Vulners
Lucene search
Microsoft Office Detection
| Source | Link |
|---|---|
| products | www.products.office.com/en-US/ |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include("compat.inc");
if (description)
{
script_id(27524);
script_version("1.175");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/24");
script_xref(name:"IAVT", value:"0001-T-0505");
script_name(english:"Microsoft Office Detection");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an office suite.");
script_set_attribute(attribute:"description", value:
"Microsoft Office is installed on the remote host.");
script_set_attribute(attribute:"see_also", value:"https://products.office.com/en-US/");
# https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fd4508ff");
# https://docs.microsoft.com/en-us/officeupdates/update-history-office-2019
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?42ab6861");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:project");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_set_attribute(attribute:"asset_inventory_category", value:"software_enumeration");
script_set_attribute(attribute:"agent", value:"windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2007-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_nt_ms02-031.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include("install_func.inc");
include("smb_hotfixes_fcheck.inc");
include("office_channel.inc");
include("debug.inc");
include("collection_metadata.inc");
get_kb_item_or_exit('SMB/Registry/Enumerated');
if (empty_or_null(get_kb_list('SMB/Office/*/*/ProductPath')))
exit(0, 'No instances of Office were found.');
function _retrieve_file_version(path)
{
var fversion, ver, error;
fversion = hotfix_get_fversion(path:path);
error = hotfix_handle_error(error_code:fversion['error'], file:path);
if(error) dbg::detailed_log(lvl:2, msg:error);
if (!isnull(fversion.version))
return fversion.version;
return NULL;
}
function _append_to_files_info(&files_info, officever, path)
{
var ver, file_path;
var fn = '_append_to_files_info';
if (!empty_or_null(path))
{
ver = _retrieve_file_version(path:path);
if (!empty_or_null(ver))
{
office_channel::dbg_log(fn:fn, lvl:3, msg:'File: ' + path + '\nVersion: ' + ver);
var timestamp = hotfix_get_timestamp(path: path);
var size = hotfix_get_size(path: path);
file_path = str_replace(string:path, find:"\\", replace:"\");
var collect = new collection_metadata::collection_metadata();
collect.track_windows_pe_version(
path: file_path,
size: size.value,
last_modified: timestamp.value
);
var properties = {'path': file_path, 'version': ver};
properties['version_file'] = serialize(collect.get_metadata(field:'version_file'));
properties['collect_methods'] = serialize(collect.get_collect_methods());
delete collect;
if (isnull(files_info[officever]))
files_info[officever] = [];
append_element(var:files_info[officever], value:properties);
}
return NULL;
}
}
function register_officecommonfiles(major_ver)
{
var commonfilesdir, files = [], file, bitness;
var fn = 'register_officecommonfiles';
if (empty_or_null(major_ver))
{
office_channel::dbg_log(fn:fn, lvl:3, msg:'Missing required argument: \'major_ver\'.');
return NULL;
}
commonfilesdir = hotfix_get_officecommonfilesdir(officever:major_ver+'.0');
if (empty_or_null(commonfilesdir))
{
office_channel::dbg_log(fn:fn, lvl:3, msg:'Failed to retrieve Office Common Files directory. Files under Office Common Files directory won\'t be registered.');
return NULL;
}
files = ['acecore.dll', 'acees.dll', 'aceexcl.dll', 'csi.dll', 'eqnedt32.exe',
'mso20win32client.dll', 'mso299lwin32client.dll', 'mso30win32client.dll', 'mso40uiwin32client.dll',
'mso99lres.dll', 'mso99lwin32client.dll', 'mso.dll', 'msptls.dll', 'ogl.dll',
'osf.dll', 'riched20.dll', 'vbe7.dll', 'olicenseheartbeat.exe'];
foreach file (files)
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(commonfilesdir, "\Microsoft Shared\Office", major_ver, "\", file));
if ( major_ver == '16' )
{
