[Openvas-commits] r3363 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed May 13 17:56:48 CEST 2009


Author: chandra
Date: 2009-05-13 17:56:47 +0200 (Wed, 13 May 2009)
New Revision: 3363

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_ms_powerpoint_code_exec_vuln.nasl
Log:
Modfied to MS09-017

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-13 15:54:56 UTC (rev 3362)
+++ trunk/openvas-plugins/ChangeLog	2009-05-13 15:56:47 UTC (rev 3363)
@@ -1,3 +1,7 @@
+2009-05-13 Chandan S <schandan at secpod.com>
+	* scripts/gb_ms_powerpoint_code_exec_vuln.nasl:
+	Modified to reflect MS09-017 Bulletin.
+
 2009-05-13 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_quagga_dos_vuln.nasl,
 	scripts/gb_ipsec-tools_detect.nasl,

Modified: trunk/openvas-plugins/scripts/gb_ms_powerpoint_code_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_powerpoint_code_exec_vuln.nasl	2009-05-13 15:54:56 UTC (rev 3362)
+++ trunk/openvas-plugins/scripts/gb_ms_powerpoint_code_exec_vuln.nasl	2009-05-13 15:56:47 UTC (rev 3363)
@@ -2,12 +2,12 @@
 # OpenVAS Vulnerability Test
 # $Id: gb_ms_powerpoint_code_exec_vuln.nasl 1397 2009-04-03 14:21:24Z apr $
 #
-# Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (969136)
+# Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)
 #
 # Authors:
 # Sharath S <sharaths at secpod.com>
 #
-# Make use of version_func_inc - By Chandan S, 11:48:13 2009/04/24
+# Modified to reflect MS09-017 (Sharath S, 2009-05-13 )
 #
 # Copyright:
 # Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
@@ -30,77 +30,74 @@
 {
   script_id(800382);
   script_version("$Revision: 1.0 $");
-  script_cve_id("CVE-2009-0556");
-  script_bugtraq_id(34351);
-  script_name(english:"Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (969136)");
+  script_cve_id("CVE-2009-0556", "CVE-2009-0220", "CVE-2009-0221", "CVE-2009-0222",
+                "CVE-2009-0223", "CVE-2009-0224", "CVE-2009-0225", "CVE-2009-0226",
+                "CVE-2009-0227", "CVE-2009-1128", "CVE-2009-1129", "CVE-2009-1130",
+                "CVE-2009-1131", "CVE-2009-1137");
+  script_bugtraq_id(34351, 34833, 34835, 34831, 34834, 34879, 34880, 34881, 34882,
+                    34837, 34839, 34840, 34841, 34876);
+  script_name(english:"Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability (967340)");
   desc["english"] = "
 
-  Overview: The host is installed with Microsoft PowerPoint and is prone to
-  file parsing remote code execution vulnerability.
+  Overview: This host has critical security update missing according to
+  Microsoft Bulletin MS09-017.
 
   Vulnerability Insight:
-  This flaw is caused when powerpoint accesses an invalid object in memory
-  while parsing a specially crafted powerpoint file.
+  For more information about vulnerabilities on PowerPoint, go through the links
+  mentioned in references.
 
   Impact:
-  Successful exploitation will let the attacker execute arbitrary codes in the
-  context of the application crafting a malicious powerpoint file.
+  Successful exploitation will let the attacker execute arbitrary codes, and can
+  cause Memory Corruption, Integer Overflow and other attacks in the context of
+  the application through crafting malicious codes inside a powerpoint file.
 
-  Impact Level: System/Application
+  Impact Level: System
 
   Affected Software/OS:
   MS PowerPoint 2000 Service Pack 3 and prior
   MS PowerPoint 2002 Service Pack 3 and prior
   MS PowerPoint 2003 Service Pack 3 and prior
+  MS PowerPoint 2007 Service Pack 2 and prior
 
-  Fix: No solution or patch is available as on 07th April, 2009. Information
-  regarding this issue will be updated once the solution details are available.
-  For updates refer, http://office.microsoft.com/en-us/powerpoint/default.aspx
+  Fix:
+  Run Windows Update and update the listed hotfixes or download and
+  update mentioned hotfixes in the advisory from the below link,
+  http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
 
-  Workaround:
-  For workaround see the Suggested Actions mentioned.
-  http://www.microsoft.com/technet/security/advisory/969136.mspx
-
   References:
-  http://www.kb.cert.org/vuls/id/627331
-  http://support.microsoft.com/kb/969136
-  http://blogs.technet.com/srd/archive/2009/04/02/investigating-the-new-powerpoint-issue.aspx
-  http://blogs.technet.com/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx
+  http://support.microsoft.com/kb/967340
+  http://www.securityfocus.com/archive/1/503451
 
   CVSS Score:
     CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
-    CVSS Temporal Score : 7.5
+    CVSS Temporal Score : 7.3
   Risk factor : High";
 
   script_description(english:desc["english"]);
   script_summary(english:"Check for the version of Microsoft PowerPoint");
   script_category(ACT_GATHER_INFO);
   script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
-  script_family(english:"Windows");
+  script_family(english:"Windows : Microsoft Bulletins");
   script_dependencies("secpod_ms_office_detection_900025.nasl",
                       "secpod_office_products_version_900032.nasl");
-  script_require_keys("SMB/WindowsVersion");
+  script_require_keys("MS/Office/Ver", "SMB/Office/PowerPnt/Version");
   exit(0);
 }
 
 
-include("smb_nt.inc");
 include("version_func.inc");
 
-if(!get_kb_item("SMB/WindowsVersion")){
-  exit(0);
-}
-
 officeVer = get_kb_item("MS/Office/Ver");
-if(officeVer =~ "^(9|10|11)\..*")
+if(officeVer =~ "^(9|10|11|12)\..*")
 {
-  # Grep for MS Office PowerPoint Version <= (9.0.8969, 10.0.6842 and 11.0.8227)
+  # Grep for MS Office PowerPoint Version < (9.0.0.8978, 10.0.6853.0 and 11.0.8307.0, 12.0.6500.5000)
   ppVer = get_kb_item("SMB/Office/PowerPnt/Version");
-  if(ppVer)
+  if(ppVer != NULL)
   {
-    if(version_in_range(version:ppVer, test_version:"9.0", test_version2:"9.0.0.8969") ||
-       version_in_range(version:ppVer, test_version:"10.0", test_version2:"10.0.6842.0")||
-       version_in_range(version:ppVer, test_version:"11.0", test_version2:"11.0.8227.0")){
+    if(version_in_range(version:ppVer, test_version:"9.0", test_version2:"9.0.0.8977") ||
+       version_in_range(version:ppVer, test_version:"10.0", test_version2:"10.0.6852.0")||
+       version_in_range(version:ppVer, test_version:"11.0", test_version2:"11.0.8306.0")||
+       version_in_range(version:ppVer, test_version:"12.0", test_version2:"12.0.6500.4999")){
       security_hole(0);
     }
   }



More information about the Openvas-commits mailing list