Search...

MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)

2010-10-20T00:00:00

ID MACOSX_MS08-026.NASL
Type nessus
Reporter Tenable
Modified 2018-07-14T00:00:00

Description

The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.

If an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.

                                        
                                            #TRUSTED 61ba59c4a751a3218c60c92e1cb09d2e25cc025ccf9061ef932f392be428138012afc41d98040f42a3c43c29e19dfc39c29f49ceb33474fd3a40904c2427efd909f202b1d97d77a52b4e5f900c55fe14776a2bb682ad59066923693d6347244d0df7d96a851ac6b803801664420f75c39a90b7c9c320589a812ce4f867813704b196b04cc1dd1e7dd011a06c26273590273a5df31420ccf5a8941da10eac6897ec9aff5d5000bfd86d1e41b4967bb3e5a2246f98811c6970a2bb6e557f0d42ba1b4a06066bd19d2fe71bbf54c72dd967c4c98d6740c5ecd5021da61eb65ed1c172893e7bae049d987087254ff5c837508664d54b95cb17185614c06749231c04c5aefd086a08adf3e616d0d1f444599c4c926d089e9a7ec4b8627b37e6cc6e3024883c6a8e4e2816450a997dcd2b585201f77519f07f79593eb7648056b2223115897a65f767deca679ca430552bbd7492d614421653d44cb51a2841dc40fb4ebf74672ea571054cfb840e91a5bca92c70e1818b007bfeb03f1466f921b93cfa5660031204a52c899eb2a157c1f110fba000f841bd24b64a5e3de8f4d853b429c9a8a56612dfcc7068ef2fa4dfccf64307112dd3c4dbc2d4b732fff57b5bde7bb539f14dd3ebd4270c834004f3db9b362adeca5a54ab4d899f3a5cb0477e085579ed857873ee32eff4963e15545327e8e3cb7b2939afa93314ea47541c5ce6e9
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(50057);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

  script_cve_id("CVE-2008-1091", "CVE-2008-1434");
  script_bugtraq_id(29104, 29105);
  script_xref(name:"MSFT", value:"MS08-026");
  script_xref(name:"MSKB", value:"952331");
  script_xref(name:"MSKB", value:"952332");
  script_xref(name:"MSKB", value:"951207");

  script_name(english:"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)");
  script_summary(english:"Check version of Microsoft Office");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X host is running a version of Microsoft Office that
is affected by several vulnerabilities.

If an attacker can trick a user on the affected host into opening a
specially crafted Word file, these issues could be leveraged to
execute arbitrary code subject to the user's privileges.");
  script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms08-026");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Office 2004 for Mac and
Office 2008 for Mac.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/05/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/05/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2008::mac");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/MacOSX/packages", "Host/uname");

  exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() &gt;= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

function exec(cmd)
{
  local_var buf, ret;

  if (islocalhost())
    buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd));
  else
  {
    ret = ssh_open_connection();
    if (!ret) exit(1, "ssh_open_connection() failed.");
    buf = ssh_cmd(cmd:cmd);
    ssh_close_connection();
  }
  return buf;
}


packages = get_kb_item("Host/MacOSX/packages");
if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");

uname = get_kb_item("Host/uname");
if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
if (!egrep(pattern:"Darwin.*", string:uname)) exit(1, "The host does not appear to be using the Darwin sub-system.");


# Gather version info.
info = '';
installs = make_array();

prod = 'Office 2008 for Mac';
plist = "/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist";
cmd =  'cat \'' + plist + '\' | ' +
  'grep -A 1 CFBundleShortVersionString | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string&gt;\\(.*\\)&lt;\\/string&gt;.*/\\1/g\'';
version = exec(cmd:cmd);
if (version && version =~ "^[0-9]+\.")
{
  version = chomp(version);
  if (version !~ "^12\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'.");

  installs[prod] = version;