bitness = get_kb_item("SMB/Office/16.0/Bitness");
if (!isnull(bitness))
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat("C:\Program Files (", bitness, ")\Microsoft Office\root\VFS\ProgramFilesCommon", bitness, "\Microsoft Shared\Office16\mso.dll"));
}
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(commonfilesdir, "\Microsoft Shared\EURO\msoeuro.dll"));
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(commonfilesdir, "\Microsoft Shared\PROOF\mssp3gl.dll"));
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(commonfilesdir, "\Microsoft Shared\Source Engine\ose.exe"));
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(commonfilesdir, "\Microsoft Shared\OFFICE", major_ver, "\Office Setup Controller\osetup.dll"));
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(commonfilesdir, "\Microsoft Shared\VBA\VBA7.1\vbe7.dll"));
}
function register_officeprogramfiles(major_ver)
{
var programfilesdir, files = [], file;
var fn = 'register_officeprogramfiles';
if (empty_or_null(major_ver))
{
office_channel::dbg_log(fn:fn, lvl:3, msg:'Missing required argument: \'major_ver\'.');
return NULL;
}
programfilesdir = hotfix_get_officeprogramfilesdir(officever:major_ver+'.0');
if (empty_or_null(programfilesdir))
{
office_channel::dbg_log(fn:fn, lvl:3, msg:'Failed to retrieve Office Program Files Directory. Files under Office Program Files directory won\'t be registered.');
return NULL;
}
files = ['chart.dll', 'gdiplus.dll', 'gkexcel.dll', 'graph.exe', 'igx.dll',
'ipeditor.dll', 'msohev.dll', 'oartconv.dll', 'oart.dll', 'offowc.dll',
'osfproxy.dll', 'usp10.dll', 'wwlibcxm.dll', 'wwlib.dll', 'lync.exe',
'onenote.exe', 'onenotesyncpc.dll', 'ppcore.dll', 'wordcnv.dll', 'msrtedit.dll',
'css7data0009.dll', 'stslist.dll'];
foreach file (files)
{
if ( major_ver == '16' && get_kb_item('SMB/Office/16.0/Channel') != 'MSI' )
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(programfilesdir, "\Microsoft Office\root\Office16\", file));
else
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(programfilesdir, "\Microsoft Office\Office", major_ver, "\", file));
}
_append_to_files_info(files_info:files_info, officever:'15', path:strcat(programfilesdir, "\Microsoft Office\Office15\DCF\office.dll"));
_append_to_files_info(files_info:files_info, officever:'15', path:strcat(programfilesdir, "\Microsoft Office\Office15\office.dll"));
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(programfilesdir, "\Microsoft Office\Office", major_ver, "\MSIPC\msipc.dll"));
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(programfilesdir, "\Microsoft Office\Office", major_ver, "\ADDINS\umoutlookaddin.dll"));
_append_to_files_info(files_info:files_info, officever:major_ver, path:strcat(programfilesdir, "\Microsoft Office\Office", major_ver, "\DCF\Common.excelservices.dll"));
}
function register_miscfiles()
{
var installs, install, path;
var fn = 'register_miscfiles';
var sysroot = hotfix_get_systemroot();
if (empty_or_null(sysroot))
{
office_channel::dbg_log(fn:fn, lvl:3, msg:'Failed to System Root Directory. Files under system root directory won\'t be registered.');
return NULL;
}
_append_to_files_info(files_info:files_info, officever:'shared', path:sysroot + "\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Visio.Server\v4.0_15.0.0.0__71e9bce111e9429c\Microsoft.Office.Visio.Server.dll");
_append_to_files_info(files_info:files_info, officever:'shared', path:sysroot + "\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Server\v4.0_15.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Server.dll");
}
# Click-to-Run channel versions
var c2r_ver = retrieve_channel_versions();
# Time of last update history retrieved by Nessus
var build_versions_updated = retrieve_date_updated();
var installed_office_paths = {}, lowest_installed_prod = {};
var installed_office_versions = {}, files_info = {}, extra = {}, office_suite_version = {};
var version, maj_version, kb, products, key, sp, project_pattern, project_major_ver, uninstall_keys, ver, service_pack;
