Lucene search
K

Microsoft Office Multiple Remote Code Execution Vulnerabilities (3199168) - Mac OS X

🗓️ 17 Nov 2016 00:00:00Reported by Copyright (C) 2016 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 57 Views

Multiple Remote Code Execution Vulnerabilities in Microsoft Office for Mac OS

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the Microsoft Office Compatibility Pack, the Microsoft Word text editor, and the Microsoft Office software suite allows a perpetrator to execute arbitrary code.
8 Dec 201600:00
bdu_fstec
BDU FSTEC
The vulnerability of the Microsoft Office Compatibility Pack, the Microsoft Excel Viewer, and the Microsoft Excel spreadsheet editor allows a perpetrator to execute arbitrary code.
8 Dec 201600:00
bdu_fstec
BDU FSTEC
Vulnerability of Microsoft Excel spreadsheet editors, Microsoft Excel Viewer for spreadsheet viewing, and the Microsoft Office Compatibility Pack, which allows a hacker to execute arbitrary code.
8 Dec 201600:00
bdu_fstec
BDU FSTEC
The vulnerability of Microsoft Excel editors, along with the Microsoft Office Compatibility Pack, allows a perpetrator to execute arbitrary code.
8 Dec 201600:00
bdu_fstec
BDU FSTEC
The vulnerability of Microsoft Excel spreadsheet editors and the Microsoft Office Compatibility Pack allows a perpetrator to execute arbitrary code.
27 Dec 201600:00
bdu_fstec
Circl
CVE-2016-7228
31 Aug 202503:01
circl
CNVD
Microsoft Office Memory Corruption Vulnerability (CNVD-2016-10966)
9 Nov 201600:00
cnvd
CNVD
Microsoft Office Memory Corruption Vulnerability (CNVD-2016-10968)
9 Nov 201600:00
cnvd
CNVD
Microsoft Office Memory Corruption Vulnerability (CNVD-2016-10969)
9 Nov 201600:00
cnvd
CNVD
Microsoft Office Memory Corruption Vulnerability (CNVD-2016-10970)
9 Nov 201600:00
cnvd
Rows per page
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:microsoft:office";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.809727");
  script_version("2026-04-28T06:28:06+0000");
  script_cve_id("CVE-2016-7213", "CVE-2016-7228", "CVE-2016-7229", "CVE-2016-7231",
                "CVE-2016-7232");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2026-04-28 06:28:06 +0000 (Tue, 28 Apr 2026)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-10-12 22:14:00 +0000 (Fri, 12 Oct 2018)");
  script_tag(name:"creation_date", value:"2016-11-17 11:34:42 +0530 (Thu, 17 Nov 2016)");
  script_tag(name:"qod_type", value:"executable_version");
  script_name("Microsoft Office Multiple Remote Code Execution Vulnerabilities (3199168) - Mac OS X");

  script_tag(name:"summary", value:"This host is missing an important security
  update according to Microsoft Bulletin MS16-133");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw exists as office software fails to
  properly handle objects in memory.");

  script_tag(name:"impact", value:"Successful exploitation will allow a remote
  attacker to run arbitrary code in the context of the current user.");

  script_tag(name:"affected", value:"- Microsoft Office 2011 on Mac OS X

  - Microsoft Office 2016 on Mac OS X");

  script_tag(name:"solution", value:"Apply the patch from the referenced advisory.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"https://support.microsoft.com/en-us/kb/3198807");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93993");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93996");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93995");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/93994");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94005");
  script_xref(name:"URL", value:"https://support.microsoft.com/en-us/kb/3198798");
  script_xref(name:"URL", value:"https://technet.microsoft.com/library/security/MS16-133");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Mac OS X Local Security Checks");
  script_dependencies("gb_microsoft_office_detect_macosx.nasl");
  script_mandatory_keys("MS/Office/MacOSX/Ver");
  exit(0);
}

include("version_func.inc");

if(!offVer = get_kb_item("MS/Office/MacOSX/Ver")){
  exit(0);
}

if(offVer !~ "^1[45]\."){
  exit(0);
}

if(offVer =~ "^14\." && version_is_less(version:offVer, test_version:"14.7.0"))
{
  report = 'File version:     ' + offVer   + '\n' +
           'Vulnerable range: 14.1.0 - 14.6.9' + '\n' ;
  security_message(data:report);
  exit(0);
}

if(offVer =~ "^15\." && version_is_less(version:offVer, test_version:"15.28"))
{
  report = 'File version:     ' + offVer   + '\n' +
           'Vulnerable range: 15.0 - 15.27' + '\n' ;
  security_message(data:report);
  exit(0);
}
exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation