{"id": "SECURITYVULNS:VULN:12465", "bulletinFamily": "software", "title": "Microsoft Office security vulnerabilities", "description": "VBA unsafe library loading, Office for Mac weak files permissions.", "published": "2012-07-11T00:00:00", "modified": "2012-07-11T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12465", "reporter": "MICROSOFT", "references": [], "cvelist": ["CVE-2012-1894", "CVE-2012-1854"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:47", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "df3cf859d825af0bee3763a8cee73a81"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "5d45dc664d6e31fa4fdd2aa3cce0b636"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "220a315e1abf6c00fbb1b4d7e0910bd4"}, {"key": "href", "hash": "7dfc5951ef57c0c603dab04a45953037"}, {"key": "modified", "hash": "2079404fd23c6f7cc2cdae104d5bbc5a"}, {"key": "published", "hash": "2079404fd23c6f7cc2cdae104d5bbc5a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6ef686b32faf3c870b16770ecf4de086"}, {"key": "title", "hash": "967a50dd75a9f404590a28de60dec22f"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "102ebeef558906d1e6cd85af45ccaadf05fc451902c8ca25b3431a1f434f80e5", "viewCount": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:09:47"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1894", "CVE-2012-1854"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310903034", "OPENVAS:901210", "OPENVAS:903034", "OPENVAS:1361412562310901210"]}, {"type": "nessus", "idList": ["SMB_NT_MS12-046.NASL", "MACOSX_MS12-051.NASL"]}, {"type": "seebug", "idList": ["SSV:60274"]}], "modified": "2018-08-31T11:09:47"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "Office", "operator": "eq", "version": "2010"}, {"name": "Office", "operator": "eq", "version": "2007"}, {"name": "Office", "operator": "eq", "version": "2003"}]}

{"cve": [{"lastseen": "2018-10-13T11:35:46", "bulletinFamily": "NVD", "description": "Microsoft Office for Mac 2011 uses world-writable permissions for the \"Applications/Microsoft Office 2011/\" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka \"Office for Mac Improper Folder Permissions Vulnerability.\"", "modified": "2018-10-12T18:03:00", "published": "2012-07-10T17:55:06", "id": "CVE-2012-1894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1894", "title": "CVE-2012-1894", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-13T11:35:46", "bulletinFamily": "NVD", "description": "Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Visual Basic for Applications Insecure Library Loading Vulnerability,\" as exploited in the wild in July 2012.", "modified": "2018-10-12T18:02:45", "published": "2012-07-10T17:55:05", "id": "CVE-2012-1854", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1854", "title": "CVE-2012-1854", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:43:52", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-046.", "modified": "2018-10-12T00:00:00", "published": "2012-07-11T00:00:00", "id": "OPENVAS:1361412562310903034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903034", "title": "Visual Basic for Applications Remote Code Execution Vulnerability (2707960)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-046.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Visual Basic for Applications Remote Code Execution Vulnerability (2707960)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903034\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-1854\");\n script_bugtraq_id(54303);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-11 12:07:45 +0530 (Wed, 11 Jul 2012)\");\n script_name(\"Visual Basic for Applications Remote Code Execution Vulnerability (2707960)\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\",\n \"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code affected system.\");\n script_tag(name:\"affected\", value:\"Microsoft Visual Basic for Applications,\n Microsoft Office 2003 Service Pack 3 and prior,\n Microsoft Office 2007 Service Pack 3 and prior,\n Microsoft Office 2010 Service Pack 1 and prior.\");\n script_tag(name:\"insight\", value:\"Microsoft Visual Basic for Applications incorrectly restricts the path used\n for loading external libraries, which can be exploited by tricking a user to\n open a legitimate Microsoft Office related file located in the same network\n directory as a specially crafted dynamic link library (DLL) file.\");\n script_tag(name:\"solution\", value:\"Run Windows Update and install the listed hotfixes or download and\n install the hotfixes from the referenced advisory.\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS12-046.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/49800/\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/976321\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2598243\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/KB/2598361\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2553447\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2688865\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/KB2598361\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms12-046\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\ndllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(!dllPath){\n exit(0);\n}\n\nofficeVer = get_kb_item(\"MS/Office/Ver\");\n\ndllVer6 = fetch_file_version(sysPath:dllPath,\n file_name:\"Microsoft Shared\\VBA\\VBA6\\VBE6.DLL\");\n\nif(dllVer6)\n{\n if(version_is_less(version:dllVer6, test_version:\"6.5.10.54\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nif(officeVer =~ \"^14\\..