Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS16-004.NASL
HistoryJan 12, 2016 - 12:00 a.m.

MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (3124585)

2016-01-1200:00:00
This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
328

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.659 Medium

EPSS

Percentile

97.9%

JSON

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint, Visual Basic, or Microsoft Office Compatibility Pack installed that is affected by multiple vulnerabilities :

  • Multiple cross-site scripting vulnerabilities exist in Microsoft SharePoint due to improper enforcement of Access Control Policy (ACP) configuration settings. A remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user’s browser session. (CVE-2015-6117, CVE-2016-0011)

  • Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper handling of objects in memory. An attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0010, CVE-2016-0035)

  • An information disclosure vulnerability exists in Microsoft Office due to a failure to use the Address Space Layout Randomization (ASLR) security feature. An attacker can exploit this to predict memory offsets of specific instructions in a call stack. (CVE-2016-0012)

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(87882);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/17");

  script_cve_id(
    "CVE-2015-6117",
    "CVE-2016-0010",
    "CVE-2016-0011",
    "CVE-2016-0012",
    "CVE-2016-0035"
  );
  script_bugtraq_id(
    80028,
    80029,
    80030,
    80031,
    80032
  );
  script_xref(name:"MSFT", value:"MS16-004");
  script_xref(name:"MSKB", value:"2881067");
  script_xref(name:"MSKB", value:"3114541");
  script_xref(name:"MSKB", value:"3114540");
  script_xref(name:"MSKB", value:"3114429");
  script_xref(name:"MSKB", value:"3114421");
  script_xref(name:"MSKB", value:"3114549");
  script_xref(name:"MSKB", value:"2881029");
  script_xref(name:"MSKB", value:"3114553");
  script_xref(name:"MSKB", value:"3114554");
  script_xref(name:"MSKB", value:"3114564");
  script_xref(name:"MSKB", value:"3114396");
  script_xref(name:"MSKB", value:"3114402");
  script_xref(name:"MSKB", value:"3114557");
  script_xref(name:"MSKB", value:"3039794");
  script_xref(name:"MSKB", value:"3114486");
  script_xref(name:"MSKB", value:"3114504");
  script_xref(name:"MSKB", value:"3114482");
  script_xref(name:"MSKB", value:"3114489");
  script_xref(name:"MSKB", value:"3114494");
  script_xref(name:"MSKB", value:"2920727");
  script_xref(name:"MSKB", value:"3114527");
  script_xref(name:"MSKB", value:"3114520");
  script_xref(name:"MSKB", value:"3114518");
  script_xref(name:"MSKB", value:"3114511");
  script_xref(name:"MSKB", value:"3114526");
  script_xref(name:"MSKB", value:"3114546");
  script_xref(name:"MSKB", value:"3114547");
  script_xref(name:"MSKB", value:"3114569");
  script_xref(name:"MSKB", value:"3114503");
  script_xref(name:"MSKB", value:"3096896");
  script_xref(name:"IAVA", value:"2016-A-0011-S");

  script_name(english:"MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (3124585)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host has a version of Microsoft Office, Word, Word
Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint, Visual
Basic, or Microsoft Office Compatibility Pack installed that is
affected by multiple vulnerabilities :

  - Multiple cross-site scripting vulnerabilities exist in
    Microsoft SharePoint due to improper enforcement of
    Access Control Policy (ACP) configuration settings. A
    remote attacker can exploit these vulnerabilities, via a
    specially crafted request, to execute arbitrary script
    code in a user's browser session. (CVE-2015-6117,
    CVE-2016-0011)

  - Multiple remote code execution vulnerabilities exist in
    Microsoft Office due to improper handling of objects in
    memory. An attacker can exploit these vulnerabilities by
    convincing a user to open a specially crafted file in
    Microsoft Office, resulting in execution of arbitrary
    code in the context of the current user. (CVE-2016-0010,
    CVE-2016-0035)

