{"id": "MACOSX_MS08-026.NASL", "bulletinFamily": "scanner", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "published": "2010-10-20T00:00:00", "modified": "2018-07-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "reporter": "Tenable", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "type": "nessus", "lastseen": "2018-09-01T23:47:08", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2008::mac"], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 5, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "49a473e3951548419e309f6f013d963f4dfcccc043e8f2132af08007758a2fb4", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "269ea3eb06ea9e68e47418b7f3d65ec4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "e9c830745c456c693cb4b38700224dde", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "046998fc63fdd51b2f7466831c52ec1b", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-10-29T13:38:16", "modified": "2017-08-30T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 23be3c39fa7051a9457fb0b764b786d51978377001101909e25565b8eccacc65d8d0f0237fb0c5e2033334bd63513cb70760cfc8b6ae6b071813fb04f599e305e361f8a3d2fc4844db99bd2a3ea46926e7719df3beba69ba68520b21ed4390d54f33bb7825dc50c78b3e05e477a0a4976c3a858c83befc14acc8a3f5044729d8ed698cf4037f51ebb8420a51beb072985435eae5c1da75fca57ece67153d233c7493e51dc72f5994f72b8bbc30254c1beb8248dd9a4fed7185a96bc50e1dde32f3532377ff272e3f4cefb20f69532b997868ffd884cffd9652cd20a617b29d924ac9b5c14290bd5c5929f3ee98363f2a391e36bb5359c4315c5db6cdb4db6a0980b7e3c61631ce9c8371a97649c72700a8e6e94248e166dcbf25f6cf1464b000d978096ccd2ee97248df6f81f0aed23806811a13063364b1d85494e581e94c70c8b576caaafdbc2666a8038bd467e9c4fda9c6f281b65b9fedb3f39ba1e2575cc8392f142d1581393ffc5df35db34aa88e00923a5d2061bf6c538ce71fc93c9cda96cf40e605d9bf99243f9b648cf1bc438507fcc52446b04cbec9c1bbc36101d460506b7f1a93c384091d74f9946eef55702fc779c327461973bfc862e87ee39a53858490409903cf981e05fde665a0043be6453b1404a316972dcb4a6929ab6b490cba845431fb5422c659384020e862a4548f82b13cd7bd7e3270868f61e7\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/08/30\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2017-10-29T13:38:16"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2008::mac"], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 6, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "7d0e656e35a8b5e862f04d28b086a94b7f7ff0d4633ee68f00710b7bd67a0db1", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "e9c830745c456c693cb4b38700224dde", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "65f1a48df7cfad8ca51a3a6b083e6fcd", "key": "sourceData"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2018-07-15T03:49:56", "modified": "2018-07-14T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 61ba59c4a751a3218c60c92e1cb09d2e25cc025ccf9061ef932f392be428138012afc41d98040f42a3c43c29e19dfc39c29f49ceb33474fd3a40904c2427efd909f202b1d97d77a52b4e5f900c55fe14776a2bb682ad59066923693d6347244d0df7d96a851ac6b803801664420f75c39a90b7c9c320589a812ce4f867813704b196b04cc1dd1e7dd011a06c26273590273a5df31420ccf5a8941da10eac6897ec9aff5d5000bfd86d1e41b4967bb3e5a2246f98811c6970a2bb6e557f0d42ba1b4a06066bd19d2fe71bbf54c72dd967c4c98d6740c5ecd5021da61eb65ed1c172893e7bae049d987087254ff5c837508664d54b95cb17185614c06749231c04c5aefd086a08adf3e616d0d1f444599c4c926d089e9a7ec4b8627b37e6cc6e3024883c6a8e4e2816450a997dcd2b585201f77519f07f79593eb7648056b2223115897a65f767deca679ca430552bbd7492d614421653d44cb51a2841dc40fb4ebf74672ea571054cfb840e91a5bca92c70e1818b007bfeb03f1466f921b93cfa5660031204a52c899eb2a157c1f110fba000f841bd24b64a5e3de8f4d853b429c9a8a56612dfcc7068ef2fa4dfccf64307112dd3c4dbc2d4b732fff57b5bde7bb539f14dd3ebd4270c834004f3db9b362adeca5a54ab4d899f3a5cb0477e085579ed857873ee32eff4963e15545327e8e3cb7b2939afa93314ea47541c5ce6e9\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-07-15T03:49:56"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 2, "hash": "cb051522a78eb3f048069839f9006d0dac4de5132d4e8fdf039d01c4df90fc9c", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "550cacb19f72750bc97a27d689e5d1ec", "key": "sourceData"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "e7c99ea8270f32c4596b63d798cb8592", "key": "modified"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-05-17T02:46:53", "modified": "2017-05-16T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.2", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 6df6659e9893b01153139e73649149d900120ad1d3ef7f6a1575ad064c6a99bbb2fc0970260e9e1d2cf93dfc6bc09f3e7e6531bcf2b0e3d1a0ac339567d933d49aa3892b6324945feddf6c6076cb5d3bbcea91a0c01ab931b50181e85b10519b705d247c582c5af3a3593b31ec3ed66a1ff90de4e5922bf0af85eae726a4dc8496414b1adcf4ff7ccf5a9338f448e1044e26cf2c264631c6cff2d6d7e80e12e85a1bd82832fcb067518d205517188b52e0c331522d00d37f7e18175bcf9d8a007e6240f4dad97f284bf38cd90a0b4c6f345f4b02a20276ceb26d6fa2e38af1108a1a722727ffb558222e1dbec238071beff7d3a5fcf5ca8e83afef7a287c0fbd900f89289c86d0a3c1fc050029345a80c3d3aed5f6eacacb12fc592effaf5dfa91f6d72cdb3e04120749524f354d6ea0bcabc93b86afe78d316947bac53482ce0e4edf7e2cc13835c1ce61018cc50c501fe0cb56cb7d0563da60ab57917ac04f65857c3b00d7ece1e65f8196033b0f8edbba8bc437955822c977489aa89fc9fad7470fc0888f49eb30bacd08c0aaf7a9daad9d71e5caab475a1febf436dba77209288fd35478219d6ed8e4af5faa7a8af6611b0b6f97988e0f78cb09be96e9b22d21c99c830ad447c95f719a32b24d619c15139fb578d3ab01afa264b3d877a45bdeab341eb7eec3fe82e717e0075e5d2fe35da1792192b1301dcc9f85f9cc74\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/05/16\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-05-17T02:46:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 4, "enchantments": {}, "hash": "a93f0abd035865ac19510b17e32a3eda859c71e801cd3cd6d304cb661119e276", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "269ea3eb06ea9e68e47418b7f3d65ec4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "046998fc63fdd51b2f7466831c52ec1b", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-08-31T16:32:38", "modified": "2017-08-30T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 23be3c39fa7051a9457fb0b764b786d51978377001101909e25565b8eccacc65d8d0f0237fb0c5e2033334bd63513cb70760cfc8b6ae6b071813fb04f599e305e361f8a3d2fc4844db99bd2a3ea46926e7719df3beba69ba68520b21ed4390d54f33bb7825dc50c78b3e05e477a0a4976c3a858c83befc14acc8a3f5044729d8ed698cf4037f51ebb8420a51beb072985435eae5c1da75fca57ece67153d233c7493e51dc72f5994f72b8bbc30254c1beb8248dd9a4fed7185a96bc50e1dde32f3532377ff272e3f4cefb20f69532b997868ffd884cffd9652cd20a617b29d924ac9b5c14290bd5c5929f3ee98363f2a391e36bb5359c4315c5db6cdb4db6a0980b7e3c61631ce9c8371a97649c72700a8e6e94248e166dcbf25f6cf1464b000d978096ccd2ee97248df6f81f0aed23806811a13063364b1d85494e581e94c70c8b576caaafdbc2666a8038bd467e9c4fda9c6f281b65b9fedb3f39ba1e2575cc8392f142d1581393ffc5df35db34aa88e00923a5d2061bf6c538ce71fc93c9cda96cf40e605d9bf99243f9b648cf1bc438507fcc52446b04cbec9c1bbc36101d460506b7f1a93c384091d74f9946eef55702fc779c327461973bfc862e87ee39a53858490409903cf981e05fde665a0043be6453b1404a316972dcb4a6929ab6b490cba845431fb5422c659384020e862a4548f82b13cd7bd7e3270868f61e7\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/08/30\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 4, "lastseen": "2017-08-31T16:32:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2008::mac"], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 7, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "74d9ac8d9537579a74653cf6315895ad51f457f766c7eab1c359b8a6a5573553", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e9c830745c456c693cb4b38700224dde", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "65f1a48df7cfad8ca51a3a6b083e6fcd", "key": "sourceData"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2018-08-30T19:40:50", "modified": "2018-07-14T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.3", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 