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i&lt;max_index(ver); i++)
    ver[i] = int(ver[i]);

  fixed_version = '12.1.0';
  fix = split(fixed_version, sep:'.', keep:FALSE);
  for (i=0; i&lt;max_index(fix); i++)
    fix[i] = int(fix[i]);

  for (i=0; i&lt;max_index(fix); i++)
    if ((ver[i] &lt; fix[i]))
    {
      info +=
        '\n  Product           : ' + prod +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fixed_version + '\n';
      break;
    }
    else if (ver[i] &gt; fix[i])
      break;
}

prod = 'Office 2004 for Mac';
cmd = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office");
version = exec(cmd:cmd);
if (version && version =~ "^[0-9]+\.")
{
  version = chomp(version);
  if (version !~ "^11\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'.");

  installs[prod] = version;

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i&lt;max_index(ver); i++)
    ver[i] = int(ver[i]);

  fixed_version = '11.4.2';
  fix = split(fixed_version, sep:'.', keep:FALSE);
  for (i=0; i&lt;max_index(fix); i++)
    fix[i] = int(fix[i]);

  for (i=0; i&lt;max_index(fix); i++)
    if ((ver[i] &lt; fix[i]))
    {
      info +=
        '\n  Product           : ' + prod +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fixed_version + '\n';
      break;
    }
    else if (ver[i] &gt; fix[i])
      break;
}


# Report findings.
if (info)
{
  gs_opt = get_kb_item("global_settings/report_verbosity");
  if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);
  else security_hole(0);

  exit(0);
}
else
{
  if (max_index(keys(installs)) == 0) exit(0, "Office for Mac is not installed.");
  else
  {
    msg = 'The host has ';
    foreach prod (sort(keys(installs)))
      msg += prod + ' ' + installs[prod] + ' and ';
    msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));

    msg += ' installed and thus is not affected.';