  - An information disclosure vulnerability exists in
    Microsoft Office due to a failure to use the Address
    Space Layout Randomization (ASLR) security feature. An
    attacker can exploit this to predict memory offsets of
    specific instructions in a call stack. (CVE-2016-0012)");
  script_set_attribute(attribute:"see_also", value:"https://technet.microsoft.com/library/security/ms16-004");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Office 2007, 2010, 2013,
2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, PowerPoint,
Visio, SharePoint Server 2013, SharePoint Foundation 2013, Microsoft
Office Compatibility Pack, and Visual Basic 6.0 Runtime.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0010");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word_viewer");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel_viewer");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visio");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint_foundation");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_basic");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("office_installed.nasl", "microsoft_sharepoint_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
include("install_func.inc");

global_var bulletin, vuln;

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS16-004';
kbs = make_list(
  2881067,  # Office 2007 SP3 #
  3114541,  # Office 2007 SP3 #

  3114540,  # 2007 Excel SP3 #
  3114429,  # 2007 PP SP3 #
  3114421,  # 2007 Visio #
  3114549,  # 2007 Word SP3 #

  2881029, # Office 2010 SP2 #
  3114553, # Office 2010 SP2 #
  3114554, # Office 2010 SP2 #

  3114564, # 2010 Excel SP2 #
  3114396, # 2010 PP SP2  #
  3114402, # 2010 Visio #
  3114557, # 2010 Word SP2 #

  3039794, # Office 2013 SP1 #
  3114486, # Office 2013 SP1 #
  
  3114504, # 2013 Excel SP1 #
  3114482, # 2013 PP SP1 #
  3114489, # 2013 Visio #
  3114494, # 2013 Word SP1 #

  2920727, # Office 2016 #
  3114527, # Office 2016 #

  3114520, # 2016 Excel #
  3114518, # 2016 PP #
  3114511, # 2016 Visio #
  3114526, # 2016 Word #

  3114546, # Compat Pack SP3 #
  3114547, # Excel Viewer #
  3114569, # Word Viewer

  3114503, # Sharepoint 2013 SP1 #

  3096896 # Visual Basic Runtime 6.0 #
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated", exit_code:1);

# Get path information for Windows.
windir = hotfix_get_systemroot();
if (isnull(windir)) exit(1, "Failed to determine the location of %windir%.");
registry_init();

vuln = FALSE;

function check_mscomctlocx(product, kb, bulletin)
{
  if (hotfix_is_vulnerable(file:"mscomctl.ocx", version:"6.1.98.46", dir:"\System32", bulletin:bulletin, kb:kb, product:product) ||
      hotfix_is_vulnerable(file:"mscomctl.ocx", version:"6.1.98.46", dir:"\SysWOW64", bulletin:bulletin, kb:kb, product:product)
  ) vuln = TRUE;
}

function perform_office_checks()
{
  local_var office_vers, office_sp, path;
  office_vers = hotfix_check_office_version();
  if (office_vers["12.0"])
  {
    office_sp = get_kb_item("SMB/Office/2007/SP");
    if (!isnull(office_sp) && office_sp == 3)
    {
      path = hotfix_append_path(path:hotfix_get_officecommonfilesdir(officever:"12.0"), value:"Microsoft Shared\Office12");
      if (
          hotfix_check_fversion(file:"mso.dll",     version: "12.0.6741.5000" , path:path, bulletin:bulletin, kb:"3114541", product:"Microsoft Office 2007 SP3") == HCF_OLDER ||
          hotfix_check_fversion(file:"ppcore.dll",    version: "12.0.6741.5000" , path:path, bulletin:bulletin, kb:"3114429", product:"PowerPoint 2007 SP3"      ) == HCF_OLDER
      ) vuln = TRUE;
    }