61ba59c4a751a3218c60c92e1cb09d2e25cc025ccf9061ef932f392be428138012afc41d98040f42a3c43c29e19dfc39c29f49ceb33474fd3a40904c2427efd909f202b1d97d77a52b4e5f900c55fe14776a2bb682ad59066923693d6347244d0df7d96a851ac6b803801664420f75c39a90b7c9c320589a812ce4f867813704b196b04cc1dd1e7dd011a06c26273590273a5df31420ccf5a8941da10eac6897ec9aff5d5000bfd86d1e41b4967bb3e5a2246f98811c6970a2bb6e557f0d42ba1b4a06066bd19d2fe71bbf54c72dd967c4c98d6740c5ecd5021da61eb65ed1c172893e7bae049d987087254ff5c837508664d54b95cb17185614c06749231c04c5aefd086a08adf3e616d0d1f444599c4c926d089e9a7ec4b8627b37e6cc6e3024883c6a8e4e2816450a997dcd2b585201f77519f07f79593eb7648056b2223115897a65f767deca679ca430552bbd7492d614421653d44cb51a2841dc40fb4ebf74672ea571054cfb840e91a5bca92c70e1818b007bfeb03f1466f921b93cfa5660031204a52c899eb2a157c1f110fba000f841bd24b64a5e3de8f4d853b429c9a8a56612dfcc7068ef2fa4dfccf64307112dd3c4dbc2d4b732fff57b5bde7bb539f14dd3ebd4270c834004f3db9b362adeca5a54ab4d899f3a5cb0477e085579ed857873ee32eff4963e15545327e8e3cb7b2939afa93314ea47541c5ce6e9\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2018-08-30T19:40:50"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 1, "hash": "1379d8eeece9519ef0fbc47bc0a875335f55e53e3bc11c8d377bcd6966adc4cf", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "6b744f6cc99eb0b6fa467773215c68fb", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "df1405597421559d5f19b318899ba0e7", "key": "sourceData"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2016-09-26T17:24:38", "modified": "2016-04-15T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.2", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 6c892c7c2fb2a819cb5bc6a1ba152b04efc257189e0d204f57ac67569d16f292992cbd38bca6aa8e23785713ffa3cc392c4c28e54a533effc5e4a0cc0b875a9e37699d0a66e2d959caeb57e572d39c3b3296db052abca3bb94c9caa9483c3e4034b563f0863fda3203be304c272cf3ff3b6dfad69c9e055ebd4487085348b3fdc535f272e305c327c13917539163893ccf6f1770ea29504c17a827af9f541a984b033c7fb396d896befee8117925bb12a0ad54296af54f8884d7f10ece4bd74fc79eef0bf99305f51e8af8d472de42c3e6c718200b11ad285c318dd0a0082100ca470c5862acc60636c135d57460f1edfde1fedd94c6cc77ff229f918c0f7e6466a9392bb51028f0d264c07425148465f0cc68d068d3c0843c585c701f51b841ebb36e2f4040f274c0a5d58ef7f7bd8f2cbb41942d63d6234ac6944185280d94a573116e7ab78271f9bf223c494a97bcf810187aa61d9e3d91b281d4751fe2378f6079d446584fd80c3b3b8b5ecea9697146f8f57900dd8c60e3dbba51d0153e8b02f1e25986d6e5cf3cdb67813b66382acd599a25e6800a87612e0a86f4794a26391ae8e61eb7d95613002aa05bdb8a75e1ae75c682b62e500c87ed68bf1713a8d45b0b117a4a37f86089a95dff652ad5a99f17afe748efd24a9c45c8201b750c8d739baa7b1b3800d9b3209f82e7a0d569434a97a894b7aa78dc16ab336f9b\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2016/04/15\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:24:38"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote Mac OS X host is running a version of Microsoft Office that is affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Word file, these issues could be leveraged to execute arbitrary code subject to the user's privileges.", "edition": 3, "enchantments": {}, "hash": "bcff2ae94af2f6acafd38dc5c0829f2f8c4894187b6c0371199128fb50033d03", "hashmap": [{"hash": "41f97a76f973ea6187e66d642c92a7cb", "key": "sourceData"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8e292a3642f2143f19bef9487e315303", "key": "published"}, {"hash": "3f6ff912fa76af72db2d84eb9021bf44", "key": "description"}, {"hash": "922dcfdcc5792cd2364cbcce9b00c96e", "key": "pluginID"}, {"hash": "7403285f408717006002a3d2cd176706", "key": "cvelist"}, {"hash": "133c1a2ce714e952acb9396500b09b03", "key": "references"}, {"hash": "7de10b7dc12d70dd31267042740597fa", "key": "modified"}, {"hash": "c7254bf44914658a561cb4a8c236c018", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1bd36d0d47f6e1ed6222a48a4588aa5c", "key": "title"}, {"hash": "9415f91090c2218ae67dd519ff399983", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=50057", "id": "MACOSX_MS08-026.NASL", "lastseen": "2017-05-30T23:38:16", "modified": "2017-05-30T00:00:00", "naslFamily": "MacOS X Local Security Checks", "objectVersion": "1.2", "pluginID": "50057", "published": "2010-10-20T00:00:00", "references": ["http://technet.microsoft.com/en-us/security/bulletin/ms08-026"], "reporter": "Tenable", "sourceData": "#TRUSTED 829d2976a3b00c95b8218b6e907c8fbc7690e684ae8ab9ebce95c87e6791f35c7bfece29a89de617b2103506f6e79affbc45d744f93b2d8cdedfcc7323aec6bf1f827cb337f36e0eefb4087c59babef05122e9bbf0679ab4584cdc869ab3b1f3bba922d31ea6ddd64be42b422630a84552e14367579ffc8abd8cc432fad71eb130ee3747892864f30d1c9da50b3a05ebb1ce2c1f1d6d38d6608e7f7bc1dd2ada54d1b5350d8b4de9000d2e29f5f36567de21a604c0be44ae2b2344ef525cf297e2d573ae12cca148c1a89a986b52e868a4820cff0842da90bdbd00c365ac12bd12d9780d483d2faa8164959b2e507c8078774fbed4bc07bd3b967fcea847d010048bdab34399369d15dd08072bc7f7ad7454aa58fb225b97b44079f82a9c8c979a7a5bf84c690c21e7ff38790202f2f10ff4165732fe093bc477bca96f02fced023a3a7c77a0aa724141cd41065789db4a9e2979ead52925030b7834612fad2d427c9b55bf31de8ee68c9ef13bdfa7db4e9f322af494c3093e018dc84434fc898b6f991e0d0770f1de177861b8771fbfe5b730a7316ed41d2f8a9310dfd9c5609dad5128f0fbe3b443f775a817cef7aec153910f8855b486cfd1471e40045961f95cdacbe99fb730236eff093bfc915e9b3152cb76d72dd9a1a9c66dab49d694bc9741e9a7bcaa63d516ff52585bfd209fc3db4af07010a31829bd431217cfba\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2017/05/30\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_osvdb_id(45031, 45032);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-05-30T23:38:16"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e9c830745c456c693cb4b38700224dde"}, {"key": "cvelist", "hash": "7403285f408717006002a3d2cd176706"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "3f6ff912fa76af72db2d84eb9021bf44"}, {"key": "href", "hash": "c7254bf44914658a561cb4a8c236c018"}, {"key": "modified", "hash": "d7a2f84f623d9565d812c51123462905"}, {"key": "naslFamily", "hash": "9415f91090c2218ae67dd519ff399983"}, {"key": "pluginID", "hash": "922dcfdcc5792cd2364cbcce9b00c96e"}, {"key": "published", "hash": "8e292a3642f2143f19bef9487e315303"}, {"key": "references", "hash": "133c1a2ce714e952acb9396500b09b03"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "65f1a48df7cfad8ca51a3a6b083e6fcd"}, {"key": "title", "hash": "1bd36d0d47f6e1ed6222a48a4588aa5c"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "7d0e656e35a8b5e862f04d28b086a94b7f7ff0d4633ee68f00710b7bd67a0db1", "viewCount": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "sourceData": "#TRUSTED 61ba59c4a751a3218c60c92e1cb09d2e25cc025ccf9061ef932f392be428138012afc41d98040f42a3c43c29e19dfc39c29f49ceb33474fd3a40904c2427efd909f202b1d97d77a52b4e5f900c55fe14776a2bb682ad59066923693d6347244d0df7d96a851ac6b803801664420f75c39a90b7c9c320589a812ce4f867813704b196b04cc1dd1e7dd011a06c26273590273a5df31420ccf5a8941da10eac6897ec9aff5d5000bfd86d1e41b4967bb3e5a2246f98811c6970a2bb6e557f0d42ba1b4a06066bd19d2fe71bbf54c72dd967c4c98d6740c5ecd5021da61eb65ed1c172893e7bae049d987087254ff5c837508664d54b95cb17185614c06749231c04c5aefd086a08adf3e616d0d1f444599c4c926d089e9a7ec4b8627b37e6cc6e3024883c6a8e4e2816450a997dcd2b585201f77519f07f79593eb7648056b2223115897a65f767deca679ca430552bbd7492d614421653d44cb51a2841dc40fb4ebf74672ea571054cfb840e91a5bca92c70e1818b007bfeb03f1466f921b93cfa5660031204a52c899eb2a157c1f110fba000f841bd24b64a5e3de8f4d853b429c9a8a56612dfcc7068ef2fa4dfccf64307112dd3c4dbc2d4b732fff57b5bde7bb539f14dd3ebd4270c834004f3db9b362adeca5a54ab4d899f3a5cb0477e085579ed857873ee32eff4963e15545327e8e3cb7b2939afa93314ea47541c5ce6e9\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50057);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\"CVE-2008-1091\", \"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"952331\");\n script_xref(name:\"MSKB\", value:\"952332\");\n script_xref(name:\"MSKB\", value:\"951207\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host is running a version of Microsoft Office that\nis affected by several vulnerabilities.