("1.7"); script_cvs_date("Date: 2019/10/31 15:18:52"); script_cve_id("CVE-2018-8653"); script_xref(name:"MSKB", value:"4483232"); script_xref(name:"MSFT", value:"MS18-4483232"); script_name(english:"KB4483232: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 OOB Security Update"); script_summary(english:"Checks for rollup."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing security update 4483232. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)"); # https://support.microsoft.com/en-us/help/4483232/december192018kb4483232osbuild16299847 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e09e9111"); script_set_attribute(attribute:"solution", value: "Apply Cumulative Update KB4483232."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS18-12"; kbs = make_list('4483232'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( smb_check_rollup(os:"10", sp:0, os_build:"16299", rollup_date:"13_2018", bulletin:bulletin, rollup_kb_list:[4483232]) ) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, hotfix_get_audit_report()); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS18_DEC_OOB_4483234.NASL description The remote Windows host is missing security update 4483234. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653) last seen 2020-06-01 modified 2020-06-02 plugin id 119772 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119772 title KB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(119772); script_version("1.7"); script_cvs_date("Date: 2019/10/31 15:18:52"); script_cve_id("CVE-2018-8653"); script_xref(name:"MSKB", value:"4483234"); script_xref(name:"MSFT", value:"MS18-4483234"); script_name(english:"KB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update"); script_summary(english:"Checks for rollup."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing security update 4483234. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-8653)"); # https://support.microsoft.com/en-us/help/4483234/december192018kb4483234osbuild17134472 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fe383ae9"); script_set_attribute(attribute:"solution", value: "Apply Cumulative Update KB4483234."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8653"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS18-12"; kbs = make_list('4483234'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( smb_check_rollup(os:"10", sp:0, os_build:"17134", rollup_date:"13_2018", bulletin:bulletin, rollup_kb_list:[4483234]) ) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, hotfix_get_audit_report()); }
The Hacker News
id THN:4520E7E2C157E77720BA6524C4B4D633 last seen 2018-12-20 modified 2018-12-20 published 2018-12-20 reporter The Hacker News source https://thehackernews.com/2018/12/internet-explorer-zero-day.html title Microsoft Issues Emergency Patch For Under-Attack IE Zero Day id THN:210789E8BC22C8A76A2121AB62C2AB13 last seen 2019-01-09 modified 2019-01-09 published 2019-01-09 reporter The Hacker News source https://thehackernews.com/2019/01/windows-security-updates.html title Microsoft Patch Tuesday — January 2019 Security Updates Released