var project_key, project_value, project_match, project_ver_key, split_file_ver, split_reg_ver, c2r_reg_version;
var project_kb_list, project_ver, report_str, prod_version, product_name, product_cpe, product_list, channel_item;
var channel, channel_version, channel_build, office_c2r_version, office_c2r_build, office_c2r_channel, port, version_components;
var office_c2r_cdn_url, office_c2r_detection_method, full_version, ver_parts, product_kb, product, files, major_version;
var channel_detect, channel_cdn_url, channel_conflicting_method, channel_supported_versions, len, main_version, product_version;
var short_path, app_kb_key, install_kb_key, office_c2r_supported_vers, channel_text, display_channel, report_detail;
var kb_blob, installed_products_by_uuid, installation_paths, installation_vers, cpe, report, info_list, build_higher_than_known;
var path, version_from_uuid, office_version, prod_detail, code_pattern, match, app, channel_detection_method, uuids_by_path;
var pattern = "^SMB/Office/([A-Za-z]+)/([0-9.]+)/ProductPath$";
var version_mismatch = NULL;
var conflict = NULL;
var info = NULL;
# check if "SMB/Registry/Enumerated" sets to 1
if (check_registry_enumerated())
{
# Store information under the following registry keys in the kb
# SOFTWARE\Policies\Microsoft\office\16.0\common\officeupdate
# SOFTWARE\Microsoft\Office\ClickToRun\Configuration
retrieve_channel_registry_info();
# return the following list based on the kb set in the previous step
# [major_version, minor_version, installation_path]
# e.g. [2019, 16.0.9126.2295, "c:..."]
c2r_reg_version = retrieve_version_via_c2r_registry();
}
product_list = get_kb_list('SMB/Office/*/*/ProductPath');
for (product_kb in product_list)
{
var kb_path = product_list[product_kb];
var path64 = IF_base64(kb_path);
path64 = path64[1];
match = pregmatch(string:product_kb, pattern:pattern);
if (empty_or_null(match)) continue;
product_name = match[1];# Excel
full_version = match[2];# 16.0.10359.20023
version_components = split(full_version, sep:'.', keep:FALSE);
major_version = version_components[0]; # 16
if ( major_version == '16' )
{
ver_parts = split(full_version, sep:'.', keep:FALSE);
# If product is an MSI install, there is no need to check channel version / channel build info
if (ver_parts[2] >= 4266 && ver_parts[2] < 6001)
{
channel = 'MSI';
set_kb_item(name:strcat('SMB/Office/', product_name, '/16.0/Channel'), value:channel);
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/specs/'+path64+'/Channel', value:channel);
if ( product_name == 'Word' || product_name == 'Excel' )
office_c2r_channel = channel;
}
else
{
# Third part of full_version correlates to the channel "Version"
channel_version = c2r_ver[ver_parts[2]];
if (empty_or_null(channel_version)) channel_version = UNKNOWN_VER;
channel_build = strcat(ver_parts[2], '.', ver_parts[3]);
# Determine channel based on version or CDN
channel_detect = retrieve_update_channel(ver_parts:ver_parts, c2r_reg_version:c2r_reg_version);
channel = channel_detect['update_channel'];
if (empty_or_null(channel)) channel = 'unknown';
channel_detection_method = channel_detect['detection_method'];
if (empty_or_null(channel_detection_method)) channel_detection_method = '';
channel_cdn_url = channel_detect['cdn_url'];
channel_conflicting_method = channel_detect['conflicting_method'];
if (channel_detect['supported_versions'] != UNKNOWN_VER)
channel_supported_versions = channel_detect['supported_versions'];
else channel_supported_versions = NULL;
build_higher_than_known = channel_detect['higher_build'];
extra['Channel'] = channel;
extra['ChannelVersion'] = channel_version;
extra['ChannelBuild'] = channel_build;
extra['ChannelDetectionMethod'] = channel_detection_method;
extra['ChannelCDNUrl'] = channel_cdn_url;
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/Channel', value:channel);
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/ChannelVersion', value:channel_version);
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/ChannelBuild', value:channel_build);
