Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2023 Tenable Network Security, Inc.MACOSX_MS07-044.NASL
HistoryOct 20, 2010 - 12:00 a.m.

MS07-043 / MS07-044: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (921503 / 940965) (Mac OS X)

2010-10-2000:00:00
This script is Copyright (C) 2010-2023 Tenable Network Security, Inc.
www.tenable.com
8

7.2 High

AI Score

Confidence

Low

JSON

The remote Mac OS X host is running a version of Microsoft Office 2004 for Mac that is affected by several vulnerabilities.

If an attacker can trick a user on the affected host into opening a specially crafted Office file or viewing a specially crafted web page, these issues could be leveraged to execute arbitrary code subject to the user’s privileges.

#TRUSTED 90a40bd3071ee1a55df480067947448a2a86859bd7bb3c3650fbc279110f8f2869451ea03608e9b5de02dce9aafac87d29ef1d04272340ad904a25a59075663b938a24d454a3625f842590add5eca461d05eeebd5d4d282d8da3b3475eecd5d6b939eef38526e4573f9ad16ddc16c2972590e0b6cc310a301946dee3c104e7616a7fe916013ed936abe44ed6411d2182eaa77a9bb83cd0cb18ab5726937577014df05db54f5369c57828bc55e359e30ebceac5bb9b67862fec733d83534e38f3267820a7061a707911f9ee81ff60ae170b7c4272b2b1429ff45f5eebebff13651f1db769339ff65c6f20b21b03689a7d22c785cf71258a08463b89db6958204a1a54a7cd06cd0c329fcdd1eb1dcd4dcd429419b193e223a6a252a7ddb55c95b7d942204ed14a5b507656b6068ad50c6747f2bb2c9304b5df2e072244c6908fbf213d25406ad3fa09b646a926b6828fc3769b83a1a66a49093686f451faef198b2002d438e040f8fb723cabde5d20404f5b7d0ff5b04dd599d114098da129843b30aa5d51a53e45c867747ec22370489e1f619694c163c9f439de0b3ce338a2ec9b240f430c4fb8b468f5ab14b04fe64d04d5c07a0bcfd83833ec9ec50f33a606220085c0be996e8b4b66d64ed68310f64d4d740150e1ffce49f5d57881757d7eb2a2035cb8e6afdf20e1ebc3850fb116791942b713f9b964b19d8f5a4c1c0ba8
#TRUST-RSA-SHA256 4ea2f59636f27837dc84516dc5bbb964971b5ff93bef16393194cfe65a9b04a5ed37dbda57914914ee619d7f8383a2578a660163ca7f5dbdde37478158d993fd6bed236ab33853953457293dbd89a571c044c51c2c37076c01bc1984fc68d8f8b2808511fe5974535ee11d5c1dc1682e697e8a3c110ae33dd2e80ffcd2e06a319cc33b21d27a62d2be869b6efe0994643f66ec50e6cd140df36127fb7e9181d980cb1055bfbe64bcb6a6f560b832cf7b18153e45fbccd8ed6396642fb8a41e689807fc146d2480b15c33fb1951773d8c25005aa3b4fb0faf7f5c75dea6e4240019c2515264510a2dc8d8cd67aee43c050b1a78e3a64636741d2af585ae048867f91e9b8a4a367b0ac61b4a3ef3df4b4766e3ce7ba8980914693024b14664dad60cd8813c3bd18ee96d9a07744cb911f498a3c7d52386983ef3599eb8be2253929813e67e6963d6fc6a1efc8e96e9162be5616da56654946c9c346a7ccca0ccd8dfbc9be562d2f528d16a05d39424877de86f427396d251319a59c62d047e3ff2b9ebfd6d46a3ad1e7806d04edc5e89db4b16fddf3c7fbe07bf5c3341dd225c568ff41471692a3779d7a7f394ac517b18ea56af67993743ac00651f31f4bc2b0ef5659b58467d791831f082af64c77354e0d74c9f773bc1db2b6487269ac3849ca07cb05ea58f022d3411a04e676fa3940f982314dcb9e7bbd62ed7fb03eac7db
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(50053);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id("CVE-2007-2224", "CVE-2007-3890");
  script_bugtraq_id(25280, 25282);
  script_xref(name:"MSFT", value:"MS07-043");
  script_xref(name:"MSFT", value:"MS07-044");
  script_xref(name:"MSKB", value:"921503");
  script_xref(name:"MSKB", value:"940965");