\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Word file, these issues could be leveraged to\nexecute arbitrary code subject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2004 for Mac and\nOffice 2008 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2004::mac\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2008::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nfunction exec(cmd)\n{\n local_var buf, ret;\n\n if (islocalhost())\n buf = pread(cmd:\"/bin/bash\", argv:make_list(\"bash\", \"-c\", cmd));\n else\n {\n ret = ssh_open_connection();\n if (!ret) exit(1, \"ssh_open_connection() failed.\");\n buf = ssh_cmd(cmd:cmd);\n ssh_close_connection();\n }\n return buf;\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif (!packages) exit(1, \"The 'Host/MacOSX/packages' KB item is missing.\");\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\nif (!egrep(pattern:\"Darwin.*\", string:uname)) exit(1, \"The host does not appear to be using the Darwin sub-system.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office 2008 for Mac';\nplist = \"/Applications/Microsoft Office 2008/Office/MicrosoftComponentPlugin.framework/Versions/12/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^12\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '12.1.0';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\nprod = 'Office 2004 for Mac';\ncmd = GetCarbonVersionCmd(file:\"Microsoft Component Plugin\", path:\"/Applications/Microsoft Office 2004/Office\");\nversion = exec(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^11\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '11.4.2';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n gs_opt = get_kb_item(\"global_settings/report_verbosity\");\n if (gs_opt && gs_opt != 'Quiet') security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "naslFamily": "MacOS X Local Security Checks", "pluginID": "50057", "cpe": ["cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2008::mac"]}

{"cve": [{"lastseen": "2018-10-13T11:34:03", "references": ["http://www.vupen.com/english/advisories/2008/1504/references", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026", "http://www.securitytracker.com/id?1020014", "http://www.securityfocus.com/bid/29105", "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700", "http://marc.info/?l=bugtraq&m=121129490723574&w=2", "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"], "description": "Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a \"memory handling error\" that triggers memory corruption.", "edition": 3, "reporter": "NVD", "published": "2008-05-13T18:20:00", "title": "CVE-2008-1434", "type": "cve", "enchantments": {"score": {"modified": "2018-10-13T11:34:03", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:5012", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5012"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-1434"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:5012", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5012"}], "modified": "2018-10-12T17:45:20", "cpe": ["cpe:/a:microsoft:office:2007_sp1", "cpe:/a:microsoft:office:2000:sp3", "cpe:/a:microsoft:word_viewer:2003::sp3", "cpe:/a:microsoft:office:2003:sp3", "cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007", "cpe:/a:microsoft:office:2007", "cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:::sp1", "cpe:/a:microsoft:office:xp:sp3", "cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2003:sp2", "cpe:/a:microsoft:word_viewer:2003", "cpe:/a:microsoft:office:2008::mac"], "id": "CVE-2008-1434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1434", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-13T11:34:03", "references": ["http://www.vupen.com/english/advisories/2008/1504/references", "http://www.kb.cert.org/vuls/id/543907", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-026", "http://www.securityfocus.com/archive/1/492020/100/0/threaded", "http://www.securitytracker.com/id?1020013", "http://marc.info/?l=bugtraq&m=121129490723574&w=2", "http://www.securityfocus.com/bid/29104", "http://www.zerodayinitiative.com/advisories/ZDI-08-023", "http://www.us-cert.gov/cas/techalerts/TA08-134A.html"], "description": "Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a \"memory calculation error\" and a heap-based buffer overflow, aka \"Object Parsing Vulnerability.\"", "edition": 4, "reporter": "NVD", "published": "2008-05-13T18:20:00", "title": "CVE-2008-1091", "type": "cve", "enchantments": {"score": {"modified": "2018-10-13T11:34:03", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:5494", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5494"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-1091"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:5494", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5494"}], "modified": "2018-10-12T17:45:18", "cpe": ["cpe:/a:microsoft:office:2007_sp1", "cpe:/a:microsoft:office:2000:sp3", "cpe:/a:microsoft:word_viewer:2003::sp3", "cpe:/a:microsoft:office:2003:sp3", "cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007", "cpe:/a:microsoft:office:2007", "cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007:::sp1", "cpe:/a:microsoft:office:xp:sp3", "cpe:/a:microsoft:office:2004::mac", "cpe:/a:microsoft:office:2003:sp2", "cpe:/a:microsoft:word_viewer:2003", "cpe:/a:microsoft:office:2008::mac"], "id": "CVE-2008-1091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1091", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:41:54", "references": ["https://technet.microsoft.com/library/security/ms08-026"], "pluginID": "32310", "description": "The remote host is running a version of Microsoft Word that is subject to a flaw that could allow arbitrary code to be run.\n\nAn attacker may use this to execute arbitrary code on this host.\n\nTo succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in the font parsing handler would result in code execution.", "edition": 7, "reporter": "Tenable", "published": "2008-05-13T00:00:00", "title": "MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/a:microsoft:word", "cpe:/a:microsoft:word_viewer", "cpe:/a:microsoft:outlook", "cpe:/a:microsoft:office", "cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS08-026.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32310", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32310);\n script_version(\"1.34\");\n script_cvs_date(\"Date: 2018/07/27 18:38:16\");\n\n script_cve_id(\"CVE-2008-1091\",\"CVE-2008-1434\");\n script_bugtraq_id(29104, 29105);\n script_xref(name:\"CERT\", value:\"543907\");\n script_xref(name:\"MSFT\", value:\"MS08-026\");\n script_xref(name:\"MSKB\", value:\"950113\");\n script_xref(name:\"MSKB\", value:\"950241\");\n script_xref(name:\"MSKB\", value:\"950243\");\n script_xref(name:\"MSKB\", value:\"950250\");\n script_xref(name:\"MSKB\", value:\"950625\");\n\n script_name(english:\"MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)\");\n script_summary(english:\"Determines the version of WinWord.exe\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host through Microsoft\nWord.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Microsoft Word that is subject\nto a flaw that could allow arbitrary code to be run.\n\nAn attacker may use this to execute arbitrary code on this host.\n\nTo succeed, the attacker would have to send a rogue file to a user of\nthe remote computer and have it open it. Then a bug in the font parsing\nhandler would result in code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/ms08-026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Word 2000, XP, 2003 and\n2007.