Sign-up

ID

VAR-201710-0425


CVE

CVE-2017-11793


TITLE

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

Trust: 0.8

sources: CERT/CC: VU#598349

DESCRIPTION

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server <a href="https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"target="blank"> Has been considered a problem </a> But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. Internet Explorer Contains a flaw in the memory of the script engine that could allow arbitrary code execution in the current user's context. The vendor Scripting Engine Memory Corruption Vulnerability ". This vulnerability CVE-2017-11792 , CVE-2017-11796 , CVE-2017-11798 , CVE-2017-11799 , CVE-2017-11800 , CVE-2017-11801 , CVE-2017-11802 , CVE-2017-11804 , CVE-2017-11805 , CVE-2017-11806 , CVE-2017-11807 , CVE-2017-11808 , CVE-2017-11809 , CVE-2017-11810 , CVE-2017-11811 , CVE-2017-11812 ,and CVE-2017-11821 Is a different vulnerability.An attacker could execute arbitrary code in the context of the current user. Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are vulnerable; other versions may also be affected. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Trust: 3.69

sources: NVD: CVE-2017-11793 // CERT/CC: VU#598349 // JVNDB: JVNDB-2017-014029 // JVNDB: JVNDB-2017-009020 // BID: 101141 // BID: 105298 // VULMON: CVE-2017-11793

AFFECTED PRODUCTS

vendor:microsoftmodel:internet explorerscope:eqversion:9

Trust: 2.7

vendor:microsoftmodel:internet explorerscope:eqversion:11

Trust: 2.7

vendor:microsoftmodel:internet explorerscope:eqversion:10

Trust: 2.7

vendor:adtranmodel: - scope: - version: -

Trust: 0.8

vendor:mikrotikmodel: - scope: - version: -

Trust: 0.8

vendor:pi holemodel: - scope: - version: -

Trust: 0.8

vendor:synologymodel: - scope: - version: -

Trust: 0.8

vendor:tippingpointmodel: - scope: - version: -

Trust: 0.8

vendor:ubiquitimodel: - scope: - version: -

Trust: 0.8

vendor:multiple vendorsmodel: - scope: - version: -

Trust: 0.8

vendor:wpadmodel:wpadscope:eqversion:0

Trust: 0.3

vendor:synologymodel:skynasscope:eqversion:0

Trust: 0.3

vendor:synologymodel:router managerscope:eqversion:1.1

Trust: 0.3

vendor:synologymodel:dsmscope:eqversion:6.2

Trust: 0.3

vendor:synologymodel:dsmscope:eqversion:6.1

Trust: 0.3

vendor:synologymodel:dsmscope:eqversion:5.2

Trust: 0.3

vendor:adtranmodel:total access 900/900e seriesscope:eqversion:0

Trust: 0.3

vendor:adtranmodel:sdx 810-rgscope:eqversion:0

Trust: 0.3

vendor:adtranmodel:netvantascope:eqversion:60000

Trust: 0.3

vendor:adtranmodel:netvanta seriesscope:eqversion:6000

Trust: 0.3

vendor:adtranmodel:netvanta seriesscope:eqversion:5000

Trust: 0.3

vendor:adtranmodel:netvanta seriesscope:eqversion:4000

Trust: 0.3

vendor:adtranmodel:netvanta seriesscope:eqversion:3000

Trust: 0.3

vendor:adtranmodel:netvanta seriesscope:eqversion:10000

Trust: 0.3

vendor:adtranmodel:aos r13.2.2scope: - version: -

Trust: 0.3

vendor:adtranmodel:434rg ontscope:eqversion:0

Trust: 0.3

vendor:adtranmodel:424rg ontscope:eqversion:0

Trust: 0.3

vendor:adtranmodel:414rg ontscope:eqversion:0

Trust: 0.3

vendor:synologymodel:router managerscope:neversion:1.1.7-6941-2

Trust: 0.3

vendor:synologymodel:dsmscope:neversion:6.2.1-23824

Trust: 0.3

sources: CERT/CC: VU#598349 // BID: 101141 // BID: 105298 // JVNDB: JVNDB-2017-014029 // JVNDB: JVNDB-2017-009020 // CNNVD: CNNVD-201710-173 // NVD: CVE-2017-11793

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-11793
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201710-173
value: HIGH

Trust: 0.6

VULMON: CVE-2017-11793
value: HIGH

Trust: 0.1

VULMON: CVE-2017-11793
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2017-11793
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2017-11793 // JVNDB: JVNDB-2017-009020 // CNNVD: CNNVD-201710-173 // NVD: CVE-2017-11793

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-009020 // NVD: CVE-2017-11793