  script_name(english:"MS07-043 / MS07-044: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (921503 / 940965) (Mac OS X)");
  script_summary(english:"Check version of Microsoft Office");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X host is running a version of Microsoft Office 2004
for Mac that is affected by several vulnerabilities.

If an attacker can trick a user on the affected host into opening a
specially crafted Office file or viewing a specially crafted web page,
these issues could be leveraged to execute arbitrary code subject to
the user's privileges.");
  script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-043");
  script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-044");
  script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Office 2004 for Mac.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-3890");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119,189);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

function exec(cmd)
{
  local_var buf, ret;

  if (islocalhost())
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(1, "ssh_open_connection() failed.");
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(0, "The 'Host/MacOSX/packages' KB item is missing.");

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
if (!egrep(pattern:"Darwin.*", string:uname)) exit(1, "The host does not appear to be using the Darwin sub-system.");


# Gather version info.
info = '';
installs = make_array();

prod = 'Office 2004 for Mac';
cmd = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office");
version = exec(cmd:cmd);
if (version && version =~ "^[0-9]+\.")
{
  version = chomp(version);
  if (version !~ "^11\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'.");

  installs[prod] = version;

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(ver); i++)
    ver[i] = int(ver[i]);

  fixed_version = '11.3.7';
  fix = split(fixed_version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(fix); i++)
    fix[i] = int(fix[i]);

  for (i=0; i<max_index(fix); i++)
    if ((ver[i] < fix[i]))
    {
      info +=
        '\n  Product           : ' + prod +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fixed_version + '\n';
      break;
    }
    else if (ver[i] > fix[i])
      break;
}


# Report findings.
if (info)
{
  gs_opt = get_kb_item("global_settings/report_verbosity");
  if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);
  else security_hole(0);

  exit(0);
}
else
{
  if (max_index(keys(installs)) == 0) exit(0, "Office 2004 for Mac is not installed.");
  else
  {
    msg = 'The host has ';
    foreach prod (sort(keys(installs)))
      msg += prod + ' ' + installs[prod] + ' and ';
    msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));

    msg += ' installed and thus is not affected.';

    exit(0, msg);
  }
}
VendorProductVersionCPE
microsoftoffice2004cpe:/a:microsoft:office:2004::mac

Related

checkpoint_advisories 2
securityvulns 6
cve 2
nessus 2
prion 2
seebug 1
checkpoint_advisories
checkpoint_advisories
Microsoft OLE Automation String Manipulation Heap Overflow (MS07-043; CVE-2007-2224)
2010-02-08 00:00:00
Microsoft Excel Workspace Index Value Memory Corruption (MS07-044; CVE-2007-3890)
2007-08-16 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS07-043 - Critical Vulnerability in OLE Automation Could Allow Remote Code Execution &#40;921503&#41;
2007-08-14 00:00:00
Microsoft Windows OLE Automation memory corruption
2007-08-15 00:00:00
Microsoft Excel memory corruption
2007-08-14 00:00:00
cve
cve
CVE-2007-2224
2007-08-14 21:17:00
CVE-2007-3890
2007-08-14 21:17:00
nessus
nessus
MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
2007-08-14 00:00:00
MS07-044: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (940965)
2007-08-14 00:00:00
prion
prion
Integer overflow
2007-08-14 21:17:00
Memory corruption
2007-08-14 21:17:00
seebug
seebug
Microsoft Excel rtWnDesk记录内存破坏漏洞(MS07-044)
2007-08-17 00:00:00

7.2 High

AI Score

Confidence

Low

JSON
Related for MACOSX_MS07-044.NASL
checkpoint_advisories2securityvulns6cve2nessus2prion2seebug1