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(94, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:outlook\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_nt_ms02-031.nasl\", \"office_installed.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS08-026';\nkbs = make_list(\"950113\", \"950241\", \"950243\", \"950250\", \"950625\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nport = get_kb_item(\"SMB/transport\");\n\n\n\n#\n# Word\n#\nvuln = 0;\nlist = get_kb_list(\"SMB/Office/Word/*/ProductPath\");\nif (!isnull(list))\n{\n foreach item (keys(list))\n {\n v = item - 'SMB/Office/Word/' - '/ProductPath';\n if(ereg(pattern:\"^9\\..*\", string:v))\n {\n # Word 2000 - fixed in 9.0.0.8970\n office_sp = get_kb_item(\"SMB/Office/2000/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n sub = ereg_replace(pattern:\"^9\\.00?\\.00?\\.([0-9]*)$\", string:v, replace:\"\\1\");\n if(sub != v && int(sub) < 8970 ) {\n vuln++;\n kb = '950250';\n hotfix_add_report(bulletin:bulletin, kb:kb);\n }\n }\n }\n else if(ereg(pattern:\"^10\\..*\", string:v))\n {\n # Word XP - fixed in 10.0.6843.0\n office_sp = get_kb_item(\"SMB/Office/XP/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n middle = ereg_replace(pattern:\"^10\\.0\\.([0-9]*)\\.[0-9]*$\", string:v, replace:\"\\1\");\n if(middle != v && int(middle) < 6843) {\n vuln++;\n kb = '950243';\n hotfix_add_report(bulletin:bulletin, kb:kb);\n }\n }\n }\n else if(ereg(pattern:\"^11\\..*\", string:v))\n {\n # Word 2003 - fixed in 11.0.8215.0 (SP3)\n office_sp = get_kb_item(\"SMB/Office/2003/SP\");\n if (!isnull(office_sp) && (office_sp == 2 || office_sp == 3))\n {\n middle = ereg_replace(pattern:\"^11\\.0\\.([0-9]*)\\.[0-9]*$\", string:v, replace:\"\\1\");\n if(middle != v && int(middle) < 8215) {\n vuln++;\n kb = '950241';\n hotfix_add_report(bulletin:bulletin, kb:kb);\n }\n }\n }\n else if(ereg(pattern:\"^12\\..*\", string:v))\n {\n # Word 2007 - fixed in 12.0.6308.500\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && (office_sp == 0 || office_sp == 1))\n {\n middle = ereg_replace(pattern:\"^12\\.0\\.([0-9]*)\\.[0-9]*$\", string:v, replace:\"\\1\");\n if(middle != v && int(middle) < 6308) {\n vuln++;\n kb = '950113';\n hotfix_add_report(bulletin:bulletin, kb:kb);\n }\n }\n }\n }\n}\n\n#\n# Word Viewer\n#\nlist = get_kb_list(\"SMB/Office/WordViewer/*/ProductPath\");\nif (!isnull(list))\n{\n foreach item (keys(list))\n {\n v = item - 'SMB/Office/WordViewer/' - '/ProductPath';\n # Word Viewer 2003 - fixed in 11.0.8169.0 (SP3)\n middle = ereg_replace(pattern:\"^11\\.0\\.([0-9]*)\\.[0-9]*$\", string:v, replace:\"\\1\");\n if(middle != v && int(middle) < 8169) {\n vuln++;\n kb = '950625';\n hotfix_add_report(bulletin:bulletin, kb:kb);\n }\n }\n}\nif (vuln)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "references": [], "description": "Microsoft Security Bulletin MS08-026 \u2013 Critical\r\nVulnerabilities in Microsoft Word Could Allow Remote Code Execution &#40;951207&#41;\r\nPublished: May 13, 2008\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nThis security update is rated Critical for supported editions of Microsoft Word 2000 and Microsoft Outlook 2007 and rated Important for supported editions of Microsoft Word 2002; Microsoft Word 2003; Microsoft Word Viewer 2003 and Microsoft Word Viewer 2003 Service Pack 3; Microsoft Word 2007; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; and Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThis security update addresses the vulnerability by modifying the way that Microsoft Word handles specially crafted Word files. For more information about the vulnerabilities, see the Frequently Asked Questions &#40;FAQ&#41; subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nNote This update includes additional security mitigations against public attacks using Microsoft Word to exploit vulnerabilities in Microsoft Jet Database Engine first described in Microsoft Security Advisory 950627. In addition to installing this update, we recommend that customers install the update provided in Microsoft Security Bulletin MS08-028: Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution &#40;950749&#41; for the most up to date protection against these types of attacks.\r\n\r\nRecommendation. Microsoft recommends that customers apply the update immediately.\r\n\r\nKnown Issues. None\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software\r\nOffice Suite and Other Software\tComponent\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by this Update\r\nMicrosoft Office Suites and Components\t \t \t \t \r\n\r\nMicrosoft Office 2000 Service Pack 3\r\n\t\r\n\r\nMicrosoft Word 2000 Service Pack 3\r\n&#40;KB950250&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS08-009\r\n\r\nMicrosoft Office XP Service Pack 3\r\n\t\r\n\r\nMicrosoft Word 2002 Service Pack 3\r\n&#40;KB950243&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS08-009\r\n\r\nMicrosoft Office 2003 Service Pack 2\r\n\t\r\n\r\nMicrosoft Word 2003 Service Pack 2\r\n&#40;KB950241&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS08-009\r\n\r\nMicrosoft Office 2003 Service Pack 3\r\n\t\r\n\r\nMicrosoft Word 2003 Service Pack 3\r\n&#40;KB950241&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS08-009\r\n\r\n2007 Microsoft Office System\r\n\t\r\n\r\nMicrosoft Word 2007\r\n&#40;KB950113&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\n\t\r\n\r\nMicrosoft Outlook 2007\r\n&#40;KB950113&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\n2007 Microsoft Office System Service Pack 1\r\n\t\r\n\r\nMicrosoft Word 2007 Service Pack 1\r\n&#40;KB950113&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\n\t\r\n\r\nMicrosoft Outlook 2007 Service Pack 1\r\n&#40;KB950113&#41;\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\nOther Office Software\t \t \t \t \r\n\r\nMicrosoft Word Viewer 2003\r\n&#40;KB950625&#41;\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS08-009\r\n\r\nMicrosoft Word Viewer 2003 Service Pack 3\r\n&#40;KB950625&#41;\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS07-024\r\n\r\nMicrosoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats\r\n&#40;KB951808&#41;\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nMicrosoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1\r\n&#40;KB951808&#41;\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\nMicrosoft Office for Mac\t \t \t \t \r\n\r\nMicrosoft Office 2004 for Mac\r\n&#40;KB952332&#41;\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS08-014\r\n\r\nMicrosoft Office 2008 for Mac\r\n&#40;KB952331&#41;\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS08-014\r\n\r\nNon-Affected Software\r\nOffice and Other Software\r\n\r\nMicrosoft Works 8.0\r\n\r\nMicrosoft Works 8.5\r\n\r\nMicrosoft Works 9.0\r\n\r\nMicrosoft Works Suite 2005\r\n\r\nMicrosoft Works Suite 2006\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions &#40;FAQ&#41; Related to This Security Update\r\n\r\nThe Office component discussed in this article is part of the Office Suite that I have installed on my system; however, I did not choose to install this specific component. Will I be offered this update? \r\nYes, if the version of the Office Suite installed on your system shipped with the component discussed in this bulletin, the system will be offered updates for it whether the component is installed or not. The detection logic used to scan for affected systems is designed to check for updates for all components that shipped with the particular Office Suite and offer the updates to a system. Users who choose not to apply an update for a component that is not installed, but is included in the version of the Office Suite, will not increase the security risk of that system. However, users who do choose to install the update will not have a negative impact on the security or performance of a system. For more information on this issue, please see Microsoft Knowledge Base Article 830335.