Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.
{"cve": [{"lastseen": "2023-02-09T14:36:53", "description": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.", "cvss3": {}, "published": "2013-09-11T14:03:00", "type": "cve", "title": "CVE-2013-3847", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3847", "CVE-2013-3848", "CVE-2013-3849", "CVE-2013-3858"], "modified": "2018-10-12T22:04:00", "cpe": ["cpe:/a:microsoft:sharepoint_services:2.0", "cpe:/a:microsoft:sharepoint_portal_server:2003", "cpe:/a:microsoft:word_viewer:*", "cpe:/a:microsoft:word:2010", "cpe:/a:microsoft:office_compatibility_pack:*", "cpe:/a:microsoft:word:2007", "cpe:/a:microsoft:sharepoint_server:2010", "cpe:/a:microsoft:word:2003", "cpe:/a:microsoft:office_web_apps:2010", "cpe:/a:microsoft:sharepoint_foundation:2010", "cpe:/a:microsoft:sharepoint_services:3.0"], "id": "CVE-2013-3847", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3847", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:36:52", "description": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.", "cvss3": {}, "published": "2013-09-11T14:03:00", "type": "cve", "title": "CVE-2013-3848", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3847", "CVE-2013-3848", "CVE-2013-3849", "CVE-2013-3858"], "modified": "2018-10-12T22:04:00", "cpe": ["cpe:/a:microsoft:word_viewer:*", "cpe:/a:microsoft:word:2010", "cpe:/a:microsoft:office_compatibility_pack:*", "cpe:/a:microsoft:word:2007", "cpe:/a:microsoft:sharepoint_server:2010", "cpe:/a:microsoft:word:2003", "cpe:/a:microsoft:office_web_apps:2010"], "id": "CVE-2013-3848", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3848", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:36:53", "description": "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.", "cvss3": {}, "published": "2013-09-11T14:03:00", "type": "cve", "title": "CVE-2013-3858", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3847", "CVE-2013-3848", "CVE-2013-3849", "CVE-2013-3858"], "modified": "2018-10-12T22:05:00", "cpe": ["cpe:/a:microsoft:office_web_apps:2010", "cpe:/a:microsoft:word_viewer:*", "cpe:/a:microsoft:word:2007", "cpe:/a:microsoft:office_compatibility_pack:*", "cpe:/a:microsoft:sharepoint_server:2010", "cpe:/a:microsoft:word:2003", "cpe:/a:microsoft:word:2010"], "id": "CVE-2013-3858", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3858", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:x86:*:*", "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:x64:*", "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2021-06-08T19:04:44", "description": "### Description\n\nMicrosoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office Compatibility Pack SP3 \n * Microsoft Office SharePoint Server 2010 SP1 \n * Microsoft Office Web Apps 2010 \n * Microsoft Word 2003 SP1 \n * Microsoft Word 2003 SP2 \n * Microsoft Word 2003 SP3 \n * Microsoft Word 2007 SP1 \n * Microsoft Word 2007 SP2 \n * Microsoft Word 2007 SP3 \n * Microsoft Word 2010 Service Pack 1 32-bit editions \n * Microsoft Word 2010 Service Pack 1 64-bit editions \n * Microsoft Word Viewer \n * Microsoft Word Web App 2010 Service Pack 1 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nNever accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "symantec", "title": "Microsoft Word CVE-2013-3849 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-3849"], "modified": "2013-09-10T00:00:00", "id": "SMNTC-62169", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/62169", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:45", "description": "### Description\n\nMicrosoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office Compatibility Pack SP3 \n * Microsoft Office Web Apps 2010 \n * Microsoft SharePoint Server 2010 SP1 \n * Microsoft Word 2003 SP1 \n * Microsoft Word 2003 SP2 \n * Microsoft Word 2003 SP3 \n * Microsoft Word 2007 SP1 \n * Microsoft Word 2007 SP2 \n * Microsoft Word 2007 SP3 \n * Microsoft Word 2010 Service Pack 1 32-bit editions \n * Microsoft Word 2010 Service Pack 1 64-bit editions \n * Microsoft Word Viewer \n * Microsoft Word Web App 2010 Service Pack 1 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nNever accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "symantec", "title": "Microsoft Word CVE-2013-3858 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-3858"], "modified": "2013-09-10T00:00:00", "id": "SMNTC-62226", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/62226", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:44", "description": "### Description\n\nMicrosoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office Compatibility Pack SP3 \n * Microsoft Office Web Apps 2010 \n * Microsoft SharePoint Server 2010 SP1 \n * Microsoft Word 2003 SP1 \n * Microsoft Word 2003 SP2 \n * Microsoft Word 2003 SP3 \n * Microsoft Word 2007 SP1 \n * Microsoft Word 2007 SP2 \n * Microsoft Word 2007 SP3 \n * Microsoft Word 2010 Service Pack 1 32-bit editions \n * Microsoft Word 2010 Service Pack 1 64-bit editions \n * Microsoft Word Viewer \n * Microsoft Word Web App 2010 Service Pack 1 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nNever accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "symantec", "title": "Microsoft Word CVE-2013-3847 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-3847"], "modified": "2013-09-10T00:00:00", "id": "SMNTC-62165", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/62165", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:45", "description": "### Description\n\nMicrosoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office Compatibility Pack SP3 \n * Microsoft Office Web Apps 2010 \n * Microsoft SharePoint Server 2010 SP1 \n * Microsoft Word 2003 SP1 \n * Microsoft Word 2003 SP2 \n * Microsoft Word 2003 SP3 \n * Microsoft Word 2007 SP1 \n * Microsoft Word 2007 SP2 \n * Microsoft Word 2007 SP3 \n * Microsoft Word 2010 Service Pack 1 32-bit editions \n * Microsoft Word 2010 Service Pack 1 64-bit editions \n * Microsoft Word Viewer \n * Microsoft Word Web App 2010 Service Pack 1 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nNever accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "symantec", "title": "Microsoft Word CVE-2013-3848 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2013-3848"], "modified": "2013-09-10T00:00:00", "id": "SMNTC-62168", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/62168", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mskb": [{"lastseen": "2021-01-01T22:49:53", "description": "<html><body><p>Resolves vulnerabilities in Microsoft Office Server software that could allow remote code execution in the context of the W3WP service account.</p><h2></h2><div class=\"kb-summary-section section\"><br/><a bookmark-id=\"appliestoproducts\" href=\"#appliestoproducts\" managed-link=\"\" target=\"\">View products that this article applies to.