    exit(0, msg);
  }
}

JSON Vulners Source

Initial Source

{"id": "MACOSX_MS08-026.NASL", "bulletinFamily": "scanner", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "published": "2010-10-20T00:00:00", "modified": "2018-07-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "reporter": "Tenable", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "type": "nessus", "lastseen": "2018-07-15T03:49:56", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2008::mac"], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 5, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "49a473e3951548419e309f6f013d963f4dfcccc043e8f2132af08007758a2fb4", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "269ea3eb06ea9e68e47418b7f3d65ec4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "e9c830745c456c693cb4b38700224dde", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "046998fc63fdd51b2f7466831c52ec1b", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-10-29T13:38:16", "modified": "2017-08-30T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 23be3c39fa7051a9457fb0b764b786d51978377001101909e25565b8eccacc65d8d0f0237fb0c5e2033334bd63513cb70760cfc8b6ae6b071813fb04f599e305e361f8a3d2fc4844db99bd2a3ea46926e7719df3beba69ba68520b21ed4390d54f33bb7825dc50c78b3e05e477a0a4976c3a858c83befc14acc8a3f5044729d8ed698cf4037f51ebb8420a51beb072985435eae5c1da75fca57ece67153d233c7493e51dc72f5994f72b8bbc30254c1beb8248dd9a4fed7185a96bc50e1dde32f3532377ff272e3f4cefb20f69532b997868ffd884cffd9652cd20a617b29d924ac9b5c14290bd5c5929f3ee98363f2a391e36bb5359c4315c5db6cdb4db6a0980b7e3c61631ce9c8371a97649c72700a8e6e94248e166dcbf25f6cf1464b000d978096ccd2ee97248df6f81f0aed23806811a13063364b1d85494e581e94c70c8b576caaafdbc2666a8038bd467e9c4fda9c6f281b65b9fedb3f39ba1e2575cc8392f142d1581393ffc5df35db34aa88e00923a5d2061bf6c538ce71fc93c9cda96cf40e605d9bf99243f9b648cf1bc438507fcc52446b04cbec9c1bbc36101d460506b7f1a93c384091d74f9946eef55702fc779c327461973bfc862e87ee39a53858490409903cf981e05fde665a0043be6453b1404a316972dcb4a6929ab6b490cba845431fb5422c659384020e862a4548f82b13cd7bd7e3270868f61e7\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/08/30\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2017-10-29T13:38:16"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 2, "hash": "cb051522a78eb3f048069839f9006d0dac4de5132d4e8fdf039d01c4df90fc9c", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "550cacb19f72750bc97a27d689e5d1ec", "key": "sourceData"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "e7c99ea8270f32c4596b63d798cb8592", "key": "modified"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-05-17T02:46:53", "modified": "2017-05-16T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.2", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 6df6659e9893b01153139e73649149d900120ad1d3ef7f6a1575ad064c6a99bbb2fc0970260e9e1d2cf93dfc6bc09f3e7e6531bcf2b0e3d1a0ac339567d933d49aa3892b6324945feddf6c6076cb5d3bbcea91a0c01ab931b50181e85b10519b705d247c582c5af3a3593b31ec3ed66a1ff90de4e5922bf0af85eae726a4dc8496414b1adcf4ff7ccf5a9338f448e1044e26cf2c264631c6cff2d6d7e80e12e85a1bd82832fcb067518d205517188b52e0c331522d00d37f7e18175bcf9d8a007e6240f4dad97f284bf38cd90a0b4c6f345f4b02a20276ceb26d6fa2e38af1108a1a722727ffb558222e1dbec238071beff7d3a5fcf5ca8e83afef7a287c0fbd900f89289c86d0a3c1fc050029345a80c3d3aed5f6eacacb12fc592effaf5dfa91f6d72cdb3e04120749524f354d6ea0bcabc93b86afe78d316947bac53482ce0e4edf7e2cc13835c1ce61018cc50c501fe0cb56cb7d0563da60ab57917ac04f65857c3b00d7ece1e65f8196033b0f8edbba8bc437955822c977489aa89fc9fad7470fc0888f49eb30bacd08c0aaf7a9daad9d71e5caab475a1febf436dba77209288fd35478219d6ed8e4af5faa7a8af6611b0b6f97988e0f78cb09be96e9b22d21c99c830ad447c95f719a32b24d619c15139fb578d3ab01afa264b3d877a45bdeab341eb7eec3fe82e717e0075e5d2fe35da1792192b1301dcc9f85f9cc74\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/05/16\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-05-17T02:46:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 