MS07-023 / MS07-024 / MS07-025: Vulnerabilities in Microsoft Office Allow Remote Code Execution (934233 / 934232 / 934873) (Mac OS X)

2007-05-09T00:00:00
ID MACOSX_MS_OFFICE_MAY2007.NASL
Type nessus
Reporter Tenable
Modified 2018-07-14T00:00:00

Description

The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it with Microsoft Word, Excel or another Office application.

                                        
                                            #TRUSTED 9b0160e692fa250dc2bb84b8fd390070eb263724fdcdf341f766a19ec3ae564ad7a1a85d179dddbebe8c92e41b9d6b89949fbeeb983fb1ca768ae2a5dcc05833c870cccc4059878fbd17df63875edcde323861a83ccb753fd94f799a7c110d5fa1ea4e2bb209cf37874b107149375d23e3a38f5ddaaf53b8a36e7d0c213f26f55ce2651f03f4eae5ae1a798155c6206bc5d9798b46a4a296ee67cb4672287cf56042903c159c18f313cb9d017bf6237f5a56bff6e5a7a899be25c8fdea2c53debaacc02cb13d0d313d0d768e7ac0b0d74d999736fba0b93915cb4c611183458d5928da30a219a8720283f9786dabd7a6143e28ebe0d9265167545970fc40610289e6dfec4f3bca0ee0da8160bf1209aa071e2aa76c23d453ac2a76ddc773ecc38d118acb303e39ed74360f87b178a843107d06ea8b6d2c11056f3c1eca313116d7f2c7381b6fb4d6e8f1bbe18fd962ae3de206ef5af89c3fb89be3fcf07179c77680286c476d6c2a293a3994178e3756708189c79f25db27643facd9d781c602d848918fe0de0b91779d6ef15275fcd2b30890f0445df13e0ad7129d0d283d009e09121cd14efefcdbe4f5160dfb1b4e8dec3d395e078c09d7903d9f27ddad5a7d98471bbfed9881f405754133d475ce9cde63c1d41bf933ab44e5ad8059e8207e07dda2cf3e3f83edf3726052aa2803b0e16097687d1a2bab54fbdc966c6477
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(25173);
 script_version("1.29");
 script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14");

 script_cve_id(
  "CVE-2007-0035",
  "CVE-2007-0215",
  # "CVE-2007-0870",    Microsoft Office 2004 for Mac not impacted
  "CVE-2007-1202",
  "CVE-2007-1203",
  "CVE-2007-1214",
  "CVE-2007-1747"
 );
 script_bugtraq_id(23760, 23779, 23780, 23804, 23826, 23836);
 script_xref(name:"MSFT", value:"MS07-023");
 script_xref(name:"MSFT", value:"MS07-024");
 script_xref(name:"MSFT", value:"MS07-025");
 script_xref(name:"MSKB", value:"934232");
 script_xref(name:"MSKB", value:"934233");
 script_xref(name:"MSKB", value:"934873");

 script_name(english:"MS07-023 / MS07-024 / MS07-025: Vulnerabilities in Microsoft Office Allow Remote Code Execution (934233 / 934232 / 934873) (Mac OS X)");
 script_summary(english:"Check for Office 2004 and X");

 script_set_attribute(
  attribute:"synopsis",
  value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
 );
 script_set_attribute(
  attribute:"description",
  value:
"The remote host is running a version of Microsoft Office that is
affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have him open it with Microsoft Word, Excel or
another Office application."
 );
 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-023");

 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-024");

 script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms07-025");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(399);

 script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/09");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/05/08");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/09");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"MacOS X Local Security Checks");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
  off2004 = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office");

  if ( ! islocalhost() )
  {
   ret = ssh_open_connection();
   if ( ! ret ) exit(0);
   buf = ssh_cmd(cmd:off2004);
   ssh_close_connection();
  }
  else
  buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));


 if ( buf =~ "^11\." )
	{
	  vers = split(buf, sep:'.', keep:FALSE);
	  if ( (int(vers[0]) == 11 && int(vers[1]) < 3)  ||
               (int(vers[0]) == 11 && int(vers[1]) == 3 && int(vers[2]) < 5 ) ) security_hole(0);
	}
}