The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.
To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel or another Office application.
#TRUSTED 41e87e90e220e65219f48e50900e25a73282e18ff06119af93340fff0e99b39433288948fb393d3b8e45de502f531ce07aee3b0fdfd91ba974f333aadb88833fb2c5662567a1b95645b78a3a4622cfe0d8ae7ae04168b2edc7a49075b0e02633977e2ae02210ad9a365adbd8bcd4b9b97e867f18c82b7546a00ca08ccd15823ab82062dd2bc4cfdf4c297d2f92c7db74a561882c8a4ffd2dac6446c6f37b1eda4387dbc446aa298c40a148b56b82c73af2fe79158522b6432520c703a7eab6b934d70e6fdeb8ea7d17eaec398982b5b03853f104a9835404245b54b1a5fe03445f4ff64c822b46200f2685c9a590ff8f0254741ec1699cfda6ccf1d3c4626850cf04d815b9afd56fc0db67d77b259a40b8fb9149df667039e3d5c1d18e05bd4d1198273e8c995adee8198ab5594ab28d980e1f52804764ca5e4c290d4f0d19df089f594cca77c4dd8ebec19e5ae269519684bc46281beeca3d8a6e9e06fb90190329a91f1a01cc0bd85a238f312a8b83845c9dc9c15414100d40798b08638a8227f4447c4c9dbf979d8646d926ad4c128257269af766a4e6d1e747e9c1664f7bfe3e14d2ac5a09c599cef41579207752e653998401dc83b08cdc0cbc1cf76593841fdb1b14ce102e5949e48e537df0eb590d9d084cdf2e1278c625e065835343c252464b70f62ca55ecb870640c4d15b75553774817f46762fd186f6198606fd
#TRUST-RSA-SHA256 66cddf96d3148083dc9aca6c6aeef94bc36a2d35d838722ed46aac17248be88d75dd61f0f7a53199d0416b00cd80ad1d4ae89be24e8f3c024aa3c8cf6373bfe9f32cbdd70add1875dc25b7773bdbf7217050402bd879d8f17fb5b659d63a459b32c8ec19330a01ec04d9d96d60310cb23eaae1ec46bd6ecaed8939cd68eede1682b5eea0df72c548161ee97c0ad1cf057d673c0cc5dcd16dd166f98c085eb19dfb76c862ec871456ff64cc99ab700795b4d6e8a1aa1a0b04ded9972ae8d2c7bddf970b092a7b64608ed925dcd1579c9cea92a5456b84c3a616d151280576fed4ea03fca3077ea2924392a674c44a7156abd06e16caba55004be82f3266149c569fed4133a3f545e9239ae4a6c175a3e6fc73e29b766e4bf7489f621cbabf665a81274ed3936488fc258e1cc1ed491427f84b5b189974f9a965d05e102ce8ac670d628372c97a2366690b95b3ccb53afafac14068d6f66f6c52b05a66a9fac8d305bb12b161704c8517d246a49736ec2e0535df6af71f68123816532d482497ac93b4bf9c8bfcfc091f631af3dc8d36b2cb1f50efc4ae4d817e1e0d22fb88c4bd31a6fc07fae52461c220fa6180a9d721ec1449fd2e11db954aeffde87b50f85f2a1912fb3edefe806de0321a20e75438c11212afc4aa54cf7848870b54d2c3628f84d11c1ecd8bdcf3f6b295ce608973edd41a41f8dadf9e6424ac81b4bca403
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(22025);
script_version("1.33");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
"CVE-2006-1301",
"CVE-2006-1302",
"CVE-2006-1304",
"CVE-2006-1306",
"CVE-2006-1308",
"CVE-2006-1309",
"CVE-2006-2388",
"CVE-2006-3059",
"CVE-2006-1316",
"CVE-2006-1318",
"CVE-2006-1540",
"CVE-2006-2389"
);
script_bugtraq_id(
18422,
18853,
18885,
18886,
18888,
18889,
18890,
18910,
18911,
18912,
18938
);
script_xref(name:"MSFT", value:"MS06-037");
script_xref(name:"MSFT", value:"MS06-038");
script_xref(name:"MSKB", value:"917284");
script_xref(name:"MSKB", value:"917285");
script_name(english:"MS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X)");
script_summary(english:"Check for Excel 2004 and X");
script_set_attribute(
attribute:"synopsis",
value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is running a version of Microsoft Office that is
affected by various flaws that may allow arbitrary code to be run.
To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have it open it with Microsoft Excel or
another Office application."
);
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-037");
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-038");
script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-3059");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_cwe_id(94);
script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/14");
script_set_attribute(attribute:"patch_publication_date", value:"2006/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2001:sr1:mac_os");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2023 Tenable Network Security, Inc.");
script_family(english:"MacOS X Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/MacOSX/packages");
exit(0);
}
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
enable_ssh_wrappers();
uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
off2004 = GetCarbonVersionCmd(file:"Microsoft Excel", path:"/Applications/Microsoft Office 2004");
offX = GetCarbonVersionCmd(file:"Microsoft Excel", path:"/Applications/Microsoft Office X");
if ( ! islocalhost() )
{
ret = ssh_open_connection();
if ( ! ret ) exit(0);
buf = ssh_cmd(cmd:off2004);
if ( buf !~ "^11" )
buf = ssh_cmd(cmd:offX);
ssh_close_connection();
}
else
{
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));
if ( buf !~ "^11" )
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", offX));
}
if ( buf =~ "^(10\.|11\.)" )
{
vers = split(buf, sep:'.', keep:FALSE);
# < 10.1.7
if ( int(vers[0]) == 10 && ( int(vers[1]) < 1 || ( int(vers[1]) == 1 && int(vers[2]) < 7 ) ) ) security_warning(0);
else
# < 11.2.5
if ( int(vers[0]) == 11 && ( int(vers[1]) < 2 || ( int(vers[1]) == 2 && int(vers[2]) < 5 ) ) ) security_warning(0);
}
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059
technet.microsoft.com/en-us/security/bulletin/ms06-037
technet.microsoft.com/en-us/security/bulletin/ms06-038