CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
87.4%
The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by remote code execution vulnerabilities in the Microsoft Word software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary commands.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include('compat.inc');
if (description)
{
script_id(125953);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2019-1034", "CVE-2019-1035");
script_xref(name:"CEA-ID", value:"CEA-2019-0430");
script_name(english:"Security Update for Microsoft Office (June 2019) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote macOS or Mac OS X host is affected by remote code execution vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is,
therefore, affected by remote code execution vulnerabilities in the Microsoft Word software due to improper handling of
objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially
crafted file, to execute arbitrary commands.");
# https://docs.microsoft.com/en-us/officeupdates/release-notes-office-2016-mac#june-2019-release
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad3546bb");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Microsoft Office for Mac.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1035");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2019/06/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:outlook");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:onenote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_office_installed.nbin");
script_require_keys("Host/MacOSX/Version");
script_require_ports("installed_sw/Microsoft Word", "installed_sw/Microsoft Excel", "installed_sw/Microsoft PowerPoint", "installed_sw/Microsoft OneNote", "installed_sw/Microsoft Outlook");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('install_func.inc');
include('vcf.inc');
os = get_kb_item_or_exit('Host/MacOSX/Version');
apps = make_list(
'Microsoft Word',
'Microsoft Excel',
'Microsoft PowerPoint',
'Microsoft OneNote',
'Microsoft Outlook'
);
report = '';
#2016
min_ver_16 = '16';
fix_ver_16 = '16.16.11';
fix_disp_16 = '16.16.11 (19060902)';
#2019
min_ver_19 = '16.17.0';
fix_ver_19 = '16.26';
fix_disp_19 = '16.26 (19060901)';
foreach app (apps)
{
installs = get_installs(app_name:app);
if (isnull(installs[1]))
continue;
foreach install (installs[1])
{
version = install['version'];
if (ver_compare(ver:version, minver:min_ver_19, fix:fix_ver_19, strict:FALSE) < 0)
{
app_label = app + ' for Mac 2019';
report +=
'\n\n Product : ' + app_label +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix_disp_19;
}
else if (ver_compare(ver:version, minver:min_ver_16, fix:fix_ver_16, strict:FALSE) < 0)
{
app_label = app + ' for Mac 2016';
report +=
'\n\n Product : ' + app_label +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix_disp_16;
}
}
}
if (empty(report))
audit(AUDIT_HOST_NOT, 'affected');
if (os =~ "^Mac OS X 10\.[0-9](\.|$)")
report += '\n Note : Update will require Mac OS X 10.10.0 or later.\n';
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
87.4%