The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.
To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it with Microsoft Word, Excel or another Office application.
#TRUSTED 288bc329029ec2cbd4bee74a23fd0526c866e98acf9b03087900659e8ad869cf579e5d2fe6fdb6838ba46af2c74a4ce6f5bb2dc877d35a8b95060cb3b25ef5c6ded97caad70d2c1ef8693a8281b9130800e96933916efeb53e0c941a18bf9ff5518c206f5986bbfac3d70540551dac8bac968af8f90a0d7cdce2576727d1efc91029beefb538c94b011bda85a6ec920ea3754cf8653a09bc53eb9e444ac4ce9a3fc14a09a51c9b93027ac9542263536d2a90eacc890fdb231a6b87a9ff817423c5a560cfc919fa88969540629c7c5714ecb284e3ea9c5f70e35db64077539e9360f77098c5461da3bf9706de5fabac144723b79517dfc29658898294ce67d57b0ebcbb25c7abac947797d4974d896bd35e17dcf198cc1b69e3273bbb0345f8793f7582fd1254966b0d2dd2814b2fbf1413e0b98d884ec7a55b467823ff4f62e8b5d59a4e736d8d34c0002a7ec4fbc4870e65f31c3c01cf4cdb9a74f4040cb8fd9a0ef2df3cae0e4d1052ac057023912528dad5dc24cd9808dabf66ca5602c0bb371bf5d0f1cd2554abc45f7566e7f4a17bc38c1ac2370cc1520b436750ffc0b7f0729b50871a2d0394db373aa731a9255540ce6c1c802c350e75d64df761fc166544d8a0b0c1ebc8bd6b78d448880dfc14f794d134897694fc8e21a310102cc92d0f013e751d84c38778552bd95c6f498f67c279a6c25ba0b7adabc3de2de8bb
#TRUST-RSA-SHA256 79a1f875afabc7d234ca7b676bd3c7c268095e0b67b716bddbf1ee6d12b3def2ae0a28431bdbe7ba399d3a7c8822c18d8023c4a063eb54afafeb0728058b75dba3fc31f6c5dfd9ef52d2258a7062269fc863d715c46c81166bf1d22b51b3cd66c75d2692e89b64a14e58a8cc06c52696838420ab6be9c2e8c804ff27b23b5e54ffe590d1e9cfa1faf9633dc24486d2ce6cb831b55b25b716571140f7a2c40b6d767800a23e8dee52a891aa65a44fea8956a36b4e003ee84c409198e424a5d573694ed9591b6aab0ed6199125346412b6d97cb7722995cd99dec3f38ba81b3c13500ebc24c8c781ec9b9354bef572db2f0611fa43fc14226a8e9ff8d690d6dff8eb264007dca9477f99a89fe8750644861d6439648a786254f63c9485c098055e4d8a4f0f68712710903957f9688dbd2783041ebc0f61b73f8085f89da38e552f8023eb5bcc70e2837bf91f3dee06b78bf0a7b6ae43ed4e1656ba3ac535cc7f32910e4655325a051abeb3ec18d146bb2c3c57a6f7be4ff3b282d55d0cab2fe59ba4673e57a23b21a79a34b734767a58d6ef84f2b867349d2c84a9b18301dedc617175f22a2cccf697c352f9a9492ac01e88e8e95df149a79399f4b01cebbfa94c6361ab2f784d8bf16d24b8b028c424642ab44b8eda25d71e49e79b1cdd736465135e46dd0fb10e80cab3c1ef83c2f08563db638242a8ec342e07495bbd9aa94d
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(25173);
script_version("1.33");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
"CVE-2007-0035",
"CVE-2007-0215",
# "CVE-2007-0870", Microsoft Office 2004 for Mac not impacted
"CVE-2007-1202",
"CVE-2007-1203",
"CVE-2007-1214",
"CVE-2007-1747"
);
script_bugtraq_id(23760, 23779, 23780, 23804, 23826, 23836);
script_xref(name:"MSFT", value:"MS07-023");
script_xref(name:"MSFT", value:"MS07-024");
script_xref(name:"MSFT", value:"MS07-025");
script_xref(name:"MSKB", value:"934232");
script_xref(name:"MSKB", value:"934233");
script_xref(name:"MSKB", value:"934873");
script_name(english:"MS07-023 / MS07-024 / MS07-025: Vulnerabilities in Microsoft Office Allow Remote Code Execution (934233 / 934232 / 934873) (Mac OS X)");
script_summary(english:"Check for Office 2004 and X");
script_set_attribute(
attribute:"synopsis",
value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is running a version of Microsoft Office that is
affected by various flaws that may allow arbitrary code to be run.
To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have him open it with Microsoft Word, Excel or
another Office application."
);
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-023");
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-024");
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-025");
script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-1747");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(399);
script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/09");
script_set_attribute(attribute:"patch_publication_date", value:"2007/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2023 Tenable Network Security, Inc.");
script_family(english:"MacOS X Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/MacOSX/packages");
exit(0);
}
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
enable_ssh_wrappers();
uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
off2004 = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office");
if ( ! islocalhost() )
{
ret = ssh_open_connection();
if ( ! ret ) exit(0);
buf = ssh_cmd(cmd:off2004);
ssh_close_connection();
}
else
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));
if ( buf =~ "^11\." )
{
vers = split(buf, sep:'.', keep:FALSE);
if ( (int(vers[0]) == 11 && int(vers[1]) < 3) ||
(int(vers[0]) == 11 && int(vers[1]) == 3 && int(vers[2]) < 5 ) ) security_hole(0);
}
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1747
technet.microsoft.com/en-us/security/bulletin/ms07-023
technet.microsoft.com/en-us/security/bulletin/ms07-024
technet.microsoft.com/en-us/security/bulletin/ms07-025