</a></div><h2>Introduction</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Microsoft Office Server software that could allow remote code execution in the context of the W3WP service account. <br/><span></span></div><h2>Summary</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS13-067. To view the complete security bulletin, go to one of the following Microsoft websites:<br/><ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms13-067\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS13-067</a></div></li></ul></div><h2></h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">More information about this security update</h3><h4 class=\"sbody-h4\">Known issues and additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. These articles may contain known issue information. If this is the case, the known issue is listed below each article link. <br/><br/><h5 class=\"sbody-h5 text-subtitle\">SharePoint Server</h5><br/><span class=\"text-base\">Note</span> After you install any of the following SharePoint Server security updates, you have to run the PSconfig tool to complete the installation.<br/><br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2810083\" id=\"kb-link-8\">2810083 </a> MS13-067: Description of the security update for SharePoint Server 2013 (coreserverloc): September 10, 2013<br/><br/></li><li><a href=\"https://support.microsoft.com/en-us/help/2817305\" id=\"kb-link-9\">2817305 </a> MS13-067: Description of the security update for SharePoint Server 2013 (wacserver): September 10, 2013 <br/></li><li><a href=\"https://support.microsoft.com/en-us/help/2817315\" id=\"kb-link-10\">2817315 </a> MS13-067: Description of the security update for SharePoint Foundation 2013: September 10, 2013 <br/></li><li><a href=\"https://support.microsoft.com/en-us/help/2817393\" id=\"kb-link-11\">2817393 </a> MS13-067: Description of the security update for SharePoint Server 2010 (coreserver): September 10, 2013 <br/></li><li><a href=\"https://support.microsoft.com/en-us/help/2817372\" id=\"kb-link-12\">2817372 </a> MS13-067: Description of the security update for SharePoint Server 2010 (wosrv): September 10, 2013 <br/></li><li><a href=\"https://support.microsoft.com/en-us/help/2810067\" id=\"kb-link-13\">2810067 </a> MS13-067: Description of the security update for SharePoint Foundation 2010: September 10, 2013 <br/></li></ul><h5 class=\"sbody-h5 text-subtitle\">SharePoint Services</h5><br/><span class=\"text-base\">Note</span> After you install any of the following SharePoint Services security updates, you have to run the PSconfig tool to complete the installation.<br/><br/><br/><br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2760420\" id=\"kb-link-14\">2760420 </a> MS13-067: Description of the security update for Windows SharePoint Services 3.0: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2810061\" id=\"kb-link-15\">2810061 </a> MS13-067: Description of the security update for Windows SharePoint Services 2.0: September 10, 2013</li></ul><h5 class=\"sbody-h5 text-subtitle\">Office Web Services</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2760595\" id=\"kb-link-16\">2760595 </a> MS13-067: Description of the security update for Excel Services in SharePoint Server 2010: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2760589\" id=\"kb-link-17\">2760589 </a> MS13-067: Description of the security update for Excel Services in SharePoint Server 2007: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2553408\" id=\"kb-link-18\">2553408 </a> MS13-067: Description of the security update for InfoPath Forms Services in SharePoint 2010: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2760755\" id=\"kb-link-19\">2760755 </a> MS13-067: Description of the security update for Word Automation Services in SharePoint Server 2010: September 10, 2013</li></ul><h5 class=\"sbody-h5 text-subtitle\">Office Online</h5><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2760594\" id=\"kb-link-20\">2760594 </a> MS13-067: Description of the security update for Excel Online: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/NNNNN2\" id=\"kb-link-21\"></a><a href=\"https://support.microsoft.com/en-us/help/2817384\" id=\"kb-link-22\">2817384 </a> MS13-067: Description of the security update for Word Online: September 10, 2013</li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">acsrv2010-kb2553298-fullfile-x64-glb.exe</td><td class=\"sbody-td\">122AE7B80155F45F217F366BD2F9D4A99527F14A</td><td class=\"sbody-td\">D62785F2FEDF55057F8512E53FD8EE71B2C3D4CA1E2888C16D95326D19DDEF2B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">lpsrv2010-kb2553408-fullfile-x64-glb.exe</td><td class=\"sbody-td\">E586AC1E65F16880847D6E6CCEFF45C3CC082AEB</td><td class=\"sbody-td\">54905C43EC42C9149C0FDB0683D3B4A21BE97EF18DD9B38A83B6171EF9E4463F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">pjsrv2010-kb2553430-fullfile-x64-glb.exe</td><td class=\"sbody-td\">8D97F6BABEAD29D1DD7D06AD631BEA5584167FE1</td><td class=\"sbody-td\">3FF4F679565F7DF2B6DA0D1503D4324293DE70BEA967FCCCBD59877882CB572F</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ppsma2010-kb2553341-fullfile-x64-glb.exe</td><td class=\"sbody-td\">B59A1860FE9AC5499AA5D673AA13B120636BC78D</td><td class=\"sbody-td\">68475D3499CF2109A605185690E052F29810A84A2401C51878B78836735FD362</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts2007-kb2760420-fullfile-x64-glb.exe</td><td class=\"sbody-td\">D04120B3D923E73F4098007966A1C236E6A0217B</td><td class=\"sbody-td\">8CA13F2965FB44C35791857FB300E0C8D4F573BB6518693678A1F2B58849BEE0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">sts2007-kb2760420-fullfile-x86-glb.exe</td><td class=\"sbody-td\">6C92539E2E7BDEDFB760DDB69800FCF7E800C908</td><td class=\"sbody-td\">D9F3170B68A1A8A92AACC27C48560CEDE4606997E67BE5149B907F8DBB551DE3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">vsrv2010-kb2553219-fullfile-x64-glb.exe</td><td class=\"sbody-td\">06C594E6DABF92474192DC6D971FD1206C49A4EC</td><td class=\"sbody-td\">63A63D9F3746AF081D81B54E4D6B686CCB1CA5AC3F03CAFFD51DF71C681DC401</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wdsrv2010-kb2760755-fullfile-x64-glb.exe</td><td class=\"sbody-td\">F55883F6C0D5A5EDD2F04747880159D96A72743F</td><td class=\"sbody-td\">5B4F1B2D87C63D0B9DCB017FF5B09ED309A7C8402AD34694FACEB1F43150E126</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrv2010-kb2760595-fullfile-x64-glb.exe</td><td class=\"sbody-td\">B4D49782733AC2158F1C07177DB44320A543AC34</td><td class=\"sbody-td\">CAA100BC32C152A21E0391D3779360E70F8062006C938A7E2D3F51F378C0ECF0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlwac2010-kb2760594-fullfile-x64-glb.exe</td><td class=\"sbody-td\">722CDD51E9AF23F29372D020938AEFC5DA350096</td><td class=\"sbody-td\">E7116450C7F9304939EFA1F74B9D0E2655243455964478DA485229CD7D55EBF3</td></tr></table></div></div><br/></span></div></div></div></div><h2></h2><div class=\"kb-moreinformation-section section\"><a class=\"bookmark\" id=\"appliestoproducts\"></a><br/><h3 class=\"sbody-h3\">Applies to</h3>This article applies to the following:<br/><ul class=\"sbody-free_list\"><li>Microsoft SharePoint Server 2013</li><li>Microsoft SharePoint