##############################################################################
#
#  Microsoft Internet Explorer URLMon.DLL Denial Of Service Vulnerability 
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/02/07
#
#  $Revision: 1.6 $
#
#  $Log: os2a_ie_urlmon_dos_601715.nasl,v $
#  Revision 1.6  2007/01/31 07:17:30  ajagadeesh
#  --Excluded IE 6 version
#
#  Revision 1.5  2006/09/20 11:11:26  ksjayesh
#  new ntlm changes
#
#  Revision 1.1  2006/08/09 14:44:13  hpavithra
#  Scripts with ntlmv2 changes
#
#  Revision 1.3  2006/08/04 01:03:16  bchandra
#  Changes for new NTLMv2
#
#  Revision 1.2  2006/03/31 05:43:28  drahul
#  issue #1788
#  Added CVE
#
#  Revision 1.1  2006/02/10 13:24:33  ksjayesh
#  To Production
#
#  Revision 1.2  2006/02/09 12:21:55  shraddha
#  Modified regex.
#  Issue #1788.
#
#  Revision 1.1  2006/02/07 12:06:25  shraddha
#  Issue #1788
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################

if(description)
{
 script_id(601715);
 script_bugtraq_id(16463);
 script_cve_id("CVE-2006-0544");
 script_version("$Revision: 1.6 $");
 script_category(ACT_GATHER_INFO);
 name["english"] = "Microsoft Internet Explorer URLMon.DLL Denial Of Service Vulnerability";
 script_name(english:name["english"]);
 summary["english"] = "Check for vulnerable version of Internet Explorer";
 script_summary(english:summary["english"]);
 script_copyright(english:"Copyright (C) 2006 OS2A");
 family["english"] = "Denial of Service";
 script_family(english:family["english"]);
 desc["english"] = "
 Overview : This host has Internet Explorer installed which is prone to
 denial of service vulnerability.

 The flaw is caused due to error in urlmon.dll which does not properly validate
 user supplied input.

 Impact : Successful exploitation can lead to application crash and/or
 execution of arbitrary code.
 
 Impact of the vulnerability is limited to system level.

 Affected Software : Internet Explorer 7.0 Beta 2 (7.0.5296.0) and prior.

 Affected Platform : Windows (Any).

 Solution : No vendor supplied patch is available as of 07 February 2006.
 Information regarding this issue will be updated once the solution details
 are available.

 Reference :  http://www.security-protocols.com/advisory/sp-x23-advisory.txt

 CVSS Score :
	CVSS Base Score     : 8.5 (AV:R/AC:L/Au:NR/C:P/I:P/A:C/B:A)
	CVSS Temporal Score : 8.1
 Risk factor : High";
 script_description(english:desc["english"]);
 script_dependencies("smb_hotfixes.nasl");
 script_require_keys("SMB/WindowsVersion");
 exit(0);
}

 
 include("ntlmv2.inc");

 if(!get_kb_item("SMB/WindowsVersion")){
        exit(0);
 }

 ieVer = cx_registry_get_sz(key:"SOFTWARE\Microsoft\Internet Explorer",
                            item:"Version");

 if(!ieVer){
        exit(0);
 }

 if(egrep(pattern:"^(7\.0\.(([0-4].*)|5[0-1][0-9][0-9]|52([0-8][0-9]|9[0-6]))\.0)$",
          string:ieVer))
 {
	security_hole(0);
	exit(0);
 }