Lucene search

HistoryJul 11, 2006 - 12:00 a.m.

MS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X)

2006-07-1100:00:00

www.tenable.com

6.7 Medium

AI Score

Confidence

Low

JSON

The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel or another Office application.

#TRUSTED 41e87e90e220e65219f48e50900e25a73282e18ff06119af93340fff0e99b39433288948fb393d3b8e45de502f531ce07aee3b0fdfd91ba974f333aadb88833fb2c5662567a1b95645b78a3a4622cfe0d8ae7ae04168b2edc7a49075b0e02633977e2ae02210ad9a365adbd8bcd4b9b97e867f18c82b7546a00ca08ccd15823ab82062dd2bc4cfdf4c297d2f92c7db74a561882c8a4ffd2dac6446c6f37b1eda4387dbc446aa298c40a148b56b82c73af2fe79158522b6432520c703a7eab6b934d70e6fdeb8ea7d17eaec398982b5b03853f104a9835404245b54b1a5fe03445f4ff64c822b46200f2685c9a590ff8f0254741ec1699cfda6ccf1d3c4626850cf04d815b9afd56fc0db67d77b259a40b8fb9149df667039e3d5c1d18e05bd4d1198273e8c995adee8198ab5594ab28d980e1f52804764ca5e4c290d4f0d19df089f594cca77c4dd8ebec19e5ae269519684bc46281beeca3d8a6e9e06fb90190329a91f1a01cc0bd85a238f312a8b83845c9dc9c15414100d40798b08638a8227f4447c4c9dbf979d8646d926ad4c128257269af766a4e6d1e747e9c1664f7bfe3e14d2ac5a09c599cef41579207752e653998401dc83b08cdc0cbc1cf76593841fdb1b14ce102e5949e48e537df0eb590d9d084cdf2e1278c625e065835343c252464b70f62ca55ecb870640c4d15b75553774817f46762fd186f6198606fd
#TRUST-RSA-SHA256 66cddf96d3148083dc9aca6c6aeef94bc36a2d35d838722ed46aac17248be88d75dd61f0f7a53199d0416b00cd80ad1d4ae89be24e8f3c024aa3c8cf6373bfe9f32cbdd70add1875dc25b7773bdbf7217050402bd879d8f17fb5b659d63a459b32c8ec19330a01ec04d9d96d60310cb23eaae1ec46bd6ecaed8939cd68eede1682b5eea0df72c548161ee97c0ad1cf057d673c0cc5dcd16dd166f98c085eb19dfb76c862ec871456ff64cc99ab700795b4d6e8a1aa1a0b04ded9972ae8d2c7bddf970b092a7b64608ed925dcd1579c9cea92a5456b84c3a616d151280576fed4ea03fca3077ea2924392a674c44a7156abd06e16caba55004be82f3266149c569fed4133a3f545e9239ae4a6c175a3e6fc73e29b766e4bf7489f621cbabf665a81274ed3936488fc258e1cc1ed491427f84b5b189974f9a965d05e102ce8ac670d628372c97a2366690b95b3ccb53afafac14068d6f66f6c52b05a66a9fac8d305bb12b161704c8517d246a49736ec2e0535df6af71f68123816532d482497ac93b4bf9c8bfcfc091f631af3dc8d36b2cb1f50efc4ae4d817e1e0d22fb88c4bd31a6fc07fae52461c220fa6180a9d721ec1449fd2e11db954aeffde87b50f85f2a1912fb3edefe806de0321a20e75438c11212afc4aa54cf7848870b54d2c3628f84d11c1ecd8bdcf3f6b295ce608973edd41a41f8dadf9e6424ac81b4bca403
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(22025);
 script_version("1.33");
 script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

 script_cve_id(
  "CVE-2006-1301",
  "CVE-2006-1302",
  "CVE-2006-1304",
  "CVE-2006-1306",
  "CVE-2006-1308",
  "CVE-2006-1309",
  "CVE-2006-2388",
  "CVE-2006-3059",
  "CVE-2006-1316",
  "CVE-2006-1318",
  "CVE-2006-1540",
  "CVE-2006-2389"
 );
 script_bugtraq_id(
  18422,
  18853,
  18885,
  18886,
  18888,
  18889,
  18890,
  18910,
  18911,
  18912,
  18938
 );
 script_xref(name:"MSFT", value:"MS06-037");
 script_xref(name:"MSFT", value:"MS06-038");
 script_xref(name:"MSKB", value:"917284");
 script_xref(name:"MSKB", value:"917285");

 script_name(english:"MS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X)");
 script_summary(english:"Check for Excel 2004 and X");

 script_set_attribute(
  attribute:"synopsis",
  value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
 );
 script_set_attribute(
  attribute:"description",
  value:
"The remote host is running a version of Microsoft Office that is
affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have it open it with Microsoft Excel or
another Office application."
 );
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-037");
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-038");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-3059");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_cwe_id(94);

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/14");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/07/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2001:sr1:mac_os");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2023 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  off2004 = GetCarbonVersionCmd(file:"Microsoft Excel", path:"/Applications/Microsoft Office 2004");
  offX    = GetCarbonVersionCmd(file:"Microsoft Excel", path:"/Applications/Microsoft Office X");
  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:off2004);
   if ( buf !~ "^11" )
   buf = ssh_cmd(cmd:offX);
   ssh_close_connection();
  }
  else
  {
  buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));
  if ( buf !~ "^11" )
    buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", offX));
  }


 if ( buf =~ "^(10\.|11\.)" )
	{
	  vers = split(buf, sep:'.', keep:FALSE);
	  # < 10.1.7
	  if ( int(vers[0]) == 10 && ( int(vers[1]) < 1  || ( int(vers[1]) == 1 && int(vers[2]) < 7 ) ) ) security_warning(0);
	  else
          # < 11.2.5
	  if ( int(vers[0]) == 11 && ( int(vers[1]) < 2  || ( int(vers[1]) == 2 && int(vers[2]) < 5 ) ) ) security_warning(0);
	}
}

VendorProductVersionCPE
microsoftoffice2001cpe:/a:microsoft:office:2001:sr1:mac_os
microsoftoffice2004cpe:/a:microsoft:office:2004::mac

Vendor	Product	Version	CPE
microsoft	office	2001	cpe:/a:microsoft:office:2001:sr1:mac_os
microsoft	office	2004	cpe:/a:microsoft:office:2004::mac

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1301

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1302

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1304

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1306

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1308

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1309

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1318

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2388

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059

technet.microsoft.com/en-us/security/bulletin/ms06-037

technet.microsoft.com/en-us/security/bulletin/ms06-038

6.7 Medium

AI Score

Confidence

Low

JSON

Related for MACOSX_MS_06-037.NASL