Foundation 2013</li><li>Microsoft SharePoint Server 2010 Service Pack 2</li><li>Microsoft SharePoint Server 2010 Service Pack 1</li><li>Microsoft SharePoint Foundation 2010</li><li>Microsoft Windows SharePoint Services 3.0</li><li>Microsoft Windows SharePoint Services 2.0</li><li>Excel Services in Microsoft SharePoint Server 2010</li><li>Excel Services in Microsoft Office SharePoint Server 2007</li><li>InfoPath Forms Services in SharePoint 2010</li><li>Word Automation Services in SharePoint Server 2010</li><li>Microsoft Excel Online</li><li>Microsoft Word Online</li></ul></div></body></html>", "edition": 2, "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "mskb", "title": "MS13-067: Vulnerabilities in Microsoft SharePoint Server could allow remote code execution: September 10, 2013", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-0081", "CVE-2013-1330", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3179", "CVE-2013-3858", "CVE-2013-1315", "CVE-2013-3180"], "modified": "2014-04-18T03:03:01", "id": "KB2834052", "href": "https://support.microsoft.com/en-us/help/2834052/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:12:15", "description": "DoS, crossite scripting, memory corruptions, code execution.", "cvss3": {}, "published": "2013-10-03T00:00:00", "type": "securityvulns", "title": "Microsoft Sharepoint Server multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-0081", "CVE-2013-1330", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3179", "CVE-2013-3858", "CVE-2013-1315", "CVE-2013-3180"], "modified": "2013-10-03T00:00:00", "id": "SECURITYVULNS:VULN:13278", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13278", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:07:48", "description": "Memory corruption on Outlook S/MIME parsing. Information leakage, multiple memory corruptions.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "securityvulns", "title": "Microsoft Office multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3870", "CVE-2013-3157", "CVE-2013-3854", "CVE-2013-3159", "CVE-2013-3859", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3158", "CVE-2013-3156", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160", "CVE-2013-1315", "CVE-2013-3155"], "modified": "2013-09-11T00:00:00", "id": "SECURITYVULNS:VULN:13276", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13276", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-01-11T14:59:22", "description": "The versions of Office SharePoint Server, SharePoint Server, Windows SharePoint Services, SharePoint Foundation, or Office Web Apps installed on the remote host are affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exits that could cause the W3WP process to stop responding. (CVE-2013-0081)\n\n - A remote code execution vulnerability exists in the way Microsoft Office Services and Web Apps parse content in specially crafted files. (CVE-2013-1315)\n\n - A remote code execution vulnerability exists in the way SharePoint Server handles unassigned workflows.\n (CVE-2013-1330)\n\n - An unspecified cross-site scripting vulnerability exists. (CVE-2013-3179)\n\n - An unspecified POST cross-site scripting vulnerability exists. (CVE-2013-3180)\n\n - Multiple memory corruption vulnerabilities exist in the way that Microsoft Office software parses specially crafted files. (CVE-2013-2847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858)", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "nessus", "title": "MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0081", "CVE-2013-1315", "CVE-2013-1330", "CVE-2013-2847", "CVE-2013-3179", "CVE-2013-3180", "CVE-2013-3847", "CVE-2013-3848", "CVE-2013-3849", "CVE-2013-3857", "CVE-2013-3858"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_server", "cpe:/a:microsoft:office_web_apps"], "id": "SMB_NT_MS13-067.NASL", "href": "https://www.tenable.com/plugins/nessus/69827", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69827);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2013-0081\",\n \"CVE-2013-1315\",\n \"CVE-2013-1330\",\n \"CVE-2013-3179\",\n \"CVE-2013-3180\",\n \"CVE-2013-3847\",\n \"CVE-2013-3848\",\n \"CVE-2013-3849\",\n \"CVE-2013-3857\",\n \"CVE-2013-3858\"\n );\n script_bugtraq_id(\n 62165,\n 62167,\n 62168,\n 62169,\n 62205,\n 62221,\n 62224,\n 62226,\n 62227,\n 62254\n );\n script_xref(name:\"EDB-ID\", value:\"28238\");\n script_xref(name:\"MSFT\", value:\"MS13-067\");\n script_xref(name:\"MSKB\", value:\"2794707\");\n script_xref(name:\"MSKB\", value:\"2810083\");\n script_xref(name:\"MSKB\", value:\"2817305\");\n script_xref(name:\"MSKB\", value:\"2817315\");\n script_xref(name:\"MSKB\", value:\"2817393\");\n script_xref(name:\"MSKB\", value:\"2817372\");\n script_xref(name:\"MSKB\", value:\"2810067\");\n script_xref(name:\"MSKB\", value:\"2760420\");\n script_xref(name:\"MSKB\", value:\"2810061\");\n script_xref(name:\"MSKB\", value:\"2760595\");\n script_xref(name:\"MSKB\", value:\"2760589\");\n script_xref(name:\"MSKB\", value:\"2553408\");\n script_xref(name:\"MSKB\", value:\"2760755\");\n script_xref(name:\"MSKB\", value:\"2760594\");\n script_xref(name:\"MSKB\", value:\"2817384\");\n script_xref(name:\"IAVA\", value:\"2013-A-0174\");\n\n script_name(english:\"MS13-067: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)\");\n script_summary(english:\"Checks SharePoint / Office Web Apps version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of Office SharePoint Server, SharePoint Server, Windows\nSharePoint Services, SharePoint Foundation, or Office Web Apps\ninstalled on the remote host are affected by multiple vulnerabilities :\n\n - A denial of service vulnerability exits that could cause\n the W3WP process to stop responding. (CVE-2013-0081)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Office Services and Web Apps parse content in\n specially crafted files. (CVE-2013-1315)\n\n - A remote code execution vulnerability exists in the way\n SharePoint Server handles unassigned workflows.\n (CVE-2013-1330)\n\n - An unspecified cross-site scripting vulnerability\n exists. (CVE-2013-3179)\n\n - An unspecified POST cross-site scripting vulnerability\n exists. (CVE-2013-3180)\n\n - Multiple memory corruption vulnerabilities exist in the\n way that Microsoft Office software parses specially\n crafted files. (CVE-2013-2847, CVE-2013-3848,\n CVE-2013-3849, CVE-2013-3857, CVE-2013-3858)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/528546/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-067\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for SharePoint Server 2007,\nSharePoint Server 2010, SharePoint Foundation 2010, SharePoint Server\n2013, SharePoint Foundation 2013, and Office Web Apps 2010.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"office_installed.nasl\", \"ms_bulletin_checks_possible.nasl\", \"microsoft_sharepoint_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin, vuln;\n\nfunction get_ver()\n{\n local_var fh, path, rc, share, ver;\n\n path = _FCT_ANON_ARGS[0];\n\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\n\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n ver = NULL;\n path = ereg_replace(string:path, pattern:\"^[A-Za-z]:(.