Lucene search
Copyright (C) 2018 Greenbone AGOPENVAS:1361412562310814252HistoryOct 10, 2018 - 12:00 a.m.
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Oct 2018)
2018-10-1000:00:00
Copyright (C) 2018 Greenbone AG
plugins.openvas.org
141
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.317 Low
EPSS
Percentile
96.9%
This host is missing an important security
update according to Microsoft Office Click-to-Run updates.
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.814252");
script_version("2024-02-19T05:05:57+0000");
script_cve_id("CVE-2018-8502", "CVE-2018-8501", "CVE-2018-8504", "CVE-2018-8432");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
script_tag(name:"creation_date", value:"2018-10-10 11:39:37 +0530 (Wed, 10 Oct 2018)");
script_name("Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Oct 2018)");
script_tag(name:"summary", value:"This host is missing an important security
update according to Microsoft Office Click-to-Run updates.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to:
- Errors in Microsoft Excel, Microsoft PowerPoint and Microsoft Word
when the software fails to properly handle objects in Protected View.
- Missing update for Microsoft Office that provides enhanced security as a
defense-in-depth measure.
- An error in the way that Microsoft Graphics Components handle objects in
memory.");
script_tag(name:"impact", value:"Successful exploitation will allow an attacker
to run arbitrary code in the context of the current user.");
script_tag(name:"affected", value:"Microsoft Office 365 (2016 Click-to-Run).");
script_tag(name:"solution", value:"Upgrade to latest version of Microsoft Office
365 (2016 Click-to-Run) with respect to update channel used. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"registry");
script_xref(name:"URL", value:"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8502");
script_xref(name:"URL", value:"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180026");
script_xref(name:"URL", value:"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8501");
script_xref(name:"URL", value:"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8504");
script_xref(name:"URL", value:"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8432");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-gb/officeupdates/release-notes-office365-proplus");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone AG");
script_family("Windows : Microsoft Bulletins");
script_dependencies("gb_ms_office_click2run_detect_win.nasl");
script_mandatory_keys("MS/Off/C2R/Ver", "MS/Office/C2R/UpdateChannel");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
officeVer = get_kb_item("MS/Off/C2R/Ver");
if(!officeVer || officeVer !~ "^16\."){
exit(0);
}
UpdateChannel = get_kb_item("MS/Office/C2R/UpdateChannel");
officePath = get_kb_item("MS/Off/C2R/InstallPath");
## 1809 (Build 10827.20150)
if(UpdateChannel == "Monthly Channel")
{
if(version_is_less(version:officeVer, test_version:"16.0.10827.20150")){
fix = "1809 (Build 10827.20150)";
}
}
##1808 (Build 10730.20155)
else if(UpdateChannel == "Semi-Annual Channel (Targeted)")
{
if(version_is_less(version:officeVer, test_version:"16.0.10730.20155")){
fix = "1808 (Build 10730.20155)";
}
}
##Version 1708 (Build 8431.2316)
##Version 1803 (Build 9126.2295)
else if(UpdateChannel == "Semi-Annual Channel")
{
if(version_is_less(version:officeVer, test_version:"16.0.8431.2316")){
fix = "Version 1708 (Build 8431.2316)";
}
else if(version_in_range(version:officeVer, test_version:"16.0.9000", test_version2:"16.0.9126.2294")){
fix = "1803 (Build 9126.2295)";
}
}
if(fix)
{
report = report_fixed_ver(installed_version:officeVer, fixed_version:fix, install_path:officePath);
security_message(data:report);
exit(0);
}
exit(99);
References
docs.microsoft.com/en-gb/officeupdates/release-notes-office365-proplus
portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180026
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8432
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8501
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8502
portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8504
Related
nessus
nessus
Security Updates for Microsoft Office Products (October 2018)
2018-10-09 00:00:00
Security Updates for Microsoft Office Products C2R (October 2018)
2022-06-10 00:00:00
openvas
openvas
Microsoft Office 2013 Service Pack 1 Multiple Vulnerabilities (KB4461445)
2018-10-10 00:00:00
Microsoft Office 2016 Multiple Vulnerabilities (KB4461437)
2018-10-10 00:00:00
mskb
mskb
Description of the security update for Office 2010: October 9, 2018
2018-10-09 07:00:00
Description of the security update for Office 2016: October 9, 2018
2018-10-09 07:00:00
Description of the security update for Office 2013: October 9, 2018
2018-10-09 07:00:00
kaspersky
kaspersky
KLA11334 Multiple vulnerabilities in Microsoft Office
2018-10-09 00:00:00
KLA11889 Multiple vulnerabilities in Microsoft Products (ESU)
2018-10-09 00:00:00
KLA11333 Multiple vulnerabilities in Microsoft Windows
2018-10-09 00:00:00
prion
prion
Remote code execution
2018-10-10 13:29:00
Remote code execution
2018-10-10 13:29:00
Remote code execution
2018-10-10 13:29:00
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2018-10-09 07:00:00
Microsoft PowerPoint Remote Code Execution Vulnerability
2018-10-09 07:00:00
Microsoft Word Remote Code Execution Vulnerability
2018-10-09 07:00:00
symantec
symantec
Microsoft PowerPoint CVE-2018-8501 Security Bypass Vulnerability
2018-10-09 00:00:00
Microsoft Excel CVE-2018-8502 Security Bypass Vulnerability
2018-10-09 00:00:00
cve
cve
talosblog
talosblog
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.317 Low
EPSS
Percentile
96.9%
Related for OPENVAS:1361412562310814252