    # Only 32 bit arches affected
    if (get_kb_item("SMB/Office/12.0/Bitness") != "x64")
      check_mscomctlocx(product:"Microsoft Office 2007 SP3", bulletin:bulletin, kb:"2881067");
  }

  if (office_vers["14.0"])
  {
    office_sp = get_kb_item("SMB/Office/2010/SP");
    if (!isnull(office_sp) && office_sp == 2)
    {
      path = hotfix_append_path(path:hotfix_get_officeprogramfilesdir(officever:"14.0"), value:"Microsoft Office\Office14");
      if (
        hotfix_check_fversion(file:"mso.dll",   version: "14.0.7165.5000", path:path, bulletin:bulletin, kb:"3114553", product:"Microsoft Office 2010 SP2") == HCF_OLDER ||
        hotfix_check_fversion(file:"wwlibcxm.dll", version: "14.0.7165.5000", path:path, bulletin:bulletin, kb:"3114554", product:"Microsoft Office 2010 SP2") == HCF_OLDER ||
        hotfix_check_fversion(file:"ppcore.dll",    version: "14.0.7165.5000" , path:path, bulletin:bulletin, kb:"3114396", product:"PowerPoint 2010 SP2"      ) == HCF_OLDER
      ) vuln = TRUE;

      # Only 32 bit arches affected
      if (get_kb_item("SMB/Office/14.0/Bitness") != "x64")
        check_mscomctlocx(product:"Microsoft Office 2010 SP2", bulletin:bulletin, kb:"2881029");
    }
  }

  if (office_vers["15.0"])
  {
    office_sp = get_kb_item("SMB/Office/2013/SP");
    if (!isnull(office_sp) && int(office_sp) <= 1)
    {
      path = hotfix_append_path(path:hotfix_get_officecommonfilesdir(officever:"15.0"), value:"Microsoft Shared\Office15");
      if (
        hotfix_check_fversion(file:"mso.dll", version:"15.0.4787.1002", path:path, bulletin:bulletin, kb:"3114486", product:"Microsoft Office 2013 SP1") == HCF_OLDER ||
        hotfix_check_fversion(file:"ppcore.dll",    version: "15.0.4787.1000" , path:path, bulletin:bulletin, kb:"3114482", product:"PowerPoint 2013 SP1"      ) == HCF_OLDER
      ) vuln = TRUE;

      # Only 32 bit arches affected
      if (get_kb_item("SMB/Office/15.0/Bitness") != "x64")
        check_mscomctlocx(product:"Microsoft Office 2013 SP1", bulletin:bulletin, kb:"3039794");
    }
  }

  local_var x86path,x64path;
  if (office_vers["16.0"])
  {
    office_sp = get_kb_item("SMB/Office/2016/SP");
    if (!isnull(office_sp) && int(office_sp) <= 1)
    {
      path = hotfix_get_officeprogramfilesdir(officever:"16.0");
      x86path = hotfix_append_path(path:path, value:"Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16");
      x64path = hotfix_append_path(path:path, value:"Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16");
      if (
        hotfix_check_fversion(file:"Msores.dll", version:"16.0.4297.1000", channel:"MSI", channel_product:"Office", path:x86path, bulletin:bulletin, kb:"3114527", product:"Microsoft Office 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"Msores.dll", version:"16.0.4297.1000", channel:"MSI", channel_product:"Office", path:x64path, bulletin:bulletin, kb:"3114527", product:"Microsoft Office 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"ppcore.dll", version:"16.0.4324.1000", channel:"MSI", channel_product:"PowerPoint", path:path, bulletin:bulletin, kb:"3114518", product:"PowerPoint 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"Msores.dll", version:"16.0.6001.1054", channel:"First Release for Deferred", channel_product:"Office", path:x86path, bulletin:bulletin, kb:"3114527", product:"Microsoft Office 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"Msores.dll", version:"16.0.6001.1054", channel:"First Release for Deferred", channel_product:"Office", path:x64path, bulletin:bulletin, kb:"3114527", product:"Microsoft Office 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"ppcore.dll", version:"16.0.6001.1054", channel:"First Release for Deferred", channel_product:"PowerPoint", path:path, bulletin:bulletin, kb:"3114518", product:"PowerPoint 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"Msores.dll", version:"16.0.6366.2056", channel:"Current", channel_product:"Office", path:x86path, bulletin:bulletin, kb:"3114527", product:"Microsoft Office 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"Msores.dll", version:"16.0.6366.2056", channel:"Current", channel_product:"Office", path:x64path, bulletin:bulletin, kb:"3114527", product:"Microsoft Office 2016") == HCF_OLDER ||
        hotfix_check_fversion(file:"ppcore.dll", version:"16.0.6366.2056", channel:"Current", channel_product:"PowerPoint", path:path, bulletin:bulletin, kb:"3114518", product:"PowerPoint 2016") == HCF_OLDER
      ) vuln = TRUE;

