Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2023 Tenable Network Security, Inc.MACOSX_MS_06-028.NASL
HistoryJun 16, 2006 - 12:00 a.m.

MS06-028: Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) (Mac OS X)

2006-06-1600:00:00
This script is Copyright (C) 2006-2023 Tenable Network Security, Inc.
www.tenable.com
6

7.2 High

AI Score

Confidence

Low

JSON

The remote host is running a version of Microsoft PowerPoint that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with PowerPoint. A vulnerability in the font parsing handler would then result in code execution.

#TRUSTED 686a7707b9bf2e156ae2fc5f6c31a8d7205daf9f46798363d2c9c6b2eb4789d5a5cc7b0102af5b2333a6cea48c6d462893e196fc33198ece786d8fd8178782bf7a4bf9723aa00d9fc1189e6f36dcf86242011fbc4f12cbdae7b528e9077c45a1505384ea5ae884b614ecff50248939a1e23a7e61c90db00c5c4add19bc0d8c4a60174fdc150b8bf48614da39c923a5fd86f99c27762e92b3658a57e80b1666aad799ea9ac86564d2ded7bdb6e9956bc29838798df373ee7b1f2a8516280bec651c139bf04363fa8fdd2110fc73e9dfb90aabe985229cc472bc1000e9fc45cea7885336bfa50947f3322719dda66fc5948095c8b92983bfdd3bb33626022ba473b8699b4ed52a1f5481dd1f484bf53fcb4e8a960354a2e1362f3f69538f004a75c5aed79bf25ad8bb1dedf43fa47148266568c681d669ef0e4db7b1c20778b0d56d042e91f0ffa3a54b0e6c4663b1ce5e863383837e957c42c6f8cb9ab5cf574a723f7fe9684fdaef30d169977a58da9af2e32407fd924a05315e736783e6d28a707fde099792de0bdc434504595c489b46f34a41de080928487c1ff0677f89f7e3b99b5158de6865c91a30fc1f182dbcd94a473b947c1a2520347fcaddbc8f3665c04fa0004861328881d5154b8577f28915e98a62c2c273d13aba052cb0606ec6064f44dc02663a61a425670e6306f2684c4ff89f50f916e8ded7cc727a7faa
#TRUST-RSA-SHA256 3724b3a76bc604433134c0ac6e503ec47d4744aa94cf69978480a9bc658fe7fc3ab0e244a2e3e716f778094d9cecfd9791ccc6cd3273c4127d5bfe7c629f5a0dbe8cca00f52cd871175b8d63139ff21931391887bcea633058c0a0834d4dac75a1e5c7492ce3f97b6fed6d7334adf2ec73c123352778a646e1981969ecef3ac9c612492378e7ebe4218386a1cfea7b372d5d55234c90c630018b2366eab7fccc70d38b6a3f2a43ec343ccb9904c66801f57441a1c1961c7435946549b7ce11819259c4c1d468655f61bd81ffb272b8a9af5e01e6a56b5c48355b216342baedb4d22a95b3aed90b570d17b23ba97cb3e74c3de02a745d05a1df6fd0cd796735cff45c9f314a8ac366d455643b905b5f28e11e572d46bc280a49aaf7220e586caed1d02129e7627c2ad90551aab7bc19dddf42fe8653520955e5eab5e56e49050ac6081b17ba513439e005a5d7f980cf8758fde5141e40ed6bede788eba0d9f75e7cfd29652a9fd40c8394b53d59f5a14025ba9bebcbfe779de82fb9013d840aad1fd0243a49e07e3c83677f1dc82d4ac9fb8d5c9c9a989621a6ac5e01bf64e8c58c8642eeb4e57b45a375825e727f2f7380d11188c6b0b7d118fcb321794f327b69951eacf0e7dc68d491a385f7d407816708544d61e19e5ddd557cfbbc7c14b19dcdc1e9cd8a84a9bdfa18b9dd36b7df5249f4512c172486b82ee93964116e5a
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(21724);
 script_version("1.30");
 script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

 script_cve_id("CVE-2006-0022");
 script_bugtraq_id (18382);
 script_xref(name:"MSFT", value:"MS06-028");
 script_xref(name:"MSKB", value:"916768");

 script_name(english:"MS06-028: Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) (Mac OS X)");
 script_summary(english:"Check for PowerPoint 2004 and X");

 script_set_attribute(
  attribute:"synopsis",
  value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
 );
 script_set_attribute(
  attribute:"description",
  value:
"The remote host is running a version of Microsoft PowerPoint that may
allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have it open it with PowerPoint.  A
vulnerability in the font parsing handler would then result in code
execution."
 );
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-028");
 script_set_attribute(
  attribute:"solution",
  value:
"Microsoft has released a set of patches for PowerPoint X and 2004 for
Mac OS X."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-0022");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/13");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/06/13");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/16");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2001:sr1:mac_os");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");

 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2023 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  off2004 = GetCarbonVersionCmd(file:"Microsoft PowerPoint", path:"/Applications/Microsoft Office 2004");
  offX    = GetCarbonVersionCmd(file:"Microsoft PowerPoint", path:"/Applications/Microsoft Office X");

  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:off2004);
   if ( buf !~ "^11" )
    buf = ssh_cmd(cmd:offX);
   ssh_close_connection();
  }
  else
  {
  buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));
  if ( buf !~ "^11" )
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", offX));
  }


 if ( buf =~ "^(10\.|11\.)" )
	{
	  vers = split(buf, sep:'.', keep:FALSE);
	  # < 10.1.7
	  if ( int(vers[0]) == 10 && ( int(vers[1]) < 1  || ( int(vers[1]) == 1 && int(vers[2]) < 7 ) ) ) security_hole(0);
	  else
          # < 11.2.4
	  if ( int(vers[0]) == 11 && ( int(vers[1]) < 2  || ( int(vers[1]) == 2 && int(vers[2]) < 4 ) ) ) security_hole(0);
	}
}
VendorProductVersionCPE
microsoftoffice2001cpe:/a:microsoft:office:2001:sr1:mac_os
microsoftoffice2004cpe:/a:microsoft:office:2004::mac
microsoftofficecpe:/a:microsoft:office

Related

nessus 1
securityvulns 1
checkpoint_advisories 1
prion 1
cve 1
cert 1
nessus
nessus
MS06-028: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
2006-06-13 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-028
2006-06-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft PowerPoint Malformed Record Memory Corruption - Ver2 (CVE-2006-0022)
2014-04-16 00:00:00
prion
prion
Memory corruption
2006-06-13 19:06:00
cve
cve
CVE-2006-0022
2006-06-13 19:06:00
cert
cert
Microsoft PowerPoint malformed record vulnerability
2006-06-13 00:00:00

7.2 High

AI Score

Confidence

Low

JSON
Related for MACOSX_MS_06-028.NASL
nessus1securityvulns1checkpoint_advisories1prion1cve1cert1