Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_MS15-033_OFFICE_2011.NASL
HistoryApr 14, 2015 - 12:00 a.m.

MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)

2015-04-1400:00:00
This script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
38

9.3 High

AI Score

Confidence

High

JSON

The remote Mac OS X host has a version of Microsoft Word installed that is affected by multiple vulnerabilities :

  • A cross-site scripting vulnerability exists due to improper sanitization of HTML strings. A remote attacker can exploit this issue by convincing a user to open a file or visit a website containing specially crafted content, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-1639)

  • A remote code execution vulnerability exists due to improper handling rich text format files in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted file using the affected software, resulting in execution of arbitrary code in the context of the current user.
    (CVE-2015-1641)

#TRUSTED 39d6dde0835faadfc3b1747dfa0d2ffcbafd2502acb0a26c02e45c8b8366f7dee886e62b000e6b1c6fdb2370e74a5c2a0207db66052cfbeb540e76fad09cfe67c9640ec0f04ee6452f00549e368597042fb1ec57418f918fc460e91bb6fb154347d014343212fa802bb8a5c397ae24c7d17a3f71103d753fe0721de864f52efe8c1fbff1e7d070427600e828aa77072104f965c7cf38762685a1da32dd72ed448df3ec48a05055285fd8e6046ed19ae4c94de232586ee0432da5986018cda0967b62ec6c64f4376d0151cdc0d30edb65934efa2fb391b6c3f60ec9abcd574cef2a59b4fc83061fd2b925825228114eae19573300299e4c5fcb8f2ce50d0e7982a58640c5cfadacf0f850ea7e100729e3e0b4bc1ba64e7c47b50af20740c507c20481de101cf60bc49bc060dc45f2ef4db48b50c05b64b4f6339fae4a94ae239bd591a3415cc57c2895996079ef13bc574c3e3843b401ea38ba8304e905ffbf5a4b291bf8f9fe270f2e91d163db3dbdf49db75be08d3f73094c177188396d15e6c0fecf4fe9033f11991c79852ace18d6bdb7b33ffb543940207376941662690682edcb6dcb96816308f43e876bf402bde990c63f5391f53bb9671ba369c623115a21351d8996ee3ad27df2c5d65aa151b523676b04c45329c12b539499204f3a96385d9c5da19540bdb1024a4c21bbf941448cb99fb010f55a53abdbc39d6708
#TRUST-RSA-SHA256 1fa1929a934ac13df45604eceb2c852ee7b202723a5a9392615c781dce8c3c37eabf54e085459f4ca98184e269e89024810f5597ef76331a45616c2bde8d849d381a9175f871fd7a6cd51677612c09b1fc614f2258bd47007d6a14957692acea41b9196d608726ccd0ccade1f9954e9f594e99f46669eed74e201791b02ef027737726c1b6a2ebc7e693822a2f9df2d30036de84ecfe4508c32fb7e57dcaf8f66435f034105e0438f28f1a968936b67c38d2f5ee9de7999f8293ab878ceda26ccc1788ff56571d61035c5e23b56acfe412f12e5cfe0bc44bb32e8ec8287fd7ca0a5544da8493173274ccbdfed43005e15200e9a4f0d53f4c8b8df0a7fa39b3a3ce02bb1da279e7897c710b22239010ad6f14874d28e90257087efdd1a9fecf25b6904bee198f70134e31983e6ae356ab3d1eaef3709c07aff6e982c422b0f11abf68ebc18ae68ae75a3098d85ac55bbaee71cea695fdb104b6cb529b79c7a5ed89a6702e89262b55373ad502b2f453dc254d3dccf8d78dbbd16ea68d03e110f956d1d90564c33a59a4e282401271c2b38b37a685783cf71a44e633957b9703b0e465106e5b27e6b7aa4e893a81e56a80b6fca712eae8c4cb1a6ea86b43d1d2aed50ae1e5a8356d289871b125ec53f810ba59efaac9e5f76f237529cef6c41833bac5106824fa5954ca7b7ad4d3bc03b968aea48fbbb6e0e3ed9c43d684e44ed5
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(82767);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

  script_cve_id("CVE-2015-1639", "CVE-2015-1641");
  script_bugtraq_id(73991, 73995);
  script_xref(name:"MSFT", value:"MS15-033");
  script_xref(name:"IAVA", value:"2015-A-0090-S");
  script_xref(name:"MSKB", value:"3051737");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");

  script_name(english:"MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Mac OS X host has a version of Microsoft Word installed
that is affected by multiple vulnerabilities :

  - A cross-site scripting vulnerability exists due to
    improper sanitization of HTML strings. A remote attacker
    can exploit this issue by convincing a user to open a
    file or visit a website containing specially crafted
    content, resulting in execution of arbitrary code in the
    context of the current user. (CVE-2015-1639)

  - A remote code execution vulnerability exists due to
    improper handling rich text format files in memory. A
    remote attacker can exploit this vulnerability by
    convincing a user to open a specially crafted file using
    the affected software, resulting in execution of
    arbitrary code in the context of the current user.
    (CVE-2015-1641)");
  script_set_attribute(attribute:"see_also", value:"https://technet.microsoft.com/library/security/ms15-033");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a patch for Office for Mac 2011.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2011::mac");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word_for_mac:2011");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:microsoft:outlook_for_mac_for_office_365");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");


enable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");