*)\", replace:'\\\\1\\\\');\n\n fh = CreateFile(\n file : path,\n desired_access : GENERIC_READ,\n file_attributes : FILE_ATTRIBUTE_NORMAL,\n share_mode : FILE_SHARE_READ,\n create_disposition : OPEN_EXISTING\n );\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n ver = join(ver, sep:\".\");\n CloseFile(handle:fh);\n }\n\n NetUseDel(close:FALSE);\n\n return ver;\n}\n\nfunction check_vuln(fix, kb, name, path, ver)\n{\n local_var info;\n\n if (isnull(ver))\n ver = get_ver(path);\n\n if (isnull(ver) || ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n return 0;\n\n info =\n '\\n Product : ' + name +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n\n vuln = TRUE;\n}\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS13-067\";\nkbs = make_list(\n 2810083, 2817305, 2817315, 2817393,\n 2817372, 2810067, 2760420, 2810061,\n 2760595, 2760589, 2553408,\n 2760755, 2760594, 2817384\n);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Connect to the registry.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Get the path information for SharePoint Server 2007\nsps_2007_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\12.0\\InstallPath\"\n);\n\n# Get path information for SharePoint Server 2010.\nsps_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\14.0\\InstallPath\"\n);\n\n# Get the path information for SharePoint Server 2013\nsps_2013_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\15.0\\InstallPath\"\n);\n\n# Get path information for SharePoint Services 2.0\nsps_20_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\6.0\\Location\"\n);\n\n# Get the path information for SharePoint Service 3.0\nsps_30_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\12.0\\Location\"\n);\n\n# Check if KB2553408 is installed\nkb2553408 = FALSE;\nres = get_reg_name_value_table(handle:hklm, key:\"SOFTWARE\\Classes\\Installer\\Products\\00004109880100000100000000F01FEC\\Patches\");\nforeach item (res)\n{\n if ('9010880000100014.0.7015.1000;:#9010880000100014.0.7015.1000' >< item ||\n '9010880000100014.0.6029.1000;:#9010880000100014.0.6029.1000' >< item)\n kb2553408 = TRUE;\n}\n\n# Get path information for SharePoint Foundation 2010.\nspf_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Shared Tools\\Web Server Extensions\\14.0\\Location\"\n);\n\n# Close connection to registry.\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\n# Get path information for Common Files.\ncommonprogramfiles = hotfix_get_commonfilesdir();\nif (!commonprogramfiles) audit(AUDIT_PATH_NOT_DETERMINED, 'Common Files');\n\n# Get path information for Office Web Apps.\nowa_2010_path = sps_2010_path;\n\n######################################################################\n# SharePoint Services 2.0\n#\n# [KB2810061] onetutil.dll - 11.0.8402.0\n######################################################################\nif (sps_20_path)\n{\n name = \"Office SharePoint Services 2.0\";\n\n check_vuln(\n name : \"SharePoint Services 2.0\",\n kb : \"2810061\",\n path : sps_20_path + \"\\ISAPI\\OWSSVR.DLL\",\n fix : \"11.0.8402.0\"\n );\n}\n\n######################################################################\n# SharePoint Server 2007 SP3\n#\n# [KB2760589] xlsrv.dll - 12.0.6676.5000\n# [KB2760420] owssvr.dll - 12.0.6676.5000\n######################################################################\nif (sps_2007_path)\n{\n name = \"Office SharePoint Server 2007\";\n\n check_vuln(\n name : name,\n kb : \"2760589\",\n path : sps_2007_path + \"Bin\\xlsrv.dll\",\n fix : \"12.0.6676.5000\"\n );\n\n if (sps_30_path)\n {\n check_vuln(\n name : name,\n kb : \"2760420\",\n path : sps_30_path + \"\\ISAPI\\OWSSVR.DLL\",\n fix : \"12.0.6676.5000\"\n );\n }\n}\n\n######################################################################\n# SharePoint Foundation 2010 SP1 / SP2\n#\n# [KB2810067] Onetutil.dll: 14.0.7105.5000\n######################################################################\nif (spf_2010_path)\n{\n path = spf_2010_path + \"Bin\\Onetutil.dll\";\n ver = get_ver(path);\n\n if (ver && ver =~ \"^14\\.\")\n {\n check_vuln(\n name : \"SharePoint Foundation 2010\",\n kb : \"2810067\",\n path : path,\n ver : ver,\n fix : \"14.0.7105.5000\"\n );\n }\n}\n\n######################################################################\n# SharePoint Server 2010 SP1 / SP2\n#\n# [KB2817393] - MSSCPI.dll: 14.0.7105.5000\n# [KB2817372] - SVRSETUP.dll: 14.0.7106.5000\n# [KB2760595] - xlsrv.dll: 14.0.7104.5000\n# [KB2760755] - wdsrvworker.dll: 14.0.6112.5000\n######################################################################\nif (sps_2010_path)\n{\n name = \"Office SharePoint Server 2010\";\n\n check_vuln(\n name : name,\n kb : \"2817393\",\n path : sps_2010_path + \"Bin\\MSSCPI.dll\",\n fix : \"14.0.7105.5000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2817372\",\n path : commonprogramfiles + \"\\Microsoft Shared\\SERVER14\\Server Setup Controller\\SVRSETUP.DLL\",\n fix : \"14.0.7106.5000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2760595\",\n path : sps_2010_path + \"Bin\\xlsrv.dll\",\n fix : \"14.0.7104.5000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2760755\",\n path : sps_2010_path + \"WebServices\\WordServer\\Core\\wdsrvworker.dll\",\n fix : \"14.0.6112.5000\"\n );\n\n sps2010edition = get_kb_item(\"SMB/Microsoft SharePoint/14.0/Edition\");\n if (!kb2553408 && (!empty_or_null(sps2010edition) && 'Foundation' >!< sps2010edition))\n {\n hotfix_add_report(' According to the registry, KB2553408 is missing.\\n', bulletin:bulletin, kb:'2553408');\n vuln++;\n }\n}\n\n######################################################################\n# SharePoint Foundation 2013\n#\n# [KB2817315] Onetutil.dll: 15.0.4535.1000\n######################################################################\nif (spf_2013_path)\n{\n path = spf_2013_path + \"Bin\\Onetutil.dll\";\n ver = get_ver(path);\n\n if (ver && ver =~ \"^15\\.