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/ChannelDetectionMethod', value:channel_detection_method);
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/ChannelCDNUrl', value:channel_cdn_url);
replace_kb_item(name:'SMB/Office/'+product_name+'/16.0/specs/'+path64+'/Channel', value:channel);
replace_kb_item(name:'SMB/Office/'+product_name+'/16.0/specs/'+path64+'/ChannelVersion', value:channel_version);
if (!empty_or_null(channel_supported_versions))
{
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/SupportedVersions', value:channel_supported_versions);
extra['SupportedVersions'] = channel_supported_versions;
}
else
{
set_kb_item(name:'SMB/Office/'+product_name+'/16.0/SupportedVersions', value:UNKNOWN_VER);
extra['SupportedVersions'] = UNKNOWN_VER;
}
if ( product_name == 'Word' || product_name == 'Excel' )
{
office_c2r_channel = channel;
office_c2r_version = channel_version;
office_c2r_build = channel_build;
office_c2r_detection_method = channel_detection_method;
office_c2r_cdn_url = channel_cdn_url;
office_c2r_supported_vers = channel_supported_versions;
}
}
}
report_str = ' - ' + product_name + ' : ' + full_version + '\n';
if (installed_office_versions[major_version])
{
# collect all Office products under the same major version
installed_office_versions[major_version] += report_str;
if(ver_compare(ver:full_version, fix:lowest_installed_prod[major_version], strict:FALSE) < 0)
lowest_installed_prod[major_version] = full_version;
}
else
{
installed_office_versions[major_version] = report_str;
# keep track of the lowerest product version for each major version
lowest_installed_prod[major_version] = full_version;
}
if (!installed_office_paths[major_version])
installed_office_paths[major_version] = ereg_replace(pattern:"^(.*)\\.*$", replace:"\1\", string:product_list[product_kb]);
info = detect_update_level(vmap:all_office_versions, ver:full_version, c2r_ver:c2r_reg_version[0]);
if (!isnull(info))
{
product_version = info[1];
service_pack = string(info[2]);
}
else if (!isnull(office_c2r_channel) && office_c2r_channel != 'MSI')
{
service_pack = string(0);
product_version = c2r_reg_version[0];
}
var collect = new collection_metadata::collection_metadata();
var timestamp = hotfix_get_timestamp(path: product_list[product_kb]);
var size = hotfix_get_size(path: product_list[product_kb]);
collect.track_windows_pe_version(
path: product_list[product_kb],
size: size.value,
last_modified: timestamp.value);
register_install(
app_name: 'Microsoft ' + product_name,
vendor:'Microsoft',
product:product_version,
update:service_pack,
path:installed_office_paths[major_version],
version:full_version,
extra:extra,
cpe:'cpe:/a:microsoft:'+tolower(product_name),
enhanced_inventory: collect.inventory_data()
);
delete collect;
}
# If we found Office 2016 products but were not able to set Office channel based on Word/Excel, use last product
if ( channel && !office_c2r_channel )
{
office_c2r_channel = channel;
if (channel != 'MSI')
{
office_c2r_version = channel_version;
office_c2r_build = channel_build;
office_c2r_detection_method = channel_detection_method;
office_c2r_cdn_url = channel_cdn_url;
office_c2r_supported_vers = channel_supported_versions;
}
}
if (office_c2r_channel && office_c2r_channel != 'MSI')
{
foreach channel_item (channel_list)
{
if ( office_c2r_channel == channel_item.name )
{
display_channel = channel_item.display_name;
break;
}
}
if(isnull(display_channel)) display_channel = 'unknown';
channel_text = '';
if (
office_c2r_detection_method == 'updatechannel' || office_c2r_detection_method == 'updatepath'
|| office_c2r_detection_method == 'updatebranch' || office_c2r_detection_method == 'productreleaseids'
)
channel_text += '\nNessus used the remote host\'s "'+office_c2r_detection_method+'" registry key to determine the update channel :\n';
else if (office_c2r_detection_method == "buildversion" && !empty_or_null(channel_conflicting_method))
