Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2023 Tenable Network Security, Inc.SMB_NT_MS18_JAN_OFFICE_COMPATIBILITY.NASL
HistoryJan 09, 2018 - 12:00 a.m.

Security Updates for Microsoft Office Compatibility SP3 (January 2018)

2018-01-0900:00:00
This script is Copyright (C) 2018-2023 Tenable Network Security, Inc.
www.tenable.com
215
JSON

The Microsoft Office Compatibility Pack products installed on the remote host are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

  • A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
    (CVE-2018-0793, CVE-2018-0794, CVE-2018-0796, CVE-2018-0798, CVE-2018-0801, CVE-2018-0802, CVE-2018-0804, CVE-2018-0805, CVE-2018-0806, CVE-2018-0807, CVE-2018-0812)

  • An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. (CVE-2018-0797)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(105695);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2018-0793",
    "CVE-2018-0794",
    "CVE-2018-0796",
    "CVE-2018-0797",
    "CVE-2018-0798",
    "CVE-2018-0801",
    "CVE-2018-0802",
    "CVE-2018-0804",
    "CVE-2018-0805",
    "CVE-2018-0806",
    "CVE-2018-0807",
    "CVE-2018-0812",
    "CVE-2018-0845",
    "CVE-2018-0848",
    "CVE-2018-0849",
    "CVE-2018-0862"
  );
  script_bugtraq_id(
    102347,
    102348,
    102370,
    102372,
    102373,
    102375,
    102406,
    102457,
    102459,
    102460,
    102461,
    102463
  );
  script_xref(name:"MSKB", value:"4011605");
  script_xref(name:"MSKB", value:"4011607");
  script_xref(name:"MSFT", value:"MS18-4011605");
  script_xref(name:"MSFT", value:"MS18-4011607");
  script_xref(name:"IAVA", value:"2018-A-0009-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");

  script_name(english:"Security Updates for Microsoft Office Compatibility SP3 (January 2018)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Office Products are affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Office Compatibility Pack products installed
on the remote host are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in
  Microsoft Office software when the software fails to
  properly handle objects in memory. An attacker who
  successfully exploited the vulnerability could run
  arbitrary code in the context of the current user.
  (CVE-2018-0793, CVE-2018-0794, CVE-2018-0796, 
  CVE-2018-0798, CVE-2018-0801, CVE-2018-0802, 
  CVE-2018-0804, CVE-2018-0805, CVE-2018-0806, 
  CVE-2018-0807, CVE-2018-0812)

- An Office RTF remote code execution vulnerability 
  exists in Microsoft Office software when the Office 
  software fails to properly handle RTF files. An 
  attacker who successfully exploited the vulnerability 
  could run arbitrary code in the context of the current 
  user. (CVE-2018-0797)");
  # https://support.microsoft.com/en-us/help/4011605/descriptionofthesecurityupdateformicrosoftofficecompatibilitypackservi
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d320dbde");
  # https://support.microsoft.com/en-us/help/4011607/description-of-the-security-update-for-microsoft-office-compatibility
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7b248e04");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released the following security updates to address this issue:
    -KB4011605
    -KB4011607");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0862");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_compatibility_pack");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2018-2023 Tenable Network Security, Inc.");

  script_dependencies("office_installed.nasl", "microsoft_office_compatibility_pack_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("misc_func.inc");
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = "MS18-01";
kbs = make_list(
  '4011605',
  '4011607'
);

vuln = FALSE;

if (get_kb_item("Host/patch_management_checks"))
  hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

######################################################################
 # Excel Compatibility pack
######################################################################
excel_compat_check = make_array(
    "12.0", make_array("version", "12.0.6784.5000", "kb", "4011605")
);

if (hotfix_check_office_product(product:"ExcelCnv",
                                display_name:"Office Compatibility Pack SP3",
                                checks:excel_compat_check,
                                bulletin:bulletin))
  vuln = TRUE;

####################################################################
#  Office Compatibility Pack
####################################################################
installs = get_kb_list("SMB/Office/WordCnv/*/ProductPath");
foreach install (keys(installs))
{
  path = installs[install];
  path = ereg_replace(pattern:'^(.+)\\\\[^\\\\]+\\.exe$', replace:"\1\", string:path, icase:TRUE);
  if(hotfix_check_fversion(path:path, file:"wordcnv.dll", version:"12.0.6784.5000", kb:"4011607", min_version:"12.0.0.0", product:"Microsoft Office Compatibility Pack") == HCF_OLDER)
  {
    vuln = TRUE;
    break;
  }
}

if(vuln)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftoffice_compatibility_packcpe:/a:microsoft:office_compatibility_pack