4, "enchantments": {}, "hash": "a93f0abd035865ac19510b17e32a3eda859c71e801cd3cd6d304cb661119e276", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "269ea3eb06ea9e68e47418b7f3d65ec4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "046998fc63fdd51b2f7466831c52ec1b", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-08-31T16:32:38", "modified": "2017-08-30T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 23be3c39fa7051a9457fb0b764b786d51978377001101909e25565b8eccacc65d8d0f0237fb0c5e2033334bd63513cb70760cfc8b6ae6b071813fb04f599e305e361f8a3d2fc4844db99bd2a3ea46926e7719df3beba69ba68520b21ed4390d54f33bb7825dc50c78b3e05e477a0a4976c3a858c83befc14acc8a3f5044729d8ed698cf4037f51ebb8420a51beb072985435eae5c1da75fca57ece67153d233c7493e51dc72f5994f72b8bbc30254c1beb8248dd9a4fed7185a96bc50e1dde32f3532377ff272e3f4cefb20f69532b997868ffd884cffd9652cd20a617b29d924ac9b5c14290bd5c5929f3ee98363f2a391e36bb5359c4315c5db6cdb4db6a0980b7e3c61631ce9c8371a97649c72700a8e6e94248e166dcbf25f6cf1464b000d978096ccd2ee97248df6f81f0aed23806811a13063364b1d85494e581e94c70c8b576caaafdbc2666a8038bd467e9c4fda9c6f281b65b9fedb3f39ba1e2575cc8392f142d1581393ffc5df35db34aa88e00923a5d2061bf6c538ce71fc93c9cda96cf40e605d9bf99243f9b648cf1bc438507fcc52446b04cbec9c1bbc36101d460506b7f1a93c384091d74f9946eef55702fc779c327461973bfc862e87ee39a53858490409903cf981e05fde665a0043be6453b1404a316972dcb4a6929ab6b490cba845431fb5422c659384020e862a4548f82b13cd7bd7e3270868f61e7\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/08/30\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 4, "lastseen": "2017-08-31T16:32:38"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 1, "hash": "1379d8eeece9519ef0fbc47bc0a875335f55e53e3bc11c8d377bcd6966adc4cf", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "6b744f6cc99eb0b6fa467773215c68fb", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "df1405597421559d5f19b318899ba0e7", "key": "sourceData"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2016-09-26T17:24:38", "modified": "2016-04-15T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.2", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 6c892c7c2fb2a819cb5bc6a1ba152b04efc257189e0d204f57ac67569d16f292992cbd38bca6aa8e23785713ffa3cc392c4c28e54a533effc5e4a0cc0b875a9e37699d0a66e2d959caeb57e572d39c3b3296db052abca3bb94c9caa9483c3e4034b563f0863fda3203be304c272cf3ff3b6dfad69c9e055ebd4487085348b3fdc535f272e305c327c13917539163893ccf6f1770ea29504c17a827af9f541a984b033c7fb396d896befee8117925bb12a0ad54296af54f8884d7f10ece4bd74fc79eef0bf99305f51e8af8d472de42c3e6c718200b11ad285c318dd0a0082100ca470c5862acc60636c135d57460f1edfde1fedd94c6cc77ff229f918c0f7e6466a9392bb51028f0d264c07425148465f0cc68d068d3c0843c585c701f51b841ebb36e2f4040f274c0a5d58ef7f7bd8f2cbb41942d63d6234ac6944185280d94a573116e7ab78271f9bf223c494a97bcf810187aa61d9e3d91b281d4751fe2378f6079d446584fd80c3b3b8b5ecea9697146f8f57900dd8c60e3dbba51d0153e8b02f1e25986d6e5cf3cdb67813b66382acd599a25e6800a87612e0a86f4794a26391ae8e61eb7d95613002aa05bdb8a75e1ae75c682b62e500c87ed68bf1713a8d45b0b117a4a37f86089a95dff652ad5a99f17afe748efd24a9c45c8201b750c8d739baa7b1b3800d9b3209f82e7a0d569434a97a894b7aa78dc16ab336f9b\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2016/04/15\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:24:38"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 