channel_text += '\nNessus used the remote host\'s "' + channel_conflicting_method + '" registry key to determine the update channel, however the build version indicated a different channel.' +
'\nNessus has instead used the remote host\'s office build version to determine the update channel :\n';
else if (office_c2r_detection_method == "buildversion")
channel_text += '\nNessus used the remote host\'s office build version to determine the update channel :\n';
if (!empty_or_null(office_c2r_cdn_url))
channel_text += '\n Office Click-to-Run update url : ' + office_c2r_cdn_url;
channel_text +=
'\n Office Click-to-Run update channel : ' + display_channel +
'\n Office Click-to-Run version : ' + office_c2r_version +
'\n Office Click-to-Run build : ' + office_c2r_build +
'\n';
channel_text += '\nNessus last observed a Microsoft Office update on ' + build_versions_updated + '.\n';
}
######
# Here we are looking for Office install in Uninstall key (instead of individual Office product - except for InfoPath)
#
# Examples:
# SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/{91150000-0011-0000-0000-0000000FF1CE}/DisplayName=Microsoft Office Professional Plus 2013
# SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ProfessionalRetail - en-us/DisplayName=Microsoft Office Professional 2016 - en-us
# SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/{91150000-0044-0000-0000-0000000FF1CE}/DisplayName=Microsoft InfoPath 2013
######
kb_blob = 'SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName';
installed_products_by_uuid = get_kb_list(kb_blob);
installation_paths = {};
installation_vers = {};
uuids_by_path = {};
# First loop: Group UUIDs by InstallLocation and find the highest DisplayVersion for each location
foreach var uuid ( keys( installed_products_by_uuid ) )
{
if ( ( installed_products_by_uuid[ uuid ] =~ '^Microsoft (365|Office|InfoPath) ((Apps for (enterprise|business))|2000|XP|[a-zA-Z ]*?(Edition|20[0-2][0-9])|365)' ) &&
( ! preg( pattern:"(Media Content|Get Started|Proof|MUI|Communicator|Web Components|Viewer|Primary Interop Assemblies|Access ([0-9]+ )?Runtime|Access database engine|Office [0-9]+ Resource Kit|Visio|OneNote|SharePoint|Project Professional|Project Standard|Visual Web Developer|Interface Pack|Deployment Kit for App-V)",
string:installed_products_by_uuid[uuid], icase:TRUE)) &&
('FrontPage' >!< installed_products_by_uuid[uuid] || 'with FrontPage' >< installed_products_by_uuid[uuid]))
{
# InstallLocation
var install_path = get_kb_item(str_replace( string:uuid, find:'DisplayName', replace:'InstallLocation'));
# DisplayVersion
var display_ver = get_kb_item(str_replace( string:uuid, find:'DisplayName', replace:'DisplayVersion' ) );
if ( !isnull(display_ver) && !isnull(install_path))
{
# Use install_path as key
# Remove trailing backslashes to allow proper path comparison
# i.e. 'C:\\Program Files\\Microsoft Office' and 'C:\\Program Files\\Microsoft Office\\' are the same path
var path_key = install_path;
if (!isnull(path_key))
{
# Remove trailing backslashes
while (path_key =~ '\\\\$')
path_key = substr(path_key, 0, strlen(path_key) - 2);
}
# Check if we've seen this path before
if (isnull(uuids_by_path[path_key]))
{
# First UUID for this path
uuids_by_path[path_key] = make_list(uuid, display_ver);
}
else
{
# Compare with existing version for this path
var existing_ver = uuids_by_path[path_key][1];
if (ver_compare(ver:display_ver, fix:existing_ver, strict:FALSE) > 0)
{
# This UUID has a higher version, replace it
uuids_by_path[path_key] = make_list(uuid, display_ver);
}
}
}
}
}
# Second loop: Process the UUIDs determined from first loop
foreach path_key ( keys( uuids_by_path ) )
{
uuid = uuids_by_path[path_key][0];
path = get_kb_item(str_replace( string:uuid, find:'DisplayName', replace:'InstallLocation'));
ver = get_kb_item(str_replace( string:uuid, find:'DisplayName', replace:'DisplayVersion'));
version_from_uuid = ver;
if (isnull(ver))
continue;
office_version = split( ver, sep:'.', keep:FALSE );
maj_version = office_version[0];