*\")\n{\n dllVer7 = fetch_file_version(sysPath:dllPath,\n file_name:\"Microsoft Shared\\VBA\\VBA7\\VBE7.DLL\");\n\n if(dllVer7)\n {\n if(version_in_range(version:dllVer7, test_version:\"7.0\", test_version2:\"7.0.16.26\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n accVer = fetch_file_version(sysPath:dllPath,\n file_name:\"Microsoft Shared\\OFFICE14\\ACEES.DLL\");\n\n if(accVer)\n {\n if(version_in_range(version:accVer, test_version:\"14.0\", test_version2:\"14.0.6015.999\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:49", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS12-051.", "modified": "2017-04-25T00:00:00", "published": "2012-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=901210", "id": "OPENVAS:901210", "title": "Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-051_macosx.nasl 6022 2017-04-25 12:51:04Z teissa $\n#\n# Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code\n in the security context of the current user.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Office 2011 for Mac\";\ntag_insight = \"The application being installed with insecure folder permissions and can\n be exploited to create arbitrary files in certain directories.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms12-051\";\ntag_summary = \"This host is missing an important security update according to\n Microsoft Bulletin MS12-051.\";\n\nif(description)\n{\n script_id(901210);\n script_version(\"$Revision: 6022 $\");\n script_cve_id(\"CVE-2012-1894\");\n script_bugtraq_id(54361);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-25 14:51:04 +0200 (Tue, 25 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-11 08:54:28 +0530 (Wed, 11 Jul 2012)\");\n script_name(\"Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49876/\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-051\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_require_keys(\"MS/Office/MacOSX/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\noffVer = \"\";\n\n## Get the version from KB\noffVer = get_kb_item(\"MS/Office/MacOSX/Ver\");\nif(!offVer){\n exit(0);\n}\n\n## Check for Office Version 2011 (14.2.3)\nif(version_in_range(version:offVer, test_version:\"14.0\", test_version2:\"14.2.2\")){\n security_message(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:44", "bulletinFamily": "scanner", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS12-046.", "modified": "2017-04-11T00:00:00", "published": "2012-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=903034", "id": "OPENVAS:903034", "title": "Visual Basic for Applications Remote Code Execution Vulnerability (2707960)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-046.nasl 5931 2017-04-11 09:02:04Z teissa $\n#\n# Visual Basic for Applications Remote Code Execution Vulnerability (2707960)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code affected system.\n Impact Level: System/Application\";\ntag_affected = \"Microsoft Visual Basic for Applications\n Microsoft Office 2003 Service Pack 3 and prior\n Microsoft Office 2007 Service Pack 3 and prior\n Microsoft Office 2010 Service Pack 1 and prior\";\ntag_insight = \"Microsoft Visual Basic for Applications incorrectly restricts the path used\n for loading external libraries, which can be exploited by tricking a user to\n open a legitimate Microsoft Office related file located in the same network\n directory as a specially crafted dynamic link library (DLL) file.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms12-046\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS12-046.\";\n\nif(description)\n{\n script_id(903034);\n script_version(\"$Revision: 5931 $\");\n script_cve_id(\"CVE-2012-1854\");\n script_bugtraq_id(54303);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 11:02:04 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-11 12:07:45 +0530 (Wed, 11 Jul 2012)\");\n script_name(\"Visual Basic for Applications Remote Code Execution Vulnerability (2707960)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\",\n \"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/49800/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/976321\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2598243\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/KB/2598361\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2553447\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2688865\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/KB2598361\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms12-046\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variable Initialization\nofficeVer = \"\";\ndllPath = \"\";\ndllVer6 = \"\";\ndllVer7 = \"\";\naccVer = \"\";\n\n## Get CommonFilesDir path\ndllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"CommonFilesDir\");\nif(!dllPath){\n exit(0);\n}\n\n### Confirm the office 2003, 2007 and 2010 installation.