3, "enchantments": {}, "hash": "bcff2ae94af2f6acafd38dc5c0829f2f8c4894187b6c0371199128fb50033d03", "hashmap": [{"hash": "41f97a76f973ea6187e66d642c92a7cb", "key": "sourceData"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "7de10b7dc12d70dd31267042740597fa", "key": "modified"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-05-30T23:38:16", "modified": "2017-05-30T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.2", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 829d2976a3b00c95b8218b6e907c8fbc7690e684ae8ab9ebce95c87e6791f35c7bfece29a89de617b2103506f6e79affbc45d744f93b2d8cdedfcc7323aec6bf1f827cb337f36e0eefb4087c59babef05122e9bbf0679ab4584cdc869ab3b1f3bba922d31ea6ddd64be42b422630a84552e14367579ffc8abd8cc432fad71eb130ee3747892864f30d1c9da50b3a05ebb1ce2c1f1d6d38d6608e7f7bc1dd2ada54d1b5350d8b4de9000d2e29f5f36567de21a604c0be44ae2b2344ef525cf297e2d573ae12cca148c1a89a986b52e868a4820cff0842da90bdbd00c365ac12bd12d9780d483d2faa8164959b2e507c8078774fbed4bc07bd3b967fcea847d010048bdab34399369d15dd08072bc7f7ad7454aa58fb225b97b44079f82a9c8c979a7a5bf84c690c21e7ff38790202f2f10ff4165732fe093bc477bca96f02fced023a3a7c77a0aa724141cd41065789db4a9e2979ead52925030b7834612fad2d427c9b55bf31de8ee68c9ef13bdfa7db4e9f322af494c3093e018dc84434fc898b6f991e0d0770f1de177861b8771fbfe5b730a7316ed41d2f8a9310dfd9c5609dad5128f0fbe3b443f775a817cef7aec153910f8855b486cfd1471e40045961f95cdacbe99fb730236eff093bfc915e9b3152cb76d72dd9a1a9c66dab49d694bc9741e9a7bcaa63d516ff52585bfd209fc3db4af07010a31829bd431217cfba\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/05/30\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-05-30T23:38:16"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e9c830745c456c693cb4b38700224dde"}, {"key": "cvelist", "hash": "7403285f408717006002a3d2cd176706"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "3f6ff912fa76af72db2d84eb9021bf44"}, {"key": "href", "hash": "c7254bf44914658a561cb4a8c236c018"}, {"key": "modified", "hash": "d7a2f84f623d9565d812c51123462905"}, {"key": "naslFamily", "hash": "9415f91090c2218ae67dd519ff399983"}, {"key": "pluginID", "hash": "922dcfdcc5792cd2364cbcce9b00c96e"}, {"key": "published", "hash": "8e292a3642f2143f19bef9487e315303"}, {"key": "references", "hash": "133c1a2ce714e952acb9396500b09b03"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "65f1a48df7cfad8ca51a3a6b083e6fcd"}, {"key": "title", "hash": "1bd36d0d47f6e1ed6222a48a4588aa5c"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "7d0e656e35a8b5e862f04d28b086a94b7f7ff0d4633ee68f00710b7bd67a0db1", "viewCount": 1, "enchantments": {"vulnersScore": 9.3}, "objectVersion": "1.3", "sourceData": "#TRUSTED 61ba59c4a751a3218c60c92e1cb09d2e25cc025ccf9061ef932f392be428138012afc41d98040f42a3c43c29e19dfc39c29f49ceb33474fd3a40904c2427efd909f202b1d97d77a52b4e5f900c55fe14776a2bb682ad59066923693d6347244d0df7d96a851ac6b803801664420f75c39a90b7c9c320589a812ce4f867813704b196b04cc1dd1e7dd011a06c26273590273a5df31420ccf5a8941da10eac6897ec9aff5d5000bfd86d1e41b4967bb3e5a2246f98811c6970a2bb6e557f0d42ba1b4a06066bd19d2fe71bbf54c72dd967c4c98d6740c5ecd5021da61eb65ed1c172893e7bae049d987087254ff5c837508664d54b95cb17185614c06749231c04c5aefd086a08adf3e616d0d1f444599c4c926d089e9a7ec4b8627b37e6cc6e3024883c6a8e4e2816450a997dcd2b585201f77519f07f79593eb7648056b2223115897a65f767deca679ca430552bbd7492d614421653d44cb51a2841dc40fb4ebf74672ea571054cfb840e91a5bca92c70e1818b007bfeb03f1466f921b93cfa5660031204a52c899eb2a157c1f110fba000f841bd24b64a5e3de8f4d853b429c9a8a56612dfcc7068ef2fa4dfccf64307112dd3c4dbc2d4b732fff57b5bde7bb539f14dd3ebd4270c834004f3db9b362adeca5a54ab4d899f3a5cb0477e085579ed857873ee32eff4963e15545327e8e3cb7b2939afa93314ea47541c5ce6e9\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "naslFamily": "MacOS X Local Security Checks", "pluginID": "50057", "cpe": ["cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2008::mac"]}