\r\n\r\nWhere are the file information details? \r\nThe file information details can be found in Microsoft Knowledge Base Article 951207.\r\n\r\nWhy does this update address several reported security vulnerabilities? \r\nThis update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files. Instead of having to install several updates that are almost the same, customers need to install this update only.\r\n\r\nDoes this update contain any security-related changes to functionality? \r\nYes. In addition to the changes that are listed in the &quot;Vulnerability Details&quot; section of this bulletin, this update includes logic enhancements to security warnings that mitigate Word as an attack vector used to exploit vulnerabilities in Microsoft Jet Database Engine first described in Microsoft Security Advisory 950627. Prior to this update, Word was vulnerable to attacks when opening a specially crafted Word document containing a malicious Jet database file. After applying this update, Word will prompt a user for confirmation before running SQL commands or queries when opening Word documents. In addition to installing this update, we highly recommend that customers install the update provided in Microsoft Security Bulletin MS08-028: Vulnerabilities in Microsoft Jet Database Engine Could Allow Remote Code Execution &#40;950749&#41; for the most up-to-date protection against these types of attacks.\r\n\r\nThis is a Microsoft Word update. Why are Microsoft Outlook 2007 and Microsoft Outlook 2007 Service Pack 1 referenced in the Affected Software table? \r\nThe files that are updated to address the vulnerabilities documented in this bulletin are core files to Microsoft Word. For Microsoft Word 2007 and Microsoft Word 2007 Service Pack 1, some of these core files are shared with Microsoft Outlook 2007 and Microsoft Outlook 2007 Service Pack 1, and provide functionality, such as editing, to Outlook. Therefore, Outlook 2007 and Outlook 2007 Service Pack 1 need to be updated as well, and Word 2007 and Word 2007 Service Pack 1 and Outlook 2007 and Outlook 2007 Service Pack 1 are serviced by the same package.\r\n\r\nUsers with only Outlook 2007 or Outlook 2007 Service Pack 1 installed will still need to apply this Word update to their systems. Users with Outlook 2007 or Outlook 2007 Service Pack 1 that also have Word 2007 or Word 2007 Service Pack 1 installed will also need to apply this update but they will only need to install it once. For more information on this issue, please see Microsoft Knowledge Base Article 949370.\r\n\r\nI use Microsoft Office 2003 Service Pack 2. Are any additional security features included in this update? \r\nYes, as part of the servicing model for Microsoft Office 2003, when users of Microsoft Office 2003 Service Pack 2 install this update, their systems will be upgraded to security functionality that was initially released with Microsoft Office 2003 Service Pack 3. All updates released after January 1, 2008 for Microsoft Office 2003 Service Pack 2 will include these security features, which were introduced in Microsoft Office 2003 Service Pack 3. We have thoroughly tested this update, but as with all updates, we recommend that users perform testing appropriate to the environment and configuration of their systems. For more information on this issue, please see Microsoft Knowledge Base Article 951646.\r\n\r\nWhy is this update rated Critical for Word 2000 but only rated Important for all other affected versions of Word? \r\nUsers who are running Word 2002 and later have a built-in feature that will prompt a user to Open, Save, or Cancel before opening a document. This mitigating factor reduces the vulnerability from Critical to Important because the vulnerability requires more than a single user action to complete the exploit.\r\n\r\nI am using an older release of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. To determine the support life cycle for your software release, visit Microsoft Support Lifecycle.\r\n\r\nIt should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit Microsoft Support Lifecycle. For more information about the extended security update support period for these software versions or editions, visit Microsoft Product Support Services.\r\n\r\nCustomers who require custom support for older releases must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit Microsoft Worldwide Information, select the country, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Windows Operating System Product Support Lifecycle FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\nAffected Software\tObject Parsing Vulnerability - CVE-2008-1091\tWord Cascading Style Sheet &#40;CSS&#41; Vulnerability - CVE-2008-1434\tAggregate Severity Rating\r\n\r\nMicrosoft Word 2000 Service Pack 3\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nMicrosoft Word 2002 Service Pack 3\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Word 2003 Service Pack 2 and Microsoft Word 2003 Service Pack 3\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Word Viewer 2003 and Microsoft Word Viewer 2003 Service Pack 3\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Word 2007 and Microsoft Word 2007 Service Pack 1\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Outlook 2007 and Microsoft Outlook 2007 Service Pack 1\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nMicrosoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Office 2004 for Mac\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Office 2008 for Mac\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nTop of sectionTop of section\r\n\t\r\nObject Parsing Vulnerability - CVE-2008-1091\r\n\r\nA remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format &#40;.rtf&#41; files. The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-1091.\r\n\t\r\nMitigating Factors for Object Parsing Vulnerability - CVE-2008-1091\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker&#39;s Web site.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nUsers who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document. The features of the Office Document Open Confirmation Tool are incorporated in Office XP and later editions of Office.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Object Parsing Vulnerability - CVE-2008-1091\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality.\r\n\u2022\t\r\n\r\nUse Microsoft Office File Block policy to prevent the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.\r\n\r\nThe following registry scripts can be used to set the File Block policy.\r\n\r\nNote Modifying the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from incorrect modification of the Registry can be solved. Modify the Registry at your own risk.\r\n\r\nFor Office 2003\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Microsoft&#92;Office&#92;11.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;RTFFiles&quot;=dword:00000001\r\n\r\nNote In order to use &#39;FileOpenBlock&#39; with Office 2003, all of the latest Office 2003 security updates as of May 2007 must be applied.\r\n\r\nImpact of Workaround: Users who have configured the File Block policy and have not configured a special \u201cexempt directory\u201d as discussed in Microsoft Knowledge Base Article 922848 will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System.\r\n\r\nHow to undo the workaround:\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Microsoft&#92;Office&#92;11.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;RTFFiles&quot;=dword:00000000\r\n\r\nFor Office 2007\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Policies&#92;Microsoft&#92;Office&#92;12.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;RTFFiles&quot;=dword:00000001\r\n\r\nNote In order to use &#39;FileOpenBlock&#39; with Office 2007, all of the latest Office 2007 security updates as of May 2007 must be applied.