MS07-014 / MS07-015: Vulnerabilities in Microsoft Word and Office Could Allow Remote Code Execution (929434 / 932554) (Mac OS X)

2007-02-13T00:00:00
ID MACOSX_MS_OFFICE_FEB2006.NASL
Type nessus
Reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
Modified 2007-02-13T00:00:00

Description

The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Word or another Office application.

                                        
                                            #TRUSTED 24a2cbf620ab560005de5fb3065b20b62b4c0a7b3a1d6e7f8f48a80319b0eea52468a5e6ab3dab2e8d92ed33a13835202c771e0bfc8f43f9be1ccd3964eb8e6bdd4e90ec8cf7aa990dc1eb5c3664209a70afc4af6d51e3e6e32a42c7f3e7f305b7a938be61bbebdd729fa51e0391d73443edb6a9df53244c9bbf96d7c3101a2f53f7decc0e5fd284b5b4d338cebb8e1cf137a1550b4036626764200d385629a9da888f1d5bb27c64a02d9c2c9281a7ecc4a062c3e3ff9c298cbb31b2851638860712357f68b6b6004ffd474f6de2385f874a30f8e5c6f64a7216e2e5b3385c8508cd8cf5dfda9b96e126ae954b7067615ae088dfd76d2485c11b29a15a64a67ff52dcfdc720a47521db1f3cb4683e71cdf6a06d255db5502d2c01b0b04ffcca5a279acc8e7dabc255c4fca86fc3a034914026e82c205b16dd33206038fc35efa3361726d3c29c8296b63795ce1a20d63a2f6fb265ab57709270107b7e7bda421d2ed37912739381687b52861e1f371995087ecb49bf1a8ca99ab4a4238fc643fe0388990d72722813309abe608d0a079d482a3f33f8428dbc5de60265c246a46c13bb30182e9baf3519d4596a7096ecf42877747e40ae3b70c0536a8aa7687394f21bc4190d22d618cd99c6ed54886b549f652f046a64537257a21809e5bb08ca7ab9a358121f9c326199a871f76e5af01512f8026da75e6868243d4cb246a69
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(24328);
 script_version("1.25");
 script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

 script_cve_id(
  "CVE-2006-3877",
  "CVE-2006-5994",
  "CVE-2006-6456",
  "CVE-2006-6561",
  "CVE-2007-0208",
  "CVE-2007-0209",
  "CVE-2007-0515",
  "CVE-2007-0671"
 );
 script_bugtraq_id(20325, 21451, 21518, 21589, 22225, 22383, 22477, 22482);
 script_xref(name:"MSFT", value:"MS07-014");
 script_xref(name:"MSFT", value:"MS07-015");
 script_xref(name:"MSKB", value:"929434");
 script_xref(name:"MSKB", value:"932554");

 script_name(english:"MS07-014 / MS07-015: Vulnerabilities in Microsoft Word and Office Could Allow Remote Code Execution (929434 / 932554) (Mac OS X)");
 script_summary(english:"Checks version of Word 2004");

 script_set_attribute(
  attribute:"synopsis",
  value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
 );
 script_set_attribute(
  attribute:"description",
  value:
"The remote host is running a version of Microsoft Office that is
affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have it open it with Microsoft Word or another
Office application."
 );
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-014");
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-015");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_cwe_id(94);

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/10");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/02/17");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  off2004 = GetCarbonVersionCmd(file:"Microsoft Word", path:"/Applications/Microsoft Office 2004");
  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:off2004);
   ssh_close_connection();
  }
  else
  buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));


 if ( buf =~ "^11\." )
	{
	  vers = split(buf, sep:'.', keep:FALSE);
          # < 11.3.4
	  if ( int(vers[0]) == 11 && ( int(vers[1]) < 3  || ( int(vers[1]) == 3 && int(vers[2]) < 4 ) ) ) security_hole(0);
	}
}