\")\n {\n check_vuln(\n name : \"SharePoint Foundation 2013\",\n kb : \"2817315\",\n path : path,\n ver : ver,\n fix : \"15.0.4535.1000\"\n );\n }\n}\n\n######################################################################\n# SharePoint Server 2013\n#\n# [KB2810083] - MSSCPI.dll: 14.0.7105.5000\n# [KB2817305] - sword.dlla: 15.0.4535.1000\n######################################################################\nif (sps_2013_path)\n{\n name = \"Office SharePoint Server 2013\";\n\n check_vuln(\n name : name,\n kb : \"2810083\",\n path : sps_2013_path + \"Bin\\MSSCPI.dll\",\n fix : \"15.0.4535.1000\"\n );\n\n check_vuln(\n name : name,\n kb : \"2817305\",\n path : sps_2013_path + \"\\WebServices\\ConversionServices\\sword.dll\",\n fix : \"15.0.4525.1000\"\n );\n}\n\n######################################################################\n# Office Web Apps 2010 SP1 / SP2\n#\n# [KB2760594] xlsrv.dll: 14.0.7104.5000\n# [KB2817384] sword.dll: 14.0.7106.5001\n######################################################################\nif (owa_2010_path)\n{\n check_vuln(\n name : \"Office Web Apps 2010\",\n kb : \"2760594\",\n path : owa_2010_path + \"Bin\\xlsrv.dll\",\n fix : \"14.0.7104.5000\"\n );\n\n check_vuln(\n name : \"Office Web Apps 2010\",\n kb : \"2817384\",\n path : owa_2010_path + \"WebServices\\ConversionService\\Bin\\Converter\\sword.dll\",\n fix : \"14.0.7106.5001\"\n );\n}\n\n\nif (vuln)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n set_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-19T14:51:54", "description": "The remote Windows host is running a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, or Microsoft Word Viewer that is affected by the following remote code execution vulnerabilities :\n\n - A remote code execution vulnerability exists due to the way the XML parser used by Word resolves external entities. (CVE-2013-3160)\n\n - Remote code execution vulnerabilities exist due to memory corruption issues in the way that Microsoft Office parses files.\n (CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852, CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858)\n\nIf an attacker can trick a user on the affected host into opening a specially crafted file, it may be possible to leverage these issues to read arbitrary files on the target system or execute arbitrary code, subject to the user's privileges.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "nessus", "title": "MS13-072: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3160", "CVE-2013-3847", "CVE-2013-3848", "CVE-2013-3849", "CVE-2013-3850", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3853", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3857", "CVE-2013-3858"], "modified": "2023-02-16T00:00:00", "cpe": ["cpe:/a:microsoft:office", "cpe:/a:microsoft:word_viewer", "cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS13-072.NASL", "href": "https://www.tenable.com/plugins/nessus/69832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69832);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/16\");\n\n script_cve_id(\n \"CVE-2013-3160\",\n \"CVE-2013-3847\",\n \"CVE-2013-3848\",\n \"CVE-2013-3849\",\n \"CVE-2013-3850\",\n \"CVE-2013-3851\",\n \"CVE-2013-3852\",\n \"CVE-2013-3853\",\n \"CVE-2013-3854\",\n \"CVE-2013-3855\",\n \"CVE-2013-3856\",\n \"CVE-2013-3857\",\n \"CVE-2013-3858\"\n );\n script_bugtraq_id(\n 62162,\n 62165,\n 62168,\n 62169,\n 62170,\n 62171,\n 62216,\n 62217,\n 62220,\n 62222,\n 62223,\n 62224,\n 62226\n );\n script_xref(name:\"MSFT\", value:\"MS13-072\");\n script_xref(name:\"MSKB\", value:\"2597973\");\n script_xref(name:\"MSKB\", value:\"2760411\");\n script_xref(name:\"MSKB\", value:\"2760769\");\n script_xref(name:\"MSKB\", value:\"2760823\");\n script_xref(name:\"MSKB\", value:\"2767773\");\n script_xref(name:\"MSKB\", value:\"2767913\");\n script_xref(name:\"MSKB\", value:\"2817474\");\n script_xref(name:\"MSKB\", value:\"2817682\");\n script_xref(name:\"MSKB\", value:\"2817683\");\n script_xref(name:\"MSKB\", value:\"2845537\");\n script_xref(name:\"IAVA\", value:\"2013-A-0178-S\");\n\n script_name(english:\"MS13-072: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office component installed on the remote host is affected\nby multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Office,\nMicrosoft Word, Office Compatibility Pack, or Microsoft Word Viewer that\nis affected by the following remote code execution vulnerabilities :\n\n - A remote code execution vulnerability exists due to the\n way the XML parser used by Word resolves external\n entities. (CVE-2013-3160)\n\n - Remote code execution vulnerabilities exist due to\n memory corruption issues in the way that Microsoft\n Office parses files.\n (CVE-2013-3847, CVE-2013-3848, CVE-2013-3849,\n CVE-2013-3850, CVE-2013-3851, CVE-2013-3852,\n CVE-2013-3853, CVE-2013-3854, CVE-2013-3855,\n CVE-2013-3856, CVE-2013-3857, CVE-2013-3858)\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted file, it may be possible to leverage these issues to\nread arbitrary files on the target system or execute arbitrary code,\nsubject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-072\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2003, 2007, 2010,\nOffice Compatibility Pack, and Microsoft Word Viewer.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2023 Tenable Network Security, Inc.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin, vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS13-072';\nkbs = make_list(\n 2597973,\n 2760411,\n 2760769,\n 2760823,\n 2767773,\n 2767913,\n 2817474,\n 2817682,\n 2817683,\n 2845537\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\n# Word\nkb = \"\";\ninstalls = get_kb_list(\"SMB/Office/Word/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/Word/' - '/ProductPath';\n path = installs[install];\n info = \"\";\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Word 2010\n if (\n ver[0] == 14 && ver[1] == 0 &&\n (\n ver[2] < 7106 ||\n (ver[2] == 7106 && ver[3] < 5001)\n )\n )\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && (office_sp == 1 || office_sp == 2))\n {\n info =\n '\\n Product : Word 2010' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.0.7106.5001' + '\\n';\n kb = \"2760769\";\n }\n }\n\n # Word 2007\n if (\n ver[0] == 12 && ver[1] == 0 &&\n (\n ver[2] < 6683 ||\n (ver[2] == 6683 && ver[3] < 5001)\n )\n )\n {\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n info =\n '\\n Product : Word 2007' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6683.5001' + '\\n';\n kb = \"2767773\";\n }\n }\n\n # Word 2003\n if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8406)\n {\n office_sp = get_kb_item(\"SMB/Office/2003/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n info =\n '\\n Product : Word 2003' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 11.0.8406.0' + '\\n';\n kb = \"2817682\";\n }\n }\n\n if (info)\n {\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n vuln = TRUE;\n }\n }\n}\n\n# Word Viewer\ninstalls = get_kb_list(\"SMB/Office/WordViewer/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n info = \"\";\n version = install - 'SMB/Office/WordViewer/' - '/ProductPath';\n path = installs[install];\n if (isnull(path)) path = \"n/a\";\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8406)\n {\n info =\n '\\n Product : Word Viewer' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 11.0.8406.0' + '\\n';\n kb = \"2817683\";\n }\n\n if (info)\n {\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n vuln = TRUE;\n break;\n }\n }\n}\n\n# Ensure Office is installed\noffice_vers = hotfix_check_office_version();\nif (!isnull(office_vers))\n{\n # Ensure we can get common files directory\n commonfiles = hotfix_get_officecommonfilesdir(officever:\"11.0\");\n if (commonfiles)\n {\n # Ensure share is accessible\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:commonfiles);\n if (is_accessible_share(share:share))\n {\n # Office 2003 SP3\n if (office_vers[\"11.