The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.
To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Word, Excel, PowerPoint or another Office application.
#TRUSTED 1816673e5bf1ae10b437bccec4783053d1d45107a1b975a347c46547f4cdf0a0d0f54b1c60143d96e7c64bd1a65613507874378df66601133eed8e611659eb08178617b67d50635e0d5dd4b4d969f3cfaaec01a6385ec0cf3a062d6a1dbe4f3637f795c8ed40b63da94b114f51b2417a77e6184c64083b9a1f23f6f709e2124f90d2c079a1439acaf0e5bb48bcb5c68f9f03a1a0faaf5ff971e50c07d78d6b2595ad21b58eb03663da31078b81eaf06fdefa962fba6e7b97dddd34bf2cbc688f62baebb6c5f72f1fdcbd1a7bad31202e0cc1881f084682fc8f5ba0d9dc0363d613da7cf46cc180b68cdc57701879a224467f4c4623aaaddb0d47f664e0a39c8eb4d5d296f075dca8c4c33e5109567583950d130d4b6f9f6cb7cb118de93730f6d4657b5e7f2410942a1e81a8426de46600d81b13f1543ddfb58055249d420cc9edec91ac84e0c59759570add3ddc293e56522dc3b6a01a94fd01ea2d9d9388816da078f084f9682b1cfcdfe32970ecb231b343e2ca861ec26d4b2499fe8e5fddb2762f9ab4e34d150c1f3c9ab8978bd34f26ea882f1dd005d90ae46e583ec7b783d1b8e64daea5d0263a064e50e98676cdcebc2d9f628b7136798bb690f338e71d3d1e55384093fd39bc9f56ea0535ebcdc4b3d6296b69c65a332ea6e6dead39da89e8cb34925965a86d63f7e2ce0fcbd2718509166d05e7730d0c53c0107f70
#TRUST-RSA-SHA256 85b5ad54d5f4398cd0521f0a73dc11810b40f4de7d568a373c07ed85a3cf906d272bb4919c9f9835567321b3137d9ae5301db9cb8ba7c543bad6615b4daa00cbd27fd35f90c3738a6a11d2df78870178e7f61f1a71e4de454fc2430c1370cbe22b02385df73f7990f84571c872924fa0ea35b421b7334dd93d50b7324e24c94845839110fec196b2337505d968491b1ca373586a6a7d692d699600ac289cdb060dc94c298fa420c097595e75dadf92a70ba2fe7b503ab3519aa5416a604797a4ec18d01378ba0dd94b9ae1778c3a371c215a57ed5154a5305c6d4f77b8cd8ad54c63c1a66d69298430a1a5fb3155c9fa9e634f67b8bd9f5e95fcada5241c1dc0860888e6e966e688a879c536e09e2081a1c66fb873e151ea3bb5f0dd1a8b62479b28d901db57bbb48ba277a8dc8039cfe2c368e9326e103d7c70ac9a62281699fb3f8e4dc1c3b1dde8385ad4f633dd3e3475a23acc12bcb120dc3d49e50aaeca1ea0be4ec5fa2ecd92a90f082733a43fa84d81f3dac0b4710d35dfba17ff509634faaa44bde7e746f33fe4fa63cb221fc3a4e968cfdf035fa2098d18bdc2153905378bab95ab6ef09deddf0eb89fff3ae5d0133d17f0746fe53f1c92da97ec91a13039e22e470c61ff062474e0f7309ddddf6ecda3cb16b883cbffef2e8b3590a10909076ec1424827e02bc2a3c49c6e940ca85d9634ee738643502ce9d77c24
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(22539);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
# "CVE-2006-3435",
"CVE-2006-3876",
"CVE-2006-3877",
"CVE-2006-4694",
"CVE-2006-2387",
"CVE-2006-3431",
"CVE-2006-3867",
"CVE-2006-3875",
"CVE-2006-3647",
# "CVE-2006-3651",
# "CVE-2006-4534",
"CVE-2006-4693",
"CVE-2006-3434",
"CVE-2006-3650",
"CVE-2006-3864"
# "CVE-2006-3868"
);
script_bugtraq_id(
18872,
20226,
20322,
20325,
20341,
20344,
20345,
20382,
20383,
20384,
20391
);
script_xref(name:"MSFT", value:"MS06-058");
script_xref(name:"MSFT", value:"MS06-059");
script_xref(name:"MSFT", value:"MS06-060");
script_xref(name:"MSFT", value:"MS06-062");
script_xref(name:"MSKB", value:"924163");
script_xref(name:"MSKB", value:"924164");
script_xref(name:"MSKB", value:"924554");
script_xref(name:"MSKB", value:"922581");
script_name(english:"MS06-058 / MS06-059 / MS06-0060 / MS06-062: Vulnerabilities in Microsoft Office Allow Remote Code Execution (924163 / 924164 / 924554 / 922581) (Mac OS X)");
script_summary(english:"Check for Office 2004 and X");
script_set_attribute(
attribute:"synopsis",
value:
"An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is running a version of Microsoft Office that is
affected by various flaws that may allow arbitrary code to be run.
To succeed, the attacker would have to send a rogue file to a user of
the remote computer and have it open it with Microsoft Word, Excel,
PowerPoint or another Office application."
);
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-058");
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-059");
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-060");
script_set_attribute(attribute:"see_also", value:"http://technet.microsoft.com/en-us/security/bulletin/ms06-062");
script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Office for Mac OS X.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-4694");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_cwe_id(94);
script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/03");
script_set_attribute(attribute:"patch_publication_date", value:"2006/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2001:sr1:mac_os");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office:2004::mac");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2023 Tenable Network Security, Inc.");
script_family(english:"MacOS X Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/MacOSX/packages");
exit(0);
}
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
enable_ssh_wrappers();
uname = get_kb_item("Host/uname");
if ( egrep(pattern:"Darwin.*", string:uname) )
{
off2004 = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office 2004/Office");
offX = GetCarbonVersionCmd(file:"Microsoft Component Plugin", path:"/Applications/Microsoft Office X/Office");
if ( ! islocalhost() )
{
ret = ssh_open_connection();
if ( ! ret ) exit(0);
buf = ssh_cmd(cmd:off2004);
if ( buf !~ "^11" ) buf = ssh_cmd(cmd:offX);
ssh_close_connection();
}
else
{
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", off2004));
if ( buf !~ "^11" )
buf = pread_wrapper(cmd:"/bin/bash", argv:make_list("bash", "-c", offX));
}
if ( buf =~ "^(10\.|11\.)" )
{
vers = split(buf, sep:'.', keep:FALSE);
# < 10.1.8
if ( int(vers[0]) == 10 && ( int(vers[1]) < 1 || ( int(vers[1]) == 1 && int(vers[2]) < 8 ) ) ) security_hole(0);
else
# < 11.3.0
if ( int(vers[0]) == 11 && int(vers[1]) < 3 ) security_hole(0);
}
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3647
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3875
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3877
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4694
technet.microsoft.com/en-us/security/bulletin/ms06-058
technet.microsoft.com/en-us/security/bulletin/ms06-059
technet.microsoft.com/en-us/security/bulletin/ms06-060
technet.microsoft.com/en-us/security/bulletin/ms06-062