MS07-023 / MS07-024 / MS07-025: Vulnerabilities in Microsoft Office Allow Remote Code Execution (934233 / 934232 / 934873) (Mac OS X)

#TRUSTED 288bc329029ec2cbd4bee74a23fd0526c866e98acf9b03087900659e8ad869cf579e5d2fe6fdb6838ba46af2c74a4ce6f5bb2dc877d35a8b95060cb3b25ef5c6ded97caad70d2c1ef8693a8281b9130800e96933916efeb53e0c941a18bf9ff5518c206f5986bbfac3d70540551dac8bac968af8f90a0d7cdce2576727d1efc91029beefb538c94b011bda85a6ec920ea3754cf8653a09bc53eb9e444ac4ce9a3fc14a09a51c9b93027ac9542263536d2a90eacc890fdb231a6b87a9ff817423c5a560cfc919fa88969540629c7c5714ecb284e3ea9c5f70e35db64077539e9360f77098c5461da3bf9706de5fabac144723b79517dfc29658898294ce67d57b0ebcbb25c7abac947797d4974d896bd35e17dcf198cc1b69e3273bbb0345f8793f7582fd1254966b0d2dd2814b2fbf1413e0b98d884ec7a55b467823ff4f62e8b5d59a4e736d8d34c0002a7ec4fbc4870e65f31c3c01cf4cdb9a74f4040cb8fd9a0ef2df3cae0e4d1052ac057023912528dad5dc24cd9808dabf66ca5602c0bb371bf5d0f1cd2554abc45f7566e7f4a17bc38c1ac2370cc1520b436750ffc0b7f0729b50871a2d0394db373aa731a9255540ce6c1c802c350e75d64df761fc166544d8a0b0c1ebc8bd6b78d448880dfc14f794d134897694fc8e21a310102cc92d0f013e751d84c38778552bd95c6f498f67c279a6c25ba0b7adabc3de2de8bb
#TRUST-RSA-SHA256 79a1f875afabc7d234ca7b676bd3c7c268095e0b67b716bddbf1ee6d12b3def2ae0a28431bdbe7ba399d3a7c8822c18d8023c4a063eb54afafeb0728058b75dba3fc31f6c5dfd9ef52d2258a7062269fc863d715c46c81166bf1d22b51b3cd66c75d2692e89b64a14e58a8cc06c52696838420ab6be9c2e8c804ff27b23b5e54ffe590d1e9cfa1faf9633dc24486d2ce6cb831b55b25b716571140f7a2c40b6d767800a23e8dee52a891aa65a44fea8956a36b4e003ee84c409198e424a5d573694ed9591b6aab0ed6199125346412b6d97cb7722995cd99dec3f38ba81b3c13500ebc24c8c781ec9b9354bef572db2f0611fa43fc14226a8e9ff8d690d6dff8eb264007dca9477f99a89fe8750644861d6439648a786254f63c9485c098055e4d8a4f0f68712710903957f9688dbd2783041ebc0f61b73f8085f89da38e552f8023eb5bcc70e2837bf91f3dee06b78bf0a7b6ae43ed4e1656ba3ac535cc7f32910e4655325a051abeb3ec18d146bb2c3c57a6f7be4ff3b282d55d0cab2fe59ba4673e57a23b21a79a34b734767a58d6ef84f2b867349d2c84a9b18301dedc617175f22a2cccf697c352f9a9492ac01e88e8e95df149a79399f4b01cebbfa94c6361ab2f784d8bf16d24b8b028c424642ab44b8eda25d71e49e79b1cdd736465135e46dd0fb10e80cab3c1ef83c2f08563db638242a8ec342e07495bbd9aa94d
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(25173);
 script_version("1.33");
 script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");

 script_cve_id(
  "CVE-2007-0035",
  "CVE-2007-0215",
  # "CVE-2007-0870",    Microsoft Office 2004 for Mac not impacted
  "CVE-2007-1202",
  "CVE-2007-1203",
  "CVE-2007-1214",
  "CVE-2007-1747"
 );
 script_bugtraq_id(23760, 23779, 23780, 23804, 23826, 23836);
 script_xref(name:"MSFT", value:"MS07-023");
 script_xref(name:"MSFT", value:"MS07-024");
 script_xref(name:"MSFT", value:"MS07-025");
 script_xref(name:"MSKB", value:"934232");
 script_xref(name:"MSKB", value:"934233");
 script_xref(name:"MSKB", value:"934873");

 script_name(english:"MS07-023 / MS07-024 / MS07-025: Vulnerabilities in Microsoft Office Allow Remote Code Execution (934233 / 934232 / 934873) (Mac OS X)");
 script_summary(english:"Check for Office 2004 and X");

 script_set_attribute(
  attribute:"synopsis",
  value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
 );
 script_set_attribute(
  attribute:"description",
  value:
"The remote host is running a version of Microsoft Office that is
affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have him open it with Microsoft Word, Excel or
another Office application."
 );
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-023");

 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-024");

 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-025");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-1747");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(399);

 script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/09");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/05/08");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/09");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2023 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



enable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  off2004 = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office");

  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:off2004);
   ssh_close_connection();
  }
  else
  buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));


 if ( buf =~ "^11\." )
	{
	  vers = split(buf, sep:'.', keep:FALSE);
	  if ( (int(vers[0]) == 11 && int(vers[1]) < 3)  ||
               (int(vers[0]) == 11 && int(vers[1]) == 3 && int(vers[2]) < 5 ) ) security_hole(0);
	}
}