Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_MS21_JUL_OFFICE.NASLHistoryJul 13, 2021 - 12:00 a.m.
Security Updates for Microsoft Office (July 2021) (macOS)
2021-07-1300:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
8.1 High
AI Score
Confidence
High
The Microsoft Office product installed on the remote host is missing security updates. It is, therefore, affected by a remote code execution vulnerability.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151610);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/29");
script_cve_id("CVE-2021-34501");
script_xref(name:"IAVA", value:"2021-A-0316-S");
script_xref(name:"IAVA", value:"2021-A-0314-S");
script_name(english:"Security Updates for Microsoft Office (July 2021) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft Office product installed on the remote host is affected by a remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The Microsoft Office product installed on the remote host is missing security updates. It is, therefore, affected by
a remote code execution vulnerability.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#july-13-2021
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75fedd49");
# https://docs.microsoft.com/en-us/officeupdates/update-history-office-for-mac
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?43ed1b90");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Microsoft Office for Mac.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-34501");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_office_installed.nbin");
script_require_keys("Host/MacOSX/Version", "installed_sw/Microsoft Excel");
exit(0);
}
include('vcf.inc');
var os = get_kb_item_or_exit('Host/MacOSX/Version');
var apps = make_list('Microsoft Excel');
var report = '';
#2019
var min_ver_19 = '16.17.0';
var fix_ver_19 = '16.51';
var fix_disp_19 = '16.51 (21071101)';
foreach var app (apps)
{
var installs = get_installs(app_name:app);
if (isnull(installs[1]))
continue;
foreach var install (installs[1])
{
var version = install['version'];
if (ver_compare(ver:version, minver:min_ver_19, fix:fix_ver_19, strict:FALSE) < 0)
{
var app_label = app + ' for Mac 2019';
report +=
'\n\n Product : ' + app_label +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix_disp_19;
}
}
}
if (empty(report))
audit(AUDIT_HOST_NOT, 'affected');
if (os =~ "^Mac OS X 10\.([0-9]([^0-9]|$)|1[0-3])")
report += '\n Note : Update will require Mac OS X 10.14.0 or later.\n';
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);
Related
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2021-07-13 07:00:00
cve
cve
CVE-2021-34501
2021-07-14 18:15:00
openvas
openvas
Microsoft Office Remote Code Execution Vulnerability (Jul 2021) - Mac OS X
2021-07-14 00:00:00
Microsoft Excel 2016 RCE Vulnerabilities (KB5001977)
2021-07-14 00:00:00
Microsoft Excel 2013 Service Pack 1 RCE Vulnerability (KB5001993)
2021-07-14 00:00:00
zdi
zdi
prion
prion
Remote code execution
2021-07-14 18:15:00
cnvd
cnvd
Microsoft Excel Remote Code Execution Vulnerability (CNVD-2021-54413)
2021-07-19 00:00:00
nessus
nessus
Security Updates for Microsoft Excel Products (July 2021)
2021-07-13 00:00:00
Security Updates for Microsoft Excel Products C2R (July 2021)
2022-06-10 00:00:00
Security Updates for Microsoft Office Web Apps (July 2021)
2021-07-13 00:00:00
mskb
mskb
kaspersky
kaspersky
KLA12220 Multiple vulnerabilities in Microsoft Office
2021-07-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2021
2021-07-13 20:56:26