      # Only 32 bit arches affected, only on MSI channel
      if (get_kb_item("SMB/Office/16.0/Channel") == "MSI" && get_kb_item("SMB/Office/16.0/Bitness") != "x64")
        check_mscomctlocx(product:"Microsoft Office 2016", bulletin:bulletin, kb:"2920727");
    }
  }
}

function perform_vb6_runtime_check()
{
  local_var hklm, path, exe;
  registry_init();
  hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
  path = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\VisualStudio\6.0\Setup\Microsoft Visual Basic\ProductDir");
  RegCloseKey(handle:hklm);
  close_registry();

  if (!isnull(path)){
    path = hotfix_append_path(path:path, value:"VB6.exe");
    exe = hotfix_get_fversion(path:path);
    if(exe['error'] == HCF_OK)
      check_mscomctlocx(product:"Microsoft Visual Basic 6.0", bulletin:bulletin, kb:"3096896");
  }
}

function perform_office_product_checks()
{
  local_var checks, vwr_checks, compat_checks, kb;

  local_var installs, install, path; # For DLL checks

  ######################################################################
  # Excel Checks
  ######################################################################
  checks = make_array(
    "12.0", make_array("sp", 3, "version", "12.0.6742.5000", "kb", "3114540"),
    "14.0", make_array("sp", 2, "version", "14.0.7165.5002", "kb", "3114564"),
    "15.0", make_array("sp", 1, "version", "15.0.4787.1002", "kb", "3114504"),
    "16.0", make_nested_list(
      make_array("sp", 0, "version", "16.0.4324.1001", "channel", "MSI", "kb", "3114520"),
      make_array("sp", 0, "version", "16.0.6001.1054", "channel", "First Release for Deferred", "kb", "3114520"),
      make_array("sp", 0, "version", "16.0.6366.2056", "channel", "Current", "kb", "3114520")
    )
  );
  if (hotfix_check_office_product(product:"Excel", checks:checks, bulletin:bulletin))
    vuln = TRUE;

  ######################################################################
  # Word Checks
  ######################################################################
  checks = make_array(
    "12.0", make_array("sp", 3, "version", "12.0.6741.5000", "kb", "3114549"),
    "14.0", make_array("sp", 2, "version", "14.0.7165.5000", "kb", "3114557"),
    "15.0", make_array("sp", 1, "version", "15.0.4787.1000", "kb", "3114494"),
    "16.0", make_nested_list(
      make_array("sp", 0, "version", "16.0.4324.1000", "channel", "MSI", "kb", "3114526"),
      make_array("sp", 0, "version", "16.0.6001.1054", "channel", "First Release for Deferred", "kb", "3114526"),
      make_array("sp", 0, "version", "16.0.6366.2056", "channel", "Current", "kb", "3114526")
    )
  );
  if (hotfix_check_office_product(product:"Word", checks:checks, bulletin:bulletin))
    vuln = TRUE;

  ######################################################################
  # Excel Viewer
  ######################################################################
  vwr_checks = make_array(
    "12.0", make_array("version", "12.0.6742.5000", "kb", "3114547")
  );
  if (hotfix_check_office_product(product:"ExcelViewer", display_name:"Excel Viewer", checks:vwr_checks, bulletin:bulletin))
    vuln = TRUE;