\r\n\r\nImpact of Workaround: Users who have configured the File Block policy and have not configured a special \u201cexempt directory\u201d as discussed in Microsoft Knowledge Base Article 922848 will be unable to open .rtf files in Office 2003 or 2007 Microsoft Office System.\r\n\r\nHow to undo the workaround:\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Policies&#92;Microsoft&#92;Office&#92;12.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;RTFFiles&quot;=dword:00000000\r\n\u2022\t\r\n\r\nRead e-mail messages in plain text format to protect against the e-mail attack vector.\r\n\u2022\t\r\n\r\nDo not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Object Parsing Vulnerability - CVE-2008-1091\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWhat causes the vulnerability? \r\nThe vulnerability is caused by a memory calculation error when processing a malformed string in a specially crafted .rtf file. The error may corrupt system memory in such a way that an attacker could execute arbitrary code.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could take complete control of an affected system. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nThis vulnerability requires that a user open a specially crafted .rtf file with an affected version of Microsoft Word.\r\n\r\nIn an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted RTF e-mail to a system that uses Word as its default editor and previews the e-mail in either Rich Text Format or as HTML.\r\n\r\nNote By default, Outlook 2003 does not use Word as its default editor. However, Outlook 2007 does.\r\n\r\nIn a Web-based attack scenario, an attacker would have to host a Web site that contains a .rtf file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes them to the attacker&#39;s site.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nSystems where Microsoft Word and or Microsoft Outlook is used are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this.\r\n\r\nWhat does the update do? \r\nThe update removes the vulnerability by modifying the way Word calculates the required memory allocation when opening .rtf files.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued. This security bulletin addresses the privately disclosed vulnerability as well as additional issues discovered through internal investigations.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nWord Cascading Style Sheet &#40;CSS&#41; Vulnerability - CVE-2008-1434\r\n\r\nA remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2008-1434.\r\n\t\r\nMitigating Factors for Word Cascading Style Sheet &#40;CSS&#41; Vulnerability - CVE-2008-1434\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nThe vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker&#39;s Web site.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nUsers who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document. The features of the Office Document Open Confirmation Tool are incorporated in Office XP and later editions of Office.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Word Cascading Style Sheet Vulnerability - CVE-2008-1434\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality.\r\n\u2022\t\r\n\r\nUse Microsoft Office File Block policy to prevent the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations.\r\n\r\nThe following registry scripts can be used to set the File Block policy.\r\n\r\nNote Modifying the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from incorrect modification of the Registry can be solved. Modify the Registry at your own risk.\r\n\r\nFor Office 2003\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Microsoft&#92;Office&#92;11.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;HTMLFiles&quot;=dword:00000001\r\n\r\nNote In order to use &#39;FileOpenBlock&#39; with Office 2003, all of the latest Office 2003 security updates as of May 2007 must be applied.\r\n\r\nImpact of Workaround: Users who have configured the File Block policy and have not configured a special \u201cexempt directory\u201d as discussed in Microsoft Knowledge Base Article 922848 will be unable to open HTML documents in Word or Outlook.\r\n\r\nHow to undo the workaround:\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Microsoft&#92;Office&#92;11.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;HTMLFiles&quot;=dword:00000000\r\n\r\nFor Office 2007\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Policies&#92;Microsoft&#92;Office&#92;12.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;HTMLFiles&quot;=dword:00000001\r\n\r\nNote In order to use &#39;FileOpenBlock&#39; with Office 2007, all of the latest Office 2007 security updates as of May 2007 must be applied.\r\n\r\nImpact of Workaround: Users who have configured the File Block policy and have not configured a special \u201cexempt directory\u201d as discussed in Microsoft Knowledge Base Article 922848 will be unable to open HTML documents in Word 2003 or 2007 Microsoft Office System.\r\n\r\nHow to undo the workaround:\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER&#92;Software&#92;Policies&#92;Microsoft&#92;Office&#92;12.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n\r\n&quot;HTMLFiles&quot;=dword:00000000\r\n\u2022\t\r\n\r\nDo not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Word Cascading Style Sheet Vulnerability - CVE-2008-1434\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWhat causes the vulnerability? \r\nThe vulnerability is caused by a memory handling error when processing CSS values in a specially crafted Word file. The error may corrupt system memory in such a way that an attacker could execute arbitrary code.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could take complete control of an affected system. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nThis vulnerability requires that a user open a specially crafted Word file with an affected version of Microsoft Word.\r\n\r\nIn an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially-crafted Word file to the user and by convincing the user to open the file.\r\n\r\nIn a Web-based attack scenario, an attacker would have to host a Web site that contains a Word file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes them to the attacker&#39;s site.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nSystems where Microsoft Word is used are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this.\r\n\r\nWhat does the update do? \r\nThe update removes the vulnerability by modifying the way that Word manages memory in processing CSS values when opening Word files.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued. This security bulletin addresses the privately disclosed vulnerability as well as additional issues discovered through internal investigations.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\n\r\nOther Information\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\u2022\t\r\n\r\nJun Mao, working with iDefense Labs, for reporting the Word Cascading Style Sheet &#40;CSS&#41; Vulnerability - CVE-2008-1434.\r\n\u2022\t\r\n\r\nwushi of team509, working with Zero Day Initiative, for reporting the Object Parsing Vulnerability - CVE-2008-1091.