# Gather version info.
info = '';
installs = make_array();

prod = 'Office for Mac 2011';
plist = "/Applications/Microsoft Office 2011/Office/MicrosoftComponentPlugin.framework/Versions/14/Resources/Info.plist";
cmd =  'cat \'' + plist + '\' | ' +
  'grep -A 1 CFBundleShortVersionString | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (version && version =~ "^[0-9]+\.")
{
  version = chomp(version);
  if (version !~ "^14\.") exit(1, "Failed to get the version for "+prod+" - '"+version+"'.");

  installs[prod] = version;

  ver = split(version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(ver); i++)
    ver[i] = int(ver[i]);

  fixed_version = '14.4.9';
  fix = split(fixed_version, sep:'.', keep:FALSE);
  for (i=0; i<max_index(fix); i++)
    fix[i] = int(fix[i]);

  for (i=0; i<max_index(fix); i++)
    if ((ver[i] < fix[i]))
    {
      info +=
        '\n  Product           : ' + prod +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fixed_version + '\n';
      break;
    }
    else if (ver[i] > fix[i])
      break;
}

# Report findings.
if (info)
{
  set_kb_item(name:"www/0/XSS", value:TRUE);
  if (report_verbosity > 0) security_hole(port:0, extra:info);
  else security_hole(0);

  exit(0);
}
else
{
  if (max_index(keys(installs)) == 0) exit(0, "Office for Mac 2011 is not installed.");
  else
  {
    msg = 'The host has ';
    foreach prod (sort(keys(installs)))
      msg += prod + ' ' + installs[prod] + ' and ';
    msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));

    msg += ' installed and thus is not affected.';

    exit(0, msg);
  }
}
VendorProductVersionCPE
microsoftoffice2011cpe:/a:microsoft:office:2011::mac
microsoftword_for_mac2011cpe:/a:microsoft:word_for_mac:2011
microsoftoutlook_for_mac_for_office_365x-cpe:/a:microsoft:outlook_for_mac_for_office_365

Related

openvas 5
mskb 1
nessus 2
symantec 2
cve 2
prion 2
checkpoint_advisories 1
securelist 2
attackerkb 1
threatpost 4
cisa_kev 1
myhack58 2
carbonblack 1
seebug 1
fireeye 2
securityvulns 1
ics 1
qualysblog 1
openvas
openvas
Microsoft Office Word Remote Code Execution Vulnerabilities (3048019) - Mac OS X
2015-04-15 00:00:00
Microsoft Office Web Apps Multiple Vulnerabilities (3048019)
2015-04-15 00:00:00
Microsoft SharePoint Server WAS Multiple Vulnerabilities (3048019)
2015-04-15 00:00:00
mskb
mskb
MS15-033: Vulnerabilities in Office could allow remote code execution: April 14, 2015
2015-04-14 00:00:00
nessus
nessus
MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
2015-04-14 00:00:00
MS15-033: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
2015-04-14 00:00:00
symantec
symantec
Microsoft Outlook App for Mac CVE-2015-1639 Cross Site Scripting Vulnerability
2015-04-14 00:00:00
Microsoft Office CVE-2015-1641 Memory Corruption Vulnerability
2015-04-14 00:00:00
cve
cve
CVE-2015-1639
2015-04-14 20:59:00
CVE-2015-1641
2015-04-14 20:59:00
prion
prion
Cross site scripting
2015-04-14 20:59:00
Memory corruption
2015-04-14 20:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Memory Corruption (MS15-033: CVE-2015-1641)
2015-04-14 00:00:00
securelist
securelist
A simple example of a complex cyberattack
2017-09-25 12:23:47
Nigerian phishing: Industrial companies under attack
2017-06-15 09:00:04
attackerkb
attackerkb
CVE-2015-1641
2015-04-14 00:00:00
threatpost
threatpost
Nigerian BEC Scams Hit 500 Companies in 50 Countries
2017-06-15 14:28:19
April 2015 Microsoft Patch Tuesday Security Bulletins
2015-04-14 14:49:25
APT Threat Targets Tibetans, Journalists and Human Rights Workers
2016-04-19 07:00:14
cisa_kev
cisa_kev
Microsoft Office Memory Corruption Vulnerability
2021-11-03 00:00:00
myhack58
myhack58
Hand to hand teach you how to construct the office exploits EXP(fourth periodοΌ‰-bug warning-the black bar safety net
2016-12-03 00:00:00
The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net
2019-06-13 00:00:00
carbonblack
carbonblack
Threat Analysis: Pylot (Travle) Malware Family
2018-01-26 17:46:11
seebug
seebug
Microsoft Office ε†…ε­˜ζŸεζΌζ΄ž(CVE-2015-1641)
2015-12-31 00:00:00
fireeye
fireeye
How RTF malware evades static signature-based detection
2016-05-20 14:59:00
How RTF malware evades static signature-based detection
2016-05-20 14:59:00
securityvulns
securityvulns
Microsoft Office and Sharepoint multiple security vulnerabilities
2015-04-16 00:00:00
ics
ics
Top 10 Routinely Exploited Vulnerabilities
2020-05-12 12:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

9.3 High

AI Score

Confidence

High

JSON
Related for MACOSX_MS15-033_OFFICE_2011.NASL
openvas5mskb1nessus2symantec2cve2prion2checkpoint_advisories1securelist2attackerkb1threatpost4cisa_kev1myhack582carbonblack1seebug1fireeye2securityvulns1ics1qualysblog1