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2003/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n path = commonfiles + \"\\Microsoft Shared\\Office11\";\n old_report = hotfix_get_report();\n check_file = \"Mso.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"11.0.8405\", min_version:\"11.0.0.0\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office 2003' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 11.0.8405' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2817474\");\n vuln = TRUE;\n }\n }\n }\n\n # Office 2007 SP3\n if (office_vers[\"12.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n path = commonfiles + \"\\Microsoft Shared\\Office12\";\n old_report = hotfix_get_report();\n check_file = \"Msptls.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"12.0.6682.5000\", min_version:\"12.0.0.0\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office 2007 SP3' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6682.5000' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2597973\");\n vuln = TRUE;\n }\n }\n }\n\n # Office 2007 SP3\n if (office_vers[\"12.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n path = commonfiles + \"\\Microsoft Shared\\Office12\";\n old_report = hotfix_get_report();\n check_file = \"Mso.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"12.0.6683.5000\", min_version:\"12.0.0.0\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office 2007 SP3' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6683.5000' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2760411\");\n vuln = TRUE;\n }\n }\n }\n\n # Office 2010\n if (office_vers[\"14.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && (office_sp == 1 || office_sp == 2))\n {\n path = get_kb_item(\"SMB/Office/Word/14.0/Path\");\n if (path)\n {\n old_report = hotfix_get_report();\n check_file = \"Wwlib.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"14.0.7106.5001\", min_version:\"14.0.0.0\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office 2010' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.0.7106.5001' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2767913\");\n vuln = TRUE;\n }\n }\n }\n }\n }\n }\n}\n\nversion = '';\ninstalls = get_kb_list(\"SMB/Office/WordCnv/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/WordCnv/' - '/ProductPath';\n path = installs[install];\n\n if (path)\n {\n share = hotfix_path2share(path:path);\n if (!is_accessible_share(share:share))\n audit(AUDIT_SHARE_FAIL, share);\n\n path = path - '\\\\Wordconv.exe';\n\n old_report = hotfix_get_report();\n check_file = \"wordcnv.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"12.0.6683.5001\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n kb_name = ereg_replace(pattern:\"//\"+check_file, replace:\"/\"+check_file, string:kb_name);\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6683.5001' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2760823\");\n vuln = TRUE;\n }\n }\n }\n}\nif (!version)\n{\n # Additional check if registry key is missing\n path = hotfix_get_officecommonfilesdir(officever:\"12.0\") + \"\\Microsoft Office\\Office12\";\n\n kb = \"2760823\";\n if (\n hotfix_is_vulnerable(file:\"wordcnv.dll\", version:\"12.0.6683.5001\", min_version:\"12.0.0.0\", path:path, bulletin:bulletin, kb:kb)\n ) vuln = TRUE;\n}\n\nif (vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-10T19:53:23", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310903403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903403", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903403\");\n script_version(\"2020-06-09T08:59:39+0000\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 08:59:39 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 17:10:50 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (2845537)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-072.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to error exists when processing XML data and some\n unspecified errors.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Word Viewer 2003.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute the arbitrary\n code, cause memory corruption and compromise the system.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2817683\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordView/Version\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nwordviewVer = get_kb_item(\"SMB/Office/WordView/Version\");\n\nif(wordviewVer && wordviewVer =~\"^11.*\")\n{\n if(version_in_range(version:wordviewVer, test_version:\"11.0\", test_version2:\"11.0.8405\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:14", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2017-05-09T00:00:00", "id": "OPENVAS:903404", "href": "http://plugins.openvas.org/nasl.php?oid=903404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms_compat_pack_ms13-072.nasl 6086 2017-05-09 09:03:30Z teissa $\n#\n# MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(903404);\n script_version(\"$Revision: 6086 $\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-09 11:03:30 +0200 (Tue, 09 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 17:22:16 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2845537)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws are due to error exists when processing XML data and some\nunspecified errors.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to execute the arbitrary\ncode, cause memory corruption and compromise the system.\n\nImpact Level: System/Application \";\n\n tag_affected =\n\"Compatibility Pack for Microsoft Office 2007 file formats\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-072\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54737\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760823\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordCnv/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variable Initailization\nwordcnvVer = \"\";\npath = \"\";\nsysVer = \"\";\n\n# Check for Office Word Version 2007 with compatibility pack\nwordcnvVer = get_kb_item(\"SMB/Office/WordCnv/Version\");\nif(wordcnvVer && wordcnvVer =~ \"^12.*\")\n{\n # Office Word Converter\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\n if(path)\n {\n sysVer = fetch_file_version(sysPath:path + \"\\Microsoft Office\\Office12\", file_name:\"Wordcnv.dll\");\n\n if(sysVer)\n {\n # Check for Word Converter 2007 version 12.0 < 12.0.6683.5001\n if(version_in_range(version:sysVer, test_version:\"12.0\", test_version2:\"12.0.6683.5000\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:19", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2017-05-11T00:00:00", "id": "OPENVAS:903403", "href": "http://plugins.openvas.org/nasl.php?oid=903403", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms_wordview_ms13-072.nasl 6104 2017-05-11 09:03:48Z teissa $\n#\n# Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(903403);\n script_version(\"$Revision: 6104 $\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 17:10:50 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (2845537)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws are due to error exists when processing XML data and some\nunspecified errors.