# Check the registry entry against the actual file versions of found product installs
# go with the file versions (more accurate) if the reg key is lower.
if (ver_compare(ver:ver, fix:lowest_installed_prod[maj_version], strict:FALSE) < 0)
{
ver = lowest_installed_prod[maj_version];
}
if ('The remote host has the following' >< installed_office_versions[maj_version])
continue;
if (path >!< installed_office_paths[maj_version])
continue;
prod_detail = installed_office_versions[maj_version];
if (!empty_or_null(prod_detail))
{
info = detect_update_level(vmap:all_office_versions, ver:ver, c2r_ver:c2r_reg_version[0]);
# Ideal detection for O365/retails - no version inconsistencies
if (!isnull(c2r_reg_version) && version_from_uuid >< c2r_reg_version[1])
{
main_version = c2r_reg_version[0];
installation_vers[maj_version] = main_version;
report_detail = strcat('\nThe remote host has the following Microsoft Office ', main_version, ' component');
}
# A version mismatch may exist if the server is scanned prior to the update fully completing.
# We can avoid reporting a vulnerability and inform user of the issue
else if (!isnull(c2r_reg_version) && !isnull(version_from_uuid) && !isnull(c2r_reg_version[0]))
{
main_version = c2r_reg_version[0];
installation_vers[maj_version] = main_version;
report_detail = strcat('\nA version mismatch has been detected, which may indicate an update has not fully completed. ' +
'Verify all update processes have completed and that there are no version inconsistencies in the registry. ' +
'\n\nThis instance will not be evaluated against unsupported Office channel and version plugins until the version mismatch is resolved.' +
'\n\nThe remote host has the following Microsoft Office ', main_version, ' component');
version_mismatch = TRUE;
office_channel::dbg_log(lvl:3, msg:'Version mismatch detected. Version from Uninstall registry key : ' + version_from_uuid +
' Version from Click-to-Run registry key : ' + c2r_reg_version[1]);
}
# Plugin should only be here if the instance is <= Office 2016
else if (!isnull(info))
{
installation_vers[maj_version] = info[1];
report_detail = strcat('\nThe remote host has the following Microsoft Office ', info[1], ' Service Pack ', info[2], ' component');
set_kb_item(name:'SMB/Office/'+info[1]+'/SP', value:info[2]);
main_version = info[1];
sp = info[2];
}
# If we have made it here something is very wrong with the detection of the instance. Bail and report a problem.
else
{
office_channel::dbg_log(lvl:3, msg:'Unable to reconcile the instance being evaluated due to a lack of sufficient data.');
exit(0, 'Unable to reconcile the instance being evaluated due to a lack of sufficient data.');
}
if (max_index(split(prod_detail)) > 1)
report_detail += 's';
report_detail += ' installed :\n\n';
installed_office_versions[maj_version] = report_detail + prod_detail;
if (preg(string:path, pattern:"[^\\]$"))
path += "\";
installation_paths[maj_version] = path;