{"result": {"cve": [{"id": "CVE-2008-1434", "type": "cve", "title": "CVE-2008-1434", "description": "Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a \"memory handling error\" that triggers memory corruption.", "published": "2008-05-13T18:20:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1434", "cvelist": ["CVE-2008-1434"], "lastseen": "2017-09-29T14:25:49"}, {"id": "CVE-2008-1091", "type": "cve", "title": "CVE-2008-1091", "description": "Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a \"memory calculation error\" and a heap-based buffer overflow, aka \"Object Parsing Vulnerability.\"", "published": "2008-05-13T18:20:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1091", "cvelist": ["CVE-2008-1091"], "lastseen": "2017-09-29T14:25:47"}], "seebug": [{"id": "SSV:3293", "type": "seebug", "title": "Microsoft Word CSS\u5904\u7406\u5185\u5b58\u7834\u574f\u6f0f\u6d1e(MS08-026)", "description": "BUGTRAQ ID: 29105\r\nCVE(CAN) ID: CVE-2008-1434\r\n\r\nMicrosoft Word\u662fOffice\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nWord\u5904\u7406\u7279\u5236DOC\u6587\u6863\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u4e00\u4e2a\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u6253\u5f00\u7684Word\u6587\u4ef6\u4e2dCSS\u9009\u62e9\u5668\u7684\u6570\u91cf\u5927\u4e8e\u7279\u5b9a\u503c\u7684\u8bdd\uff0c\u5c31\u4f1a\u7834\u574f\u67d0\u4e00\u5bf9\u8c61\uff0c\u5bfc\u81f4Word\u8bbf\u95ee\u5df2\u7ecf\u91ca\u653e\u7684\u5185\u5b58\u533a\u57df\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u653b\u51fb\u8005\u53ef\u968f\u540e\u5b89\u88c5\u7a0b\u5e8f\uff1b\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\uff1b\u6216\u8005\u521b\u5efa\u62e5\u6709\u5b8c\u5168\u7528\u6237\u6743\u9650\u7684\u65b0\u5e10\u6237\u3002\r\n\n\nMicrosoft Word Viewer 2003 SP1\r\nMicrosoft Word Viewer 2003\r\nMicrosoft Word 2007 SP1\r\nMicrosoft Word 2007\r\nMicrosoft Word 2003 SP3\r\nMicrosoft Word 2003 SP2\r\nMicrosoft Word 2002 SP3\r\nMicrosoft Word 2000 SP3\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4f7f\u7528Microsoft Office\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u7981\u6b62\u6253\u5f00\u6765\u81ea\u672a\u77e5\u6216\u4e0d\u53ef\u4fe1\u6765\u6e90\u548c\u4f4d\u7f6e\u7684Office 2003\u4ee5\u53ca\u8f83\u65e9\u7248\u672c\u7684\u6587\u6863\uff0c\u4e0b\u5217\u6ce8\u518c\u8868\u811a\u672c\u53ef\u4ee5\u7528\u4e8e\u8bbe\u7f6e\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u3002\r\n \r\n\u5bf9\u4e8eOffice 2003\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Word\\Security\\FileOpenBlock]\r\n\r\n"BinaryFiles"=dword:00000001\r\n\r\n\u5bf9\u4e8eOffice 2007\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Office\\12.0\\Word\\Security\\FileOpenBlock]\r\n\r\n"HTMLFiles"=dword:00000001\r\n\r\n* \u4e0d\u8981\u6253\u5f00\u6216\u4fdd\u5b58\u4ece\u4e0d\u53d7\u4fe1\u4efb\u6765\u6e90\u6216\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u610f\u5916\u6536\u5230\u7684Microsoft Office\u6587\u4ef6\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS08-026\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS08-026\uff1aVulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)\r\n\u94fe\u63a5\uff1a<a href=http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true</a>", "published": "2008-05-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-3293", "cvelist": ["CVE-2008-1434"], "lastseen": "2017-11-19T21:42:47"}, {"id": "SSV:3294", "type": "seebug", "title": "Microsoft Word