  ######################################################################
  # Word Viewer
  ######################################################################
  installs = get_kb_list("SMB/Office/WordViewer/*/ProductPath");
  foreach install (installs)
  {
    path = installs[install];
    if (hotfix_is_vulnerable(path:path, file:"mso.dll", version:"11.0.8423.0", bulletin:bulletin, kb:"3114569"))
      vuln = TRUE;
  }

  ######################################################################
  # Excel and Word Compatibility pack
  ######################################################################
  compat_checks = make_array(
    "12.0", make_array("sp", 3, "version", "12.0.6742.5000", "kb", "3114546")
  );
  if (hotfix_check_office_product(product:"ExcelCnv", display_name:"Office Compatibility Pack SP3", checks:compat_checks, bulletin:bulletin))
    vuln = TRUE;
}

function perform_visio_checks()
{
  local_var installs,install,share,path,version;

  # Preconditions
  installs = get_kb_list("SMB/Office/Visio/*/VisioPath");
  if(isnull(installs))
    return;

  share = hotfix_path2share(path:path);
  if(!is_accessible_share(share:share))
    return;

  # Visio checks
  foreach install (keys(installs))
  {
    version = install - 'SMB/Office/Visio/' - '/VisioPath';
    if ("12.0" >!< version && "14.0" >!< version && "15.0" >!< version && "16.0" >!< version)
      continue;
    path = installs[install];
    if ("12.0" >< version && hotfix_is_vulnerable(path:path, file:"Visio.exe", version:"12.0.6741.5000", min_version:"12.0.6000.0", bulletin:bulletin, kb:"3114421"))
      vuln = TRUE;
    if ("14.0" >< version && hotfix_is_vulnerable(path:path, file:"Visio.exe", version:"14.0.7165.5000", min_version:"14.0.6500.0", bulletin:bulletin, kb:"3114402"))
      vuln = TRUE;
    if ("15.0" >< version && hotfix_is_vulnerable(path:path, file:"Visio.exe", version:"15.0.4787.1000", min_version:"15.0.4000.0", bulletin:bulletin, kb:"3114489"))
      vuln = TRUE;
    if ("16.0" >< version && 
      (
        hotfix_is_vulnerable(path:path, file:"Visio.exe", version:"16.0.4324.1000", channel:"MSI", channel_product:"Visio", bulletin:bulletin, kb:"3114511") ||
        hotfix_is_vulnerable(path:path, file:"Visio.exe", version:"16.0.6001.1054", channel:"First Release for Deferred", channel_product:"Visio", bulletin:bulletin, kb:"3114511") ||
        hotfix_is_vulnerable(path:path, file:"Visio.exe", version:"16.0.6366.2056", channel:"Current", channel_product:"Visio", bulletin:bulletin, kb:"3114511")
      )
    ) vuln = TRUE;
  }
}

######################################################################
# SharePoint
######################################################################
function perform_sharepoint_checks()
{
  local_var sps_2013_path, sps_2013_sp, sps_2013_edition;
  local_var installs, install, path, prod;

  sps_2013_path = NULL;

  installs = get_installs(app_name:"Microsoft SharePoint Server");
  foreach install (installs[1])
  {
    if (install['Product'] == "2013")
    {
      sps_2013_path = install['path'];
      sps_2013_sp = install['SP'];
      sps_2013_edition = install['Edition'];
      break;
    }
  }