References

Related

openvas 18
mskb 23
nessus 7
cve 18
prion 18
kaspersky 3
attackerkb 2
carbonblack 2
cisa_kev 2
threatpost 5
thn 7
mscve 16
symantec 12
qualysblog 5
mssecure 1
securelist 28
checkpoint_advisories 3
zdi 1
talosblog 3
trendmicroblog 1
krebs 1
fireeye 3
myhack58 3
avleonov 1
openvas
openvas
Microsoft Word 2010 Service Pack 2 Multiple RCE Vulnerabilities (KB4011659)
2018-01-10 00:00:00
Microsoft Office Compatibility Pack Service Pack 3 Multiple RCE Vulnerabilities (KB4011607)
2018-01-10 00:00:00
Microsoft Word 2007 Service Pack 3 Multiple Vulnerabilities (KB4011657)
2018-01-10 00:00:00
mskb
mskb
Description of the security update for Word 2010: January 9, 2018
2018-01-19 08:00:00
Security update 2018-01-19
2018-01-19 08:00:00
Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: January 9, 2018
2018-01-19 08:00:00
nessus
nessus
Security Updates for Microsoft Office Products (January 2018)
2018-01-10 00:00:00
Security Updates for Microsoft Word Products (January 2018)
2018-01-09 00:00:00
Security Updates for Microsoft Office Viewer Products (January 2018)
2018-01-09 00:00:00
cve
cve
CVE-2018-0849
2018-01-22 23:29:00
CVE-2018-0805
2018-01-10 01:29:00
CVE-2018-0848
2018-01-22 23:29:00
prion
prion
Remote code execution
2018-01-22 23:29:00
Remote code execution
2018-01-22 23:29:00
Remote code execution
2018-01-10 01:29:00
kaspersky
kaspersky
KLA11183 Memory corruption vulnerabilities in Microsoft Office
2018-01-19 00:00:00
KLA11170 Multiple vulnerabilities in Microsoft Office
2018-01-09 00:00:00
KLA11180 Multiple vulnerabilities in Microsoft Office Online
2018-01-09 00:00:00
attackerkb
attackerkb
CVE-2018-0802
2018-01-10 00:00:00
CVE-2018-0798
2018-01-10 00:00:00
carbonblack
carbonblack
Threat Analysis Unit (TAU) Threat Intelligence Notification: Tick Downloaders (Operation ENDTRADE)
2019-12-10 15:34:53
Technical Analysis: Hackers Leveraging COVID-19 Pandemic to Launch Phishing Attacks, Fake Apps/Maps, Trojans, Backdoors, Cryptominers, Botnets & Ransomware
2020-03-19 20:48:06
cisa_kev
cisa_kev
Microsoft Office Memory Corruption Vulnerability
2021-11-03 00:00:00
Microsoft Office Memory Corruption Vulnerability
2021-11-03 00:00:00
threatpost
threatpost
PortDoor Espionage Malware Takes Aim at Russian Defense Sector
2021-04-30 19:32:34
Novel 'Victory' Backdoor Spotted in Chinese APT Campaign
2021-06-07 18:49:44
Despite Ringleader’s Arrest, Cobalt Group Still Active
2018-05-28 12:21:42
thn
thn
New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer
2021-05-03 07:34:00
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
2022-05-11 12:37:00
Bitter APT Hackers Continue to Target Bangladesh Military Entities
2022-07-06 09:51:00
mscve
mscve
Microsoft Office Remote Code Execution Vulnerability
2018-01-09 08:00:00
Microsoft Office Memory Corruption Vulnerability
2018-01-09 08:00:00
Microsoft Office Memory Corruption Vulnerability
2018-01-19 08:00:00
symantec
symantec
Microsoft Word CVE-2018-0805 Remote Code Execution Vulnerability
2018-01-09 00:00:00
Microsoft Word CVE-2018-0794 Remote Code Execution Vulnerability
2018-01-09 00:00:00
Microsoft Office CVE-2018-0812 Memory Corruption Vulnerability
2018-01-09 00:00:00
qualysblog
qualysblog
January Patch Tuesday – Meltdown/Spectre, 16 Critical Microsoft Patches, 1 Adobe Patch
2018-01-09 19:56:57
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
2019-12-27 18:01:22
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)
2023-07-18 13:38:53
mssecure
mssecure
Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks
2018-11-28 21:46:48
securelist
securelist
The leap of a Cycldek-related threat actor
2021-04-05 10:00:22
MosaicRegressor: Lurking in the Shadows of UEFI
2020-10-05 10:00:45
Spam and phishing in 2022
2023-02-16 08:00:07
checkpoint_advisories
checkpoint_advisories
Microsoft Office Remote Code Execution (CVE-2018-0798)
2019-07-10 00:00:00
Microsoft Office Equation Memory Corruption Remote Code Execution (CVE-2018-0802)
2018-01-08 00:00:00
Microsoft Word Memory Corruption (CVE-2018-0797)
2018-01-09 00:00:00
zdi
zdi
Microsoft Office Excel Formula Type Confusion Information Disclosure Vulnerability
2018-02-21 00:00:00
talosblog
talosblog
Advanced Mobile Malware Campaign in India uses Malicious MDM - Part 2
2018-07-24 22:24:00
Microsoft Patch Tuesday - January 2018
2018-01-09 13:36:00
Microsoft Patch Tuesday - February 2018
2018-02-13 13:26:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 8, 2018
2018-01-12 15:09:44
krebs
krebs
Microsoft’s Jan. 2018 Patch Tuesday Lowdown
2018-01-10 16:07:35
fireeye
fireeye
APT37 (Reaper): The Overlooked North Korean Actor
2018-02-20 08:30:00
Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
2019-06-05 15:00:00
Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One
2020-04-06 00:00:00
myhack58
myhack58
A use cve-2017-11882 and cve-2018-0802 combination of vulnerability a malicious document analysis-vulnerability warning-the black bar safety net
2018-12-25 00:00:00
A CVE-2017-11882 vulnerability is a new variation of a sample of the debugging and analysis-vulnerability warning-the black bar safety net
2018-12-02 00:00:00
The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net
2019-06-13 00:00:00
avleonov
avleonov
September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM
2023-09-30 19:31:42
JSON
Related for SMB_NT_MS18_JAN_OFFICE_COMPATIBILITY.NASL
openvas18mskb23nessus7cve18prion18kaspersky3attackerkb2carbonblack2cisa_kev2threatpost5thn7mscve16symantec12qualysblog5mssecure1securelist28checkpoint_advisories3zdi1talosblog3trendmicroblog1krebs1fireeye3myhack583avleonov1