Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_MS19_FEB_OFFICE.NASL
HistoryFeb 15, 2019 - 12:00 a.m.

Security Update for Microsoft Office (Feb 2019) (macOS)

2019-02-1500:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a vulnerability that allows remote attackers to bypass authentication to execute an arbitrary command through the protocol- compliant traffic.

#
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#


include("compat.inc");

if (description)
{
  script_id(122247);
  script_version("1.3");
  script_cvs_date("Date: 2019/10/31 15:18:51");

  script_cve_id("CVE-2019-0669");
  script_bugtraq_id(106897);

  script_name(english:"Security Update for Microsoft Office (Feb 2019) (macOS)");
  script_summary(english:"Checks the version of Microsoft Office.");

  script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Office application installed on the remote macOS
or Mac OS X host is missing a security update. It is, therefore,
affected by a vulnerability that allows remote attackers to bypass 
authentication to execute an arbitrary command through the protocol-
compliant traffic.");
  # https://docs.microsoft.com/en-us/officeupdates/release-notes-office-2016-mac#febuary-2019-release
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02575771");
  # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0669
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ef42b2d");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Microsoft Office for
Mac.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0669");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel_for_mac");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:outlook");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:onenote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_office_installed.nbin");
  script_require_keys("Host/MacOSX/Version");
  script_require_ports("installed_sw/Microsoft Word", "installed_sw/Microsoft Excel", "installed_sw/Microsoft PowerPoint", "installed_sw/Microsoft OneNote", "installed_sw/Microsoft Outlook");

  exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
include("vcf.inc");

get_kb_item_or_exit("Host/MacOSX/Version");

apps = make_list(
  "Microsoft Word",
  "Microsoft Excel",
  "Microsoft PowerPoint",
  "Microsoft OneNote",
  "Microsoft Outlook"
);

report = '';

#2016
min_ver_16 = '16';
fix_ver_16 = '16.16.7';
fix_disp_16 = '16.16.7 (19021001)';

#2019
min_ver_19 = '16.17.0';
fix_ver_19 = '16.22.0';
fix_disp_19 = '16.22.0 (19021100)';

os = get_kb_item_or_exit("Host/MacOSX/Version");

for(i = 0; i < len(apps); i++)
{
  app = apps[i];
  installs = get_installs(app_name:app);
  if (isnull(installs[1])) continue;

  for(j = 0; j < len(installs[1]); j++)
  {
    install = installs[1][j];
    version = install['version'];
    
    if (ver_compare(ver:version, minver:min_ver_19, fix:fix_ver_19, strict:FALSE) < 0)
    {
      app_label = app + ' for Mac 2019';
      report +=
        '\n\n  Product           : ' + app_label +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix_disp_19;
    }
    else if (ver_compare(ver:version, minver:min_ver_16, fix:fix_ver_16, strict:FALSE) < 0)
    {
      app_label = app + ' for Mac 2016';
      report +=
        '\n\n  Product           : ' + app_label +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix_disp_16;
    }
  }
}
if (empty(report))
  audit(AUDIT_HOST_NOT, "affected");

if (os =~ "^Mac OS X 10\.[0-9](\.|$)")
  report += '\n  Note              : Update will require Mac OS X 10.10.0 or later.\n';

security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
VendorProductVersionCPE
applemac_os_xcpe:/o:apple:mac_os_x
microsoftofficecpe:/a:microsoft:office
microsoftexcel_for_maccpe:/a:microsoft:excel_for_mac
microsoftwordcpe:/a:microsoft:word
microsoftexcelcpe:/a:microsoft:excel
microsoftpowerpointcpe:/a:microsoft:powerpoint
microsoftoutlookcpe:/a:microsoft:outlook
microsoftonenotecpe:/a:microsoft:onenote

Related

prion 1
mskb 6
openvas 8
mscve 1
nessus 5
symantec 1
cve 1
checkpoint_advisories 1
kaspersky 1
prion
prion
Information disclosure
2019-03-05 23:29:00
mskb
mskb
Description of the security update for Excel 2010: February 12, 2019
2019-02-12 08:00:00
Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: February 12, 2019
2019-02-12 08:00:00
Description of the security update for Excel 2013: February 12, 2019
2019-02-12 08:00:00
openvas
openvas
Microsoft Office Compatibility Pack Service Pack 3 Security Feature Bypass Vulnerability (KB4461607)
2019-02-13 00:00:00
Microsoft Excel 2010 Service Pack 2 Security Feature Bypass Vulnerability (KB4462186)
2019-02-13 00:00:00
Microsoft Excel 2013 Service Pack 1 Information Disclosure Vulnerability (KB4461597)
2019-02-13 00:00:00
mscve
mscve
Microsoft Excel Information Disclosure Vulnerability
2019-02-12 08:00:00
nessus
nessus
Security Updates for Microsoft Excel Products (February 2019)
2019-02-12 00:00:00
Security Updates for Microsoft Excel Products C2R (February 2019)
2022-06-10 00:00:00
Security Updates for Microsoft Office Viewers And Compatibility Products (February 2019)
2019-02-19 00:00:00
symantec
symantec
Microsoft Excel CVE-2019-0669 Information Disclosure Vulnerability
2019-02-12 00:00:00
cve
cve
CVE-2019-0669
2019-03-05 23:29:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Information Disclosure (CVE-2019-0669)
2019-02-12 00:00:00
kaspersky
kaspersky
KLA11417 Multiple vulnerabilities in Microsoft Office
2019-02-12 00:00:00
JSON
Related for MACOS_MS19_FEB_OFFICE.NASL
prion1mskb6openvas8mscve1nessus5symantec1cve1checkpoint_advisories1kaspersky1