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to execute the arbitrary\ncode, cause memory corruption and compromise the system.\n\nImpact Level: System/Application \";\n\n tag_affected =\n\"Microsoft Word Viewer 2003 \";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-072\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54737\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2817683\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordView/Version\");\n exit(0);\n}\n\n\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initailization\nwordviewVer = \"\";\n\nwordviewVer = get_kb_item(\"SMB/Office/WordView/Version\");\n\n# Check for Word Viewer 11.0 < 11.0.8406\nif(wordviewVer && wordviewVer =~\"^11.*\")\n{\n if(version_in_range(version:wordviewVer, test_version:\"11.0\", test_version2:\"11.0.8405\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:59", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Word Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2017-05-11T00:00:00", "id": "OPENVAS:903402", "href": "http://plugins.openvas.org/nasl.php?oid=903402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms_winword_ms13-072.nasl 6104 2017-05-11 09:03:48Z teissa $\n#\n# Microsoft Office Word Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(903402);\n script_version(\"$Revision: 6104 $\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 16:55:20 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Word Remote Code Execution Vulnerabilities (2845537)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws are due to error exists when processing XML data and some\nunspecified errors.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to execute the arbitrary\ncode, cause memory corruption and compromise the system.\n\nImpact Level: System/Application \";\n\n tag_affected =\n\"Microsoft Word 2003 Service Pack 3 and prior\nMicrosoft Word 2007 Service Pack 3 and prior\nMicrosoft Word 2010 Service Pack 2 and prior.\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-072\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54737\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2817682\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2767773\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760769\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n exit(0);\n}\n\n\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\n## variable Initialization\nwinwordVer = \"\";\n\nwinwordVer = get_kb_item(\"SMB/Office/Word/Version\");\n\n## Microsoft Office Word 2003/2007/2010\nif(winwordVer && winwordVer =~ \"^(11|12|14).*\")\n{\n ## Grep for version Winword.exe 11 < 11.0.8406 < 12.0.6683.5001, 14 < 14.0.7106.5001\n ## Wwlibcxm.dll file not found on office 2010, as of now its not considered\n if(version_in_range(version:winwordVer, test_version:\"11.0\", test_version2:\"11.0.8405\") ||\n version_in_range(version:winwordVer, test_version:\"12.0\", test_version2:\"12.0.6683.5000\") ||\n version_in_range(version:winwordVer, test_version:\"14.0\", test_version2:\"14.0.7106.5000\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:00", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2017-05-05T00:00:00", "id": "OPENVAS:903401", "href": "http://plugins.openvas.org/nasl.php?oid=903401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-072.nasl 6074 2017-05-05 09:03:14Z teissa $\n#\n# Microsoft Office Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(903401);\n script_version(\"$Revision: 6074 $\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-05 11:03:14 +0200 (Fri, 05 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 16:10:36 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Remote Code Execution Vulnerabilities (2845537)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-072.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws are due to error exists when processing XML data and some\nunspecified errors.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to execute the arbitrary\ncode, cause memory corruption and compromise the system.\n\nImpact Level: System/Application \";\n\n tag_affected =\n\"Microsoft Office 2003 Service Pack 3 and prior\nMicrosoft Office 2007 Service Pack 3 and prior\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-072\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54737\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2817474\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760411\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2767913\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_office_detection_900025.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\", \"MS/Office/InstallPath\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nexeVer = \"\";\nInsPath = \"\";\noffsubver = \"\";\n\n## MS Office 2003, 2007\nif(!(get_kb_item(\"MS/Office/Ver\") =~ \"^(11|12).*\")){\n exit(0);\n}\n\nInsPath = get_kb_item(\"MS/Office/InstallPath\");\nif(InsPath && \"Could not find the install Location\" >!< InsPath)\n{\n foreach offsubver (make_list(\"Office11\", \"Office12\"))\n {\n ## Get Version from mso.dll file version\n exeVer = fetch_file_version(sysPath:InsPath + offsubver, file_name:\"mso.dll\");\n if(exeVer)\n {\n ## Check for mso.dll version\n if(version_in_range(version:exeVer, test_version:\"11.0\", test_version2:\"11.0.8404\") ||\n version_in_range(version:exeVer, test_version:\"12.0\", test_version2:\"12.0.6683.4999\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:13", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2019-05-21T00:00:00", "id": "OPENVAS:1361412562310903404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903404", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903404\");\n script_version(\"2019-05-21T06:50:08+0000\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-21 06:50:08 +0000 (Tue, 21 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 17:22:16 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2845537)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-072.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to error exists when processing XML data and some\n unspecified errors.\");\n\n script_tag(name:\"affected\", value:\"Compatibility Pack for Microsoft Office 2007 file formats\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute the arbitrary\n code, cause memory corruption and compromise the system.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54737\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760823\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/Office/WordCnv/Version\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nwordcnvVer = get_kb_item(\"SMB/Office/WordCnv/Version\");\nif(wordcnvVer && wordcnvVer =~ \"^12\\.