  ######################################################################
  # SharePoint Server 2013
  ######################################################################
  # In this case the fix for SharePoint Server and SharePoint Foundation
  # are the same, this is not always the case
  if (sps_2013_path)
  {
    if (sps_2013_sp == "1")
    {
      prod = "SharePoint " + sps_2013_edition + " SP1";
      path = hotfix_append_path(path:hotfix_get_commonfilesdir(), value:"Microsoft Shared\Web Server Extensions\15\BIN\");
      if (hotfix_check_fversion(file:"onetutil.dll", version:"15.0.4787.1000", path:path, bulletin:bulletin, kb:"3114503", product:prod) == HCF_OLDER)
      {
        set_kb_item(name:"www/0/XSS", value:TRUE);
        vuln = TRUE;
      }
    }
  }
}

perform_office_checks();
perform_office_product_checks();
perform_visio_checks();
perform_sharepoint_checks();
perform_vb6_runtime_check();

if (vuln)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftofficecpe:/a:microsoft:office
microsoftwordcpe:/a:microsoft:word
microsoftword_viewercpe:/a:microsoft:word_viewer
microsoftexcelcpe:/a:microsoft:excel
microsoftexcel_viewercpe:/a:microsoft:excel_viewer
microsoftpowerpointcpe:/a:microsoft:powerpoint
microsoftvisiocpe:/a:microsoft:visio
microsoftsharepoint_servercpe:/a:microsoft:sharepoint_server
microsoftsharepoint_foundationcpe:/a:microsoft:sharepoint_foundation
microsoftvisual_basiccpe:/a:microsoft:visual_basic
Rows per page:
1-10 of 111

Related

mskb 1
kaspersky 1
openvas 11
cvelist 5
nvd 5
cve 5
prion 5
nessus 1
symantec 5
zdi 1
checkpoint_advisories 3
mskb
mskb
MS16-004: Security Update for Microsoft Office to Address Remote Code Execution: January 12, 2016
2016-01-12 00:00:00
kaspersky
kaspersky
KLA10738 Multiple vulnerabilities in Microsoft Office
2016-01-12 00:00:00
openvas
openvas
Microsoft Office Multiple Vulnerabilities (3124585) - Mac OS X
2016-01-13 00:00:00
Microsoft SharePoint Server and Foundation Multiple Vulnerabilities (3124585)
2016-01-13 00:00:00
Microsoft Office Excel Multiple Remote Code Execution Vulnerabilities (3124585)
2016-01-13 00:00:00
cvelist
cvelist
CVE-2016-0011
2016-01-13 02:00:00
CVE-2015-6117
2016-01-13 02:00:00
CVE-2016-0012
2016-01-13 02:00:00
nvd
nvd
CVE-2015-6117
2016-01-13 05:59:00
CVE-2016-0011
2016-01-13 05:59:09
CVE-2016-0012
2016-01-13 05:59:10
cve
cve
CVE-2015-6117
2016-01-13 05:59:00
CVE-2016-0011
2016-01-13 05:59:09
CVE-2016-0012
2016-01-13 05:59:10
prion
prion
Security feature bypass
2016-01-13 05:59:00
Security feature bypass
2016-01-13 05:59:00
Security feature bypass
2016-01-13 05:59:00
nessus
nessus
MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (3124585) (Mac OS X)
2016-01-12 00:00:00
symantec
symantec
Microsoft SharePoint CVE-2015-6117 Security Bypass Vulnerability
2016-01-12 00:00:00
Microsoft SharePoint CVE-2016-0011 Security Bypass Vulnerability
2016-01-12 00:00:00
Microsoft Office CVE-2016-0012 ASLR Security Bypass Vulnerability
2016-01-12 00:00:00
zdi
zdi
(0Day) Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability
2015-12-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Memory Corruption (MS16-004: CVE-2016-0035)
2016-01-12 00:00:00
Microsoft Office Memory Corruption (MS16-004: CVE-2016-0010)
2016-01-12 00:00:00
MSCOMCTL.OCX Killbit: C74190B6-8589-11d1-B16A-00C0F0283628 (MS12-027; CVE-2012-0158; CVE-2016-0012)
2012-04-10 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.659 Medium

EPSS

Percentile

97.9%

JSON
Related for SMB_NT_MS16-004.NASL
mskb1kaspersky1openvas11cvelist5nvd5cve5prion5nessus1symantec5zdi1checkpoint_advisories3