THREAT TYPE

network

Trust: 0.6

sources: BID: 101141 // BID: 105298

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201710-173

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-11793

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2017-11793

PATCH
title:CVE-2017-11793 | Scripting Engine Memory Corruption Vulnerabilityurl:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11793
Trust: 0.8
title:CVE-2017-11793 | Scripting Engine Memory Corruption Vulnerabilityurl:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11793
Trust: 0.8
title:Microsoft Windows Internet Explorer scripting Repair measures for engine security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75358
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2017/10/10/october_2017_microsoft_windows_patch_tuesday/
Trust: 0.2
title:domatourl:https://github.com/googleprojectzero/domato 
Trust: 0.1
title:js-vuln-dburl:https://github.com/tunz/js-vuln-db 
Trust: 0.1
title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/exp101tsarchiv30thers 
Trust: 0.1
title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
title:Threatposturl:https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-11793 // 
            
            
            
            JVNDB: JVNDB-2017-009020 // 
            
            
            
            CNNVD: CNNVD-201710-173

EXTERNAL IDS
db:NVDid:CVE-2017-11793
Trust: 2.8
db:CERT/CCid:VU#598349
Trust: 2.0
db:BIDid:101141
Trust: 2.0
db:SECTRACKid:1039532
Trust: 1.7
db:EXPLOIT-DBid:43368
Trust: 1.7
db:EXPLOIT-DBid:43367
Trust: 0.8
db:JVNid:JVNVU99302544
Trust: 0.8
db:JVNDBid:JVNDB-2017-014029
Trust: 0.8
db:JVNDBid:JVNDB-2017-009020
Trust: 0.8
db:CNNVDid:CNNVD-201710-173
Trust: 0.6
db:BIDid:105298
Trust: 0.3
db:VULMONid:CVE-2017-11793
Trust: 0.1
sources:
            
            
            CERT/CC: VU#598349 // 
            
            
            
            VULMON: CVE-2017-11793 // 
            
            
            
            BID: 101141 // 
            
            
            
            BID: 105298 // 
            
            
            
            JVNDB: JVNDB-2017-014029 // 
            
            
            
            JVNDB: JVNDB-2017-009020 // 
            
            
            
            CNNVD: CNNVD-201710-173 // 
            
            
            
            NVD: CVE-2017-11793

REFERENCES
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11793
Trust: 2.0
url:http://www.securityfocus.com/bid/101141
Trust: 1.8
url:https://www.exploit-db.com/exploits/43368/
Trust: 1.8
url:http://www.securitytracker.com/id/1039532
Trust: 1.7
url:https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html
Trust: 1.6
url:https://www.kb.cert.org/vuls/id/598349
Trust: 1.2
url:https://supportforums.adtran.com/docs/doc-9269
Trust: 1.1
url:https://www.exploit-db.com/exploits/43367/
Trust: 0.8
url:https://community.ubnt.com/t5/unifi-updates-blog/usg-firmware-v4-4-28-now-available/ba-p/2482349
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99302544/
Trust: 0.8
url:https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-019.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11793
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20171011-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2017/at170039.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-11793
Trust: 0.8
url:http://www.microsoft.com
Trust: 0.3
url:http://www.microsoft.com/ie/
Trust: 0.3
url:https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html
Trust: 0.3
url:https://www.synology.com/en-global/support/security/synology_sa_18_53
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55455
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#598349 // 
            
            
            
            VULMON: CVE-2017-11793 // 
            
            
            
            BID: 101141 // 
            
            
            
            BID: 105298 // 
            
            
            
            JVNDB: JVNDB-2017-014029 // 
            
            
            
            JVNDB: JVNDB-2017-009020 // 
            
            
            
            CNNVD: CNNVD-201710-173 // 
            
            
            
            NVD: CVE-2017-11793

CREDITS
Hui Gao of Palo Alto Networks and Yixiang Zhu of National Engineering Lab for Mobile Internet System and Application Security, China
Trust: 0.9
sources:
            
            
            BID: 101141 // 
            
            
            
            CNNVD: CNNVD-201710-173

SOURCES
db:CERT/CCid:VU#598349
db:VULMONid:CVE-2017-11793
db:BIDid:101141
db:BIDid:105298
db:JVNDBid:JVNDB-2017-014029
db:JVNDBid:JVNDB-2017-009020
db:CNNVDid:CNNVD-201710-173
db:NVDid:CVE-2017-11793

LAST UPDATE DATE
2022-05-06T12:59:16.840000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#598349date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-11793date:2019-05-10T00:00:00
db:BIDid:101141date:2017-10-10T00:00:00
db:BIDid:105298date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2017-014029date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2017-009020date:2017-11-01T00:00:00
db:CNNVDid:CNNVD-201710-173date:2019-05-14T00:00:00
db:NVDid:CVE-2017-11793date:2019-05-10T20:10:00

SOURCES RELEASE DATE
db:CERT/CCid:VU#598349date:2018-09-05T00:00:00
db:VULMONid:CVE-2017-11793date:2017-10-13T00:00:00
db:BIDid:101141date:2017-10-10T00:00:00
db:BIDid:105298date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2017-014029date:2018-09-07T00:00:00
db:JVNDBid:JVNDB-2017-009020date:2017-11-01T00:00:00
db:CNNVDid:CNNVD-201710-173date:2017-10-13T00:00:00
db:NVDid:CVE-2017-11793date:2017-10-13T13:29:00