RTF\u7578\u5f62\u5b57\u7b26\u4e32\u5904\u7406\u5806\u6ea2\u51fa\u6f0f\u6d1e(MS08-026)", "description": "BUGTRAQ ID: 29104\r\nCVE(CAN) ID: CVE-2008-1091\r\n\r\nMicrosoft Word\u662fOffice\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nWord\u5904\u7406\u7279\u5236RTF\u683c\u5f0f\uff08.rtf\uff09\u6587\u4ef6\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u5728Word\u4e2d\u6253\u5f00\u5e26\u6709\u7578\u5f62\u5b57\u7b26\u4e32\u7684\u7279\u5236.rtf\u6587\u4ef6\uff0c\u6216\u5728\u5bcc\u6587\u672c\u7535\u5b50\u90ae\u4ef6\u4e2d\u9884\u89c8\u5e26\u6709\u7578\u5f62\u5b57\u7b26\u4e32\u7684\u7279\u5236.rtf\u6587\u4ef6\uff0c\u5c31\u4f1a\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\n\nMicrosoft Office 2008 for Mac\r\nMicrosoft Office 2004 for Mac\r\nMicrosoft Outlook 2007 SP1\r\nMicrosoft Outlook 2007\r\nMicrosoft Word Viewer 2003 SP1\r\nMicrosoft Word Viewer 2003\r\nMicrosoft Word 2003 SP3\r\nMicrosoft Word 2003 SP2\r\nMicrosoft Word 2002 SP3\r\nMicrosoft Word 2000 SP3\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4f7f\u7528Microsoft Office\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u7981\u6b62\u6253\u5f00\u6765\u81ea\u672a\u77e5\u6216\u4e0d\u53ef\u4fe1\u6765\u6e90\u548c\u4f4d\u7f6e\u7684Office 2003\u4ee5\u53ca\u8f83\u65e9\u7248\u672c\u7684\u6587\u6863\uff0c\u4e0b\u5217\u6ce8\u518c\u8868\u811a\u672c\u53ef\u4ee5\u7528\u4e8e\u8bbe\u7f6e\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u3002\r\n \r\n\u5bf9\u4e8eOffice 2003\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Word\\Security\\FileOpenBlock]\r\n\r\n"BinaryFiles"=dword:00000001\r\n\r\n\u5bf9\u4e8eOffice 2007\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Office\\12.0\\Word\\Security\\FileOpenBlock]\r\n\r\n"HTMLFiles"=dword:00000001\r\n\r\n* \u4e0d\u8981\u6253\u5f00\u6216\u4fdd\u5b58\u4ece\u4e0d\u53d7\u4fe1\u4efb\u6765\u6e90\u6216\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u610f\u5916\u6536\u5230\u7684Microsoft Office\u6587\u4ef6\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS08-026\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS08-026\uff1aVulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)\r\n\u94fe\u63a5\uff1a<a href=http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true</a>", "published": "2008-05-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-3294", "cvelist": ["CVE-2008-1091"], "lastseen": "2017-11-19T21:42:55"}], "nessus": [{"id": "SMB_NT_MS08-026.NASL", "type": "nessus", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)", "description": "The remote host is running a version of Microsoft Word that is subject to a flaw that could allow arbitrary code to be run.\n\nAn attacker may use this to execute arbitrary code on this host.\n\nTo succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in the font parsing handler would result in code execution.", "published": "2008-05-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32310", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "lastseen": "2017-10-29T13:36:40"}], "zdi": [{"id": "ZDI-08-023", "type": "zdi", "title": "Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file.\n\nThe specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.", "published": "2008-05-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-08-023", "cvelist": ["CVE-2008-1091"], "lastseen": "2016-11-09T00:18:02"}]}}

MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)

Description

The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.