Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_MS23_DEC_OFFICE.NASLHistoryDec 12, 2023 - 12:00 a.m.
Security Updates for Microsoft Office Products (Dec 2023) (macOS)
2023-12-1200:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
microsoft office
mac
dec 2023
information disclosure
spoofing
vulnerabilities
security updates
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%
The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the december-12-2023 advisory.
-
Microsoft Word Information Disclosure Vulnerability (CVE-2023-36009)
-
Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2023-35619)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(186806);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/12");
script_cve_id("CVE-2023-35619", "CVE-2023-36009");
script_xref(name:"IAVA", value:"2023-A-0686-S");
script_name(english:"Security Updates for Microsoft Office Products (Dec 2023) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft Office product installed on the remote host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as
referenced in the december-12-2023 advisory.
- Microsoft Word Information Disclosure Vulnerability (CVE-2023-36009)
- Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2023-35619)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#december-12-2023
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a5ec2923");
script_set_attribute(attribute:"solution", value:
"Update to Office for Mac version 16.80 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-35619");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-36009");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"patch_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_office_installed.nbin");
script_require_keys("Host/MacOSX/Version");
script_require_ports("installed_sw/Microsoft Outlook", "installed_sw/Microsoft Word");
exit(0);
}
include('vcf_extras_office.inc');
var apps = make_list(
'Microsoft Outlook',
'Microsoft Word'
);
var app_info = vcf::microsoft::office_for_mac::get_app_info(apps:apps);
var constraints = [
{ 'fixed_version' : '16.80', 'fixed_display' : 'Version 16.80 (Build 23121017)' }
];
vcf::microsoft::office_for_mac::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Related
openvas
openvas
Microsoft Office for Mac Multiple Vulnerabilities (Dec 2023) - Mac OS X
2023-12-13 00:00:00
Microsoft Word 2016 Information Disclosure Vulnerability (KB5002520)
2023-12-13 00:00:00
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2023)
2023-12-13 00:00:00
kaspersky
kaspersky
KLA62391 Multiple vulnerabilities in Microsoft Office
2023-12-12 00:00:00
nvd
nvd
CVE-2023-35619
2023-12-12 18:15:16
CVE-2023-36009
2023-12-12 18:15:21
cve
cve
CVE-2023-36009
2023-12-12 18:15:21
CVE-2023-35619
2023-12-12 18:15:16
cvelist
cvelist
CVE-2023-35619 Microsoft Outlook for Mac Spoofing Vulnerability
2023-12-12 18:10:56
CVE-2023-36009 Microsoft Word Information Disclosure Vulnerability
2023-12-12 18:10:41
prion
prion
Information disclosure
2023-12-12 18:15:00
Spoofing
2023-12-12 18:15:00
mskb
mskb
nessus
nessus
Security Updates for Microsoft Word Products C2R (December 2023)
2023-12-14 00:00:00
Security Updates for Microsoft Word Products (December 2023)
2023-12-12 00:00:00
mscve
mscve
Microsoft Word Information Disclosure Vulnerability
2023-12-12 08:00:00
Microsoft Outlook for Mac Spoofing Vulnerability
2023-12-12 08:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2023
2023-12-12 21:06:54
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.8%
Related for MACOS_MS23_DEC_OFFICE.NASL