\r\nTop of sectionTop of section\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\nTop of sectionTop of section\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided &quot;as is&quot; without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\nTop of sectionTop of section\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 &#40;May 13, 2008&#41;: Bulletin published.", "edition": 1, "reporter": "Securityvulns", "published": "2008-05-14T00:00:00", "title": "Microsoft Security Bulletin MS08-026 \u2013 Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution &#40;951207&#41;", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "modified": "2008-05-14T00:00:00", "id": "SECURITYVULNS:DOC:19834", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19834", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:29", "references": ["https://vulners.com/securityvulns/securityvulns:doc:19834", "https://vulners.com/securityvulns/securityvulns:doc:19836", "https://vulners.com/securityvulns/securityvulns:doc:19835", "https://vulners.com/securityvulns/securityvulns:doc:19837"], "description": "Memory coruption on RTF parsing, memory corruption on CSS parsing.", "edition": 1, "reporter": "MICROSOFT", "published": "2008-05-14T00:00:00", "title": "Microsoft Word multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:29", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Word Viewer", "version": "2003", "operator": "eq"}, {"name": "Office", "version": "2007", "operator": "eq"}, {"name": "Office", "version": "2000", "operator": "eq"}, {"name": "Office", "version": "2003", "operator": "eq"}], "cvelist": ["CVE-2008-1434", "CVE-2008-1091"], "modified": "2008-05-14T00:00:00", "id": "SECURITYVULNS:VULN:8989", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8989", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:26", "references": [], "description": "iDefense Security Advisory 05.13.08\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nMay 13, 2008\r\n\r\nI. BACKGROUND\r\n\r\nMicrosoft Word is a word processing application that is distributed with\r\nMicrosoft Office. Cascading Style Sheets &#40;CSS&#41; is a stylesheet language\r\nused to describe the presentation of a document written in a markup\r\nlanguage. For more information about Microsoft Word, visit the\r\nfollowing URL.\r\n\r\nhttp://office.microsoft.com/en-us/word/default.aspx\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a memory corruption vulnerability in Microsoft\r\nCorp.&#39;s Word could allow attackers to execute arbitrary code with the\r\nprivileges of the logged in user.\r\n\r\nThis vulnerability exists in the way Word handles CSS rules in an HTML\r\ndocument. When the number of CSS selectors is above some specific\r\namount, an unspecified object will be corrupted causing Word to access\r\na memory region that has already been freed.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation allows remote attackers to execute arbitrary code on the\r\naffected host in the context of the user. Exploitation requires that\r\nthe user opens a specially crafted HTML document using Microsoft Word.\r\nThe most likely exploitation vector involves convincing a user to open\r\nan HTML document, with a DOC extension, sent to them via e-mail or\r\nlinked on a website.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft\r\nWord XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word\r\n2003 SP3 and Microsoft Word 2007 do not appear to be affected.\r\n\r\nMicrosoft reports that all supported versions of Word, Word Viewer, and\r\nOutlook 2007 are vulnerable.\r\n\r\nV. WORKAROUND\r\n\r\nUsers of Office 2003 and Office 2007 that have installed all security\r\npatches as of May 2007 can use the Microsoft Office File Block policy\r\nto prevent opening files of this type. To deploy this workaround, save\r\nand import the following registry file for the corresponding version of\r\nOffice.\r\n\r\nOffice 2003:\r\n\r\n Windows Registry Editor Version 5.00\r\n \r\n[HKEY_CURRENT_USER&#92;Software&#92;Microsoft&#92;Office&#92;11.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n &quot;HTMLFiles&quot;=dword:00000001\r\n\r\nOffice 2007:\r\n\r\n Windows Registry Editor Version 5.00\r\n \r\n[HKEY_CURRENT_USER&#92;Software&#92;Policies&#92;Microsoft&#92;Office&#92;12.0&#92;Word&#92;Security&#92;FileOpenBlock]\r\n &quot;HTMLFiles&quot;=dword:00000001\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nMicrosoft has officially addressed this vulnerability with Security\r\nBulletin MS08-026. For more information, consult their bulletin at the\r\nfollowing URL.\r\n\r\nhttp://www.microsoft.com/technet/security/bulletin/ms08-026.mspx\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned the\r\nname CVE-2008-1434 to this issue. This is a candidate for inclusion in\r\nthe CVE list &#40;http://cve.mitre.org/&#41;, which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n11/08/2007 Initial vendor notification\r\n11/08/2007 Initial vendor response\r\n05/13/2008 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was discovered by Jun Mao of iDefense Labs.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2008 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "reporter": "Securityvulns", "published": "2008-05-14T00:00:00", "title": "iDefense Security Advisory 05.13.08: Microsoft Word CSS Processing Memory Corruption Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1434"], "modified": "2008-05-14T00:00:00", "id": "SECURITYVULNS:DOC:19837", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19837", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:26", "references": [], "description": "ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption \r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-08-023\r\nAugust 14, 2007\r\n\r\n-- CVE ID:\r\nCVE-2008-1091\r\n\r\n-- Affected Vendors:\r\nMicrosoft\r\n\r\n-- Affected Products:\r\nMicrosoft Office Excel\r\nMicrosoft Office Word\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 6099. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Microsoft Office. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page, open a malicious email, or open a malicious file.\r\n\r\nThe specific flaw exists when parsing malformed RTF documents. When\r\nprocessing a combination of RTF tags a heap overflow occurs. Successful\r\nexploitation can lead to remote compromise of a system under the\r\ncredentials of the currently logged in user.\r\n\r\n-- Vendor Response:\r\nMicrosoft has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.microsoft.com/technet/security/bulletin/ms08-026.mspx\r\n\r\n-- Disclosure Timeline:\r\n2008-01-21 - Vulnerability reported to vendor\r\n2008-05-13 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nCONFIDENTIALITY NOTICE: This e-mail message, including any attachments,\r\nis being sent by 3Com for the sole use of the intended recipient&#40;s&#41; and\r\nmay contain confidential, proprietary and/or privileged information.\r\nAny unauthorized review, use, disclosure and/or distribution by any \r\nrecipient is prohibited. If you are not the intended recipient, please\r\ndelete and/or destroy all copies of this message regardless of form and\r\nany included attachments and notify 3Com immediately by contacting the\r\nsender via reply e-mail or forwarding to 3Com at postmaster@3com.com. ", "edition": 1, "reporter": "Securityvulns", "published": "2008-05-14T00:00:00", "title": "ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1091"], "modified": "2008-05-14T00:00:00", "id": "SECURITYVULNS:DOC:19835", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19835", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:26", "references": [], "description": "ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption \r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-08-023\r\nAugust 14, 2007\r\n\r\n-- CVE ID:\r\nCVE-2008-1091\r\n\r\n-- Affected Vendors:\r\nMicrosoft\r\n\r\n-- Affected Products:\r\nMicrosoft Office Excel\r\nMicrosoft Office Word\r\n\r\n-- TippingPoint&#40;TM&#41; IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability by Digital Vaccine protection filter ID 6099. \r\nFor further product information on the TippingPoint IPS, visit:\r\n\r\n http://www.tippingpoint.com\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Microsoft Office. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page, open a malicious email, or open a malicious file.\r\n\r\nThe specific flaw exists when parsing malformed RTF documents. When\r\nprocessing a combination of RTF tags a heap overflow occurs. Successful\r\nexploitation can lead to remote compromise of a system under the\r\ncredentials of the currently logged in user.\r\n\r\n-- Vendor Response:\r\nMicrosoft has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.microsoft.com/technet/security/bulletin/ms08-026.mspx\r\n\r\n-- Disclosure Timeline:\r\n2008-01-21 - Vulnerability reported to vendor\r\n2008-05-13 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * wushi of team509\r\n\r\n-- About the Zero Day Initiative &#40;ZDI&#41;:\r\nEstablished by TippingPoint, The Zero Day Initiative &#40;ZDI&#41; represents \r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors &#40;including competitors&#41; who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nCONFIDENTIALITY NOTICE: This e-mail message, including any attachments,\r\nis being sent by 3Com for the sole use of the intended recipient&#40;s&#41; and\r\nmay contain confidential, proprietary and/or privileged information.\r\nAny unauthorized review, use, disclosure and/or distribution by any \r\nrecipient is prohibited. If you are not the intended recipient, please\r\ndelete and/or destroy all copies of this message regardless of form and\r\nany included attachments and notify 3Com immediately by contacting the\r\nsender via reply e-mail or forwarding to 3Com at postmaster@3com.com. ", "edition": 1, "reporter": "Securityvulns", "published": "2008-05-14T00:00:00", "title": "ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-1091"], "modified": "2008-05-14T00:00:00", "id": "SECURITYVULNS:DOC:19836", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19836", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:42:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 29105\r\nCVE(CAN) ID: CVE-2008-1434\r\n\r\nMicrosoft Word\u662fOffice\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nWord\u5904\u7406\u7279\u5236DOC\u6587\u6863\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u4e00\u4e2a\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u6253\u5f00\u7684Word\u6587\u4ef6\u4e2dCSS\u9009\u62e9\u5668\u7684\u6570\u91cf\u5927\u4e8e\u7279\u5b9a\u503c\u7684\u8bdd\uff0c\u5c31\u4f1a\u7834\u574f\u67d0\u4e00\u5bf9\u8c61\uff0c\u5bfc\u81f4Word\u8bbf\u95ee\u5df2\u7ecf\u91ca\u653e\u7684\u5185\u5b58\u533a\u57df\u3002\u6210\u529f\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u653b\u51fb\u8005\u53ef\u968f\u540e\u5b89\u88c5\u7a0b\u5e8f\uff1b\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\uff1b\u6216\u8005\u521b\u5efa\u62e5\u6709\u5b8c\u5168\u7528\u6237\u6743\u9650\u7684\u65b0\u5e10\u6237\u3002\r\n\n\nMicrosoft Word Viewer 2003 SP1\r\nMicrosoft Word Viewer 2003\r\nMicrosoft Word 2007 SP1\r\nMicrosoft Word 2007\r\nMicrosoft Word 2003 SP3\r\nMicrosoft Word 2003 SP2\r\nMicrosoft Word 2002 SP3\r\nMicrosoft Word 2000 SP3\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4f7f\u7528Microsoft Office\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u7981\u6b62\u6253\u5f00\u6765\u81ea\u672a\u77e5\u6216\u4e0d\u53ef\u4fe1\u6765\u6e90\u548c\u4f4d\u7f6e\u7684Office 2003\u4ee5\u53ca\u8f83\u65e9\u7248\u672c\u7684\u6587\u6863\uff0c\u4e0b\u5217\u6ce8\u518c\u8868\u811a\u672c\u53ef\u4ee5\u7528\u4e8e\u8bbe\u7f6e\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u3002\r\n \r\n\u5bf9\u4e8eOffice 2003\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Word\\Security\\FileOpenBlock]\r\n\r\n&quot;BinaryFiles&quot;=dword:00000001\r\n\r\n\u5bf9\u4e8eOffice 2007\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Office\\12.0\\Word\\Security\\FileOpenBlock]\r\n\r\n&quot;HTMLFiles&quot;=dword:00000001\r\n\r\n* \u4e0d\u8981\u6253\u5f00\u6216\u4fdd\u5b58\u4ece\u4e0d\u53d7\u4fe1\u4efb\u6765\u6e90\u6216\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u610f\u5916\u6536\u5230\u7684Microsoft Office\u6587\u4ef6\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS08-026\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS08-026\uff1aVulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)\r\n\u94fe\u63a5\uff1a<a href=http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true</a>", "reporter": "Root", "published": "2008-05-17T00:00:00", "type": "seebug", "title": "Microsoft Word CSS\u5904\u7406\u5185\u5b58\u7834\u574f\u6f0f\u6d1e(MS08-026)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1434"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-05-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3293", "id": "SSV:3293", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "details"}, {"lastseen": "2017-11-19T21:42:55", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 29104\r\nCVE(CAN) ID: CVE-2008-1091\r\n\r\nMicrosoft Word\u662fOffice\u5957\u4ef6\u4e2d\u7684\u6587\u5b57\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nWord\u5904\u7406\u7279\u5236RTF\u683c\u5f0f\uff08.rtf\uff09\u6587\u4ef6\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u7528\u6237\u5728Word\u4e2d\u6253\u5f00\u5e26\u6709\u7578\u5f62\u5b57\u7b26\u4e32\u7684\u7279\u5236.rtf\u6587\u4ef6\uff0c\u6216\u5728\u5bcc\u6587\u672c\u7535\u5b50\u90ae\u4ef6\u4e2d\u9884\u89c8\u5e26\u6709\u7578\u5f62\u5b57\u7b26\u4e32\u7684\u7279\u5236.rtf\u6587\u4ef6\uff0c\u5c31\u4f1a\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\n\nMicrosoft Office 2008 for Mac\r\nMicrosoft Office 2004 for Mac\r\nMicrosoft Outlook 2007 SP1\r\nMicrosoft Outlook 2007\r\nMicrosoft Word Viewer 2003 SP1\r\nMicrosoft Word Viewer 2003\r\nMicrosoft Word 2003 SP3\r\nMicrosoft Word 2003 SP2\r\nMicrosoft Word 2002 SP3\r\nMicrosoft Word 2000 SP3\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4f7f\u7528Microsoft Office\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u7981\u6b62\u6253\u5f00\u6765\u81ea\u672a\u77e5\u6216\u4e0d\u53ef\u4fe1\u6765\u6e90\u548c\u4f4d\u7f6e\u7684Office 2003\u4ee5\u53ca\u8f83\u65e9\u7248\u672c\u7684\u6587\u6863\uff0c\u4e0b\u5217\u6ce8\u518c\u8868\u811a\u672c\u53ef\u4ee5\u7528\u4e8e\u8bbe\u7f6e\u6587\u4ef6\u963b\u6b62\u7b56\u7565\u3002\r\n \r\n\u5bf9\u4e8eOffice 2003\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Word\\Security\\FileOpenBlock]\r\n\r\n&quot;BinaryFiles&quot;=dword:00000001\r\n\r\n\u5bf9\u4e8eOffice 2007\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Office\\12.0\\Word\\Security\\FileOpenBlock]\r\n\r\n&quot;HTMLFiles&quot;=dword:00000001\r\n\r\n* \u4e0d\u8981\u6253\u5f00\u6216\u4fdd\u5b58\u4ece\u4e0d\u53d7\u4fe1\u4efb\u6765\u6e90\u6216\u4ece\u53d7\u4fe1\u4efb\u6765\u6e90\u610f\u5916\u6536\u5230\u7684Microsoft Office\u6587\u4ef6\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS08-026\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS08-026\uff1aVulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)\r\n\u94fe\u63a5\uff1a<a href=http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx?pf=true</a>", "reporter": "Root", "published": "2008-05-17T00:00:00", "type": "seebug", "title": "Microsoft Word RTF\u7578\u5f62\u5b57\u7b26\u4e32\u5904\u7406\u5806\u6ea2\u51fa\u6f0f\u6d1e(MS08-026)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1091"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2008-05-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3294", "id": "SSV:3294", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "details"}], "zdi": [{"lastseen": "2016-11-09T00:18:02", "references": ["http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file.\n\nThe specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.", "reporter": "wushi of team509", "published": "2008-05-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2008-1091"], "modified": "2008-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-08-023", "id": "ZDI-08-023", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}