Detections
Analytics

Microsoft EMET 3.x >= 3.5 / 4.x < 4.0.4913.26122 ASLR Security Bypass

medium Nessus Plugin ID 71176

Language:

Synopsis

A tool for mitigating security vulnerabilities is potentially affected by a security bypass vulnerability.

Description

Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is installed on the remote system and is 3.x newer than or equal to 3.5 or 4.x prior to 4.0.4913.26122. It is, therefore, potentially affected by a security bypass vulnerability.

The application stores function addresses in a predictable way that could aid an attacker in bypassing Address Space Layout Randomization (ASLR) protections.

Solution

Upgrade to EMET 4.0.4913.26122 or later. A possible temporary mitigation step is to disable EMET.

See Also

http://www.nessus.org/u?f42bd53d

Plugin Details

Severity: Medium

ID: 71176

File Name: microsoft_emet_4_0_4913_26122.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 12/3/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:enhanced_mitigation_experience_toolkit

Required KB Items: SMB/Microsoft/EMET/Path

Exploit Ease: No known exploits are available

Patch Publication Date: 6/17/2013

Vulnerability Publication Date: 6/17/2013

Reference Information

CVE: CVE-2013-6791

BID: 64022