\")\n{\n # Office Word Converter\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\n if(path)\n {\n sysVer = fetch_file_version(sysPath:path + \"\\Microsoft Office\\Office12\", file_name:\"Wordcnv.dll\");\n\n if(sysVer)\n {\n if(version_in_range(version:sysVer, test_version:\"12.0\", test_version2:\"12.0.6683.5000\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T14:02:25", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Word Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310903402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903402", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903402\");\n script_version(\"2019-12-20T12:48:41+0000\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:48:41 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 16:55:20 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Word Remote Code Execution Vulnerabilities (2845537)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-072.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to error exists when processing XML data and some\n unspecified errors.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Word 2003 Service Pack 3 and prior\n\n - Microsoft Word 2007 Service Pack 3 and prior\n\n - Microsoft Word 2010 Service Pack 2 and prior\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute the arbitrary\n code, cause memory corruption and compromise the system.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2817682\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2767773\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760769\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n\n exit(0);\n}\n\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nwinwordVer = get_kb_item(\"SMB/Office/Word/Version\");\n\n## Microsoft Office Word 2003/2007/2010\nif(winwordVer && winwordVer =~ \"^1[124]\\.\")\n{\n ## Wwlibcxm.dll file not found on office 2010, as of now its not considered\n if(version_in_range(version:winwordVer, test_version:\"11.0\", test_version2:\"11.0.8405\") ||\n version_in_range(version:winwordVer, test_version:\"12.0\", test_version2:\"12.0.6683.5000\") ||\n version_in_range(version:winwordVer, test_version:\"14.0\", test_version2:\"14.0.7106.5000\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T14:03:09", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-072.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Remote Code Execution Vulnerabilities (2845537)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3854", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310903401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Remote Code Execution Vulnerabilities (2845537)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903401\");\n script_version(\"2019-12-20T12:48:41+0000\");\n script_cve_id(\"CVE-2013-3160\", \"CVE-2013-3847\", \"CVE-2013-3848\", \"CVE-2013-3849\",\n \"CVE-2013-3850\", \"CVE-2013-3851\", \"CVE-2013-3852\", \"CVE-2013-3853\",\n \"CVE-2013-3854\", \"CVE-2013-3855\", \"CVE-2013-3856\", \"CVE-2013-3857\",\n \"CVE-2013-3858\");\n script_bugtraq_id(62162, 62165, 62168, 62169, 62170, 62171, 62216, 62217, 62220,\n 62222, 62223, 62224, 62226);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:48:41 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 16:10:36 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Remote Code Execution Vulnerabilities (2845537)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-072.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to error exists when processing XML data and some\n unspecified errors.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Office 2003 Service Pack 3 and prior\n\n - Microsoft Office 2007 Service Pack 3 and prior\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute the arbitrary\n code, cause memory corruption and compromise the system.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2817474\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760411\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2767913\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-072\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_office_detection_900025.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Office/Ver\", \"MS/Office/InstallPath\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nofficeVer = get_kb_item(\"MS/Office/Ver\");\n\n## MS Office 2003, 2007\nif(!officeVer || officeVer !~ \"^1[12]\\.\"){\n exit(0);\n}\n\nInsPath = get_kb_item(\"MS/Office/InstallPath\");\nif(InsPath && \"Could not find the install Location\" >!< InsPath)\n{\n foreach offsubver (make_list(\"Office11\", \"Office12\"))\n {\n exeVer = fetch_file_version(sysPath:InsPath + offsubver, file_name:\"mso.dll\");\n if(exeVer)\n {\n if(version_in_range(version:exeVer, test_version:\"11.0\", test_version2:\"11.0.8404\") ||\n version_in_range(version:exeVer, test_version:\"12.0\", test_version2:\"12.0.6683.4999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:40:42", "description": "BUGTRAQ ID: 62226\r\nCVE(CAN) ID: CVE-2013-3858\r\n\r\nMicrosoft Word \u5c5e\u4e8e\u529e\u516c\u8f6f\u4ef6\u662f\u5fae\u8f6f\u516c\u53f8\u7684\u4e00\u4e2a\u6587\u5b57\u5904\u7406\u5668\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u53d7\u5f71\u54cd\u7684 Microsoft Office \u8f6f\u4ef6\u5206\u6790\u7279\u5236\u6587\u4ef6\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u653b\u51fb\u8005\u53ef\u968f\u540e\u5b89\u88c5\u7a0b\u5e8f\uff1b\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\uff1b\u6216\u8005\u521b\u5efa\u62e5\u6709\u5b8c\u5168\u7528\u6237\u6743\u9650\u7684\u65b0\u5e10\u6237\u3002\r\n0\r\nMicrosoft Office 2010\r\nMicrosoft Office 2007\r\nMicrosoft Office 2003\r\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u5b89\u88c5\u548c\u914d\u7f6e MOICE \u4ee5 \u6210\u4e3a .doc \u6587\u4ef6\u7684\u6ce8\u518c\u5904\u7406\u7a0b\u5e8f\r\n* \u4f7f\u7528 Microsoft Office \u6587\u4ef6\u963b\u6b62\u7b56\u7565\u7981\u6b62\u6253\u5f00 .doc \u548c .dot \u4e8c\u8fdb\u5236\u6587\u4ef6\r\n* \u4e0d\u8981\u6253\u5f00\u4ece\u4e0d\u53d7\u4fe1\u4efb\u6765\u6e90\u6216\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u610f\u5916\u6536\u5230\u7684 Office \u6587\u4ef6\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS13-072\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS13-072\uff1aVulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)\r\n\u94fe\u63a5\uff1ahttp://technet.microsoft.com/security/bulletin/MS13-072", "published": "2013-09-13T00:00:00", "title": "Microsoft Word\u8fdc\u7a0b\u5185\u5b58\u7834\u574f\u6f0f\u6d1e(CVE-2013-3858)(MS13-072)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-3858"], "modified": "2013-09-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61001", "id": "SSV:61001", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "checkpoint_advisories": [{"lastseen": "2022-11-28T07:03:18", "description": "A remote code execution vulnerability has been reported in Microsoft Word.", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Word Memory Corruption (MS13-072: CVE-2013-3848)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-3848"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-2929", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2013-3849