# Save product code.
code_pattern = "SMB\/Registry\/HKLM\/SOFTWARE\/Microsoft\/Windows\/CurrentVersion\/Uninstall\/\{([\w-]+)\}\/DisplayName";
match = pregmatch(string:uuid, pattern:code_pattern, icase:TRUE);
if (!isnull(match) && !isnull(main_version))
set_kb_item(name:"SMB/Office/"+main_version+"/IdentifyingNumber", value:match[1]);
}
}
if (empty_or_null(installed_office_versions))
exit(0, 'No instances of Office were found.');
if (installed_office_versions['16'] && channel_text)
installed_office_versions['16'] += channel_text;
register_miscfiles();
for ( maj_version in installed_office_versions )
{
report += installed_office_versions[maj_version];
path = installation_paths[maj_version];
if (empty_or_null(path)) continue;
if ( maj_version == '16' )
path = hotfix_append_path(path:path, value:"root\Office16\");
else
path = hotfix_append_path(path:path, value:"\Office" + maj_version);
extra = {};
if ( maj_version == '16' && office_c2r_channel )
{
if (!get_kb_item('SMB/Office/365')) set_kb_item(name:'SMB/Office/365', value:TRUE);
set_kb_item(name:'SMB/Office/16.0/Channel', value:office_c2r_channel);
extra = {
'Office 365': 1,
'Channel': office_c2r_channel # this also sets channel for MSI install.
};
if (!empty_or_null(office_c2r_detection_method))
{
extra['ChannelDetectionMethod'] = office_c2r_detection_method;
set_kb_item(name:'SMB/Office/16.0/ChannelDetectionMethod', value:office_c2r_detection_method);
}
if (!empty_or_null(office_c2r_supported_vers))
{
set_kb_item(name:'SMB/Office/16.0/SupportedVersions', value:office_c2r_supported_vers);
extra['SupportedVersions'] = office_c2r_supported_vers;
}
if ( office_c2r_channel != 'MSI' )
{
set_kb_item(name:'SMB/Office/16.0/ChannelVersion', value:office_c2r_version);
set_kb_item(name:'SMB/Office/16.0/ChannelBuild', value:office_c2r_build);
extra['ChannelVersion'] = office_c2r_version;
extra['ChannelBuild'] = office_c2r_build;
extra['ChannelCDNUrl'] = office_c2r_cdn_url;
}
# If the build was higher than we know for the channel or a channel/version conflict was detected, set a flag to avoid reporting as unsupported
if (!empty_or_null(build_higher_than_known)) conflict = 'Build';
if (!empty_or_null(channel_conflicting_method)) conflict = 'Channel';
if (!empty_or_null(version_mismatch)) conflict = 'Version';
if (!isnull(conflict))
{
extra['ConflictedDetection'] = conflict;
replace_kb_item(name:'SMB/Office/16.0/ConflictedDetection', value:conflict);
office_channel::dbg_log(lvl:3, msg:'A conflict related to the target\'s ' + conflict + ' has been detected. ' +
'This instance will NOT be evaluated against unsupported Office channel and version plugins.');
}
}
register_officecommonfiles(major_ver:maj_version);
register_officeprogramfiles(major_ver:maj_version);
# Above two register_office* funcs must be called before accessing this `files` variable
if (!isnull(files_info.shared))
files = make_list(files_info[maj_version], files_info.shared);
else
files = files_info[maj_version];
register_install(
app_name : 'Microsoft Office',
vendor : 'Microsoft',
product : installation_vers[maj_version],
product_version:maj_version,
update : string(sp),
version : installation_vers[maj_version],
path : path,
files : files,
extra : extra,
cpe : 'cpe:/a:microsoft:office'
);
}
port = get_kb_item('SMB/transport');
report_installs(app_name:'Microsoft Office', port:port, report_override:report);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Apr 2026 00:00Current
5.3Medium risk
Vulners AI Score5.3