\nofficeVer = get_kb_item(\"MS/Office/Ver\");\n\n## Grep VBE6.DLL file version.\ndllVer6 = fetch_file_version(sysPath:dllPath,\n file_name:\"Microsoft Shared\\VBA\\VBA6\\VBE6.DLL\");\n\nif(dllVer6)\n{\n ## Check for VBE6.DLL version\n if(version_is_less(version:dllVer6, test_version:\"6.5.10.54\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\nif(officeVer =~ \"^14\\..*\")\n{\n ## Grep VBE7.DLL file version.\n dllVer7 = fetch_file_version(sysPath:dllPath,\n file_name:\"Microsoft Shared\\VBA\\VBA7\\VBE7.DLL\");\n\n if(dllVer7)\n {\n ## Check for VBE7.DLL version\n if(version_in_range(version:dllVer7, test_version:\"7.0\", test_version2:\"7.0.16.26\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n ## Grep for ACEES.DLL file version\n accVer = fetch_file_version(sysPath:dllPath,\n file_name:\"Microsoft Shared\\OFFICE14\\ACEES.DLL\");\n\n if(accVer)\n {\n ## Check for ACEES.DLL file version\n if(version_in_range(version:accVer, test_version:\"14.0\", test_version2:\"14.0.6015.999\")){\n security_message(0);\n }\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:42:31", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS12-051.", "modified": "2018-10-12T00:00:00", "published": "2012-07-11T00:00:00", "id": "OPENVAS:1361412562310901210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310901210", "title": "Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms12-051_macosx.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.901210\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-1894\");\n script_bugtraq_id(54361);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-11 08:54:28 +0530 (Wed, 11 Jul 2012)\");\n script_name(\"Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/49876/\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms12-051\");\n\n script_copyright(\"Copyright (C) 2012 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Office/MacOSX/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code\n in the security context of the current user.\");\n script_tag(name:\"affected\", value:\"Microsoft Office 2011 for Mac\");\n script_tag(name:\"insight\", value:\"The application being installed with insecure folder permissions and can\n be exploited to create arbitrary files in certain directories.\");\n script_tag(name:\"solution\", value:\"Run Windows Update and install the listed hotfixes or download and\n install the hotfixes from the referenced advisory.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS12-051.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\noffVer = get_kb_item(\"MS/Office/MacOSX/Ver\");\nif(!offVer){\n exit(0);\n}\n\nif(version_in_range(version:offVer, test_version:\"14.0\", test_version2:\"14.2.2\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:55:25", "bulletinFamily": "exploit", "description": "Bugtraq ID:54361\r\nCVE ID:CVE-2012-1894\r\n\r\nMicrosoft Office\u662f\u4e00\u6b3e\u5fae\u8f6f\u63d0\u4f9b\u7684\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\u3002\r\nMicrosoft Office for Mac 2011\u8bbe\u7f6e\u7684&quot;Applications/Microsoft Office 2011/&quot;\u76ee\u5f55\u548c\u5176\u4ed6\u76ee\u5f55\u4e3a\u5168\u5c40\u53ef\u5199\u6743\u9650\uff0c\u672c\u5730\u7528\u6237\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u8fd9\u4e9b\u76ee\u5f55\u4e4b\u4e2d\u653e\u7f6e\u6076\u610f\u76ee\u5f55\uff0c\u6765\u4ee5\u76ee\u6807\u7528\u6237\u7279\u6743\u6267\u884c\u6076\u610f\u4ee3\u7801\u3002\n0\nMicrosoft Office for Mac 2011\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://technet.microsoft.com/security/bulletin/MS12-051", "modified": "2012-07-11T00:00:00", "published": "2012-07-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60274", "id": "SSV:60274", "type": "seebug", "title": "Microsoft Office for Mac\u4e0d\u6b63\u786e\u6587\u4ef6\u5939\u6743\u9650\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:14:02", "bulletinFamily": "scanner", "description": "The version of Visual Basic for Applications installed on the remote\nhost is affected by an insecure library loading vulnerability.\n\nA remote attacker could exploit this flaw by tricking a user into\nopening a legitimate Microsoft Office file located in the same\ndirectory as a maliciously crafted dynamic link library (DLL) file,\nresulting in arbitrary code execution.\n\nNote that if an affected copy of VBE6.DLL was installed by a third-\nparty application, it may be necessary to contact that application's\nvendor for an update.", "modified": "2018-11-15T00:00:00", "published": "2012-07-11T00:00:00", "id": "SMB_NT_MS12-046.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59909", "title": "MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59909);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2012-1854\");\n script_bugtraq_id(54303);\n script_xref(name:\"MSFT\", value:\"MS12-046\");\n script_xref(name:\"IAVA\", value:\"2012-A-0109\");\n script_xref(name:\"MSKB\", value:\"2598361\");\n script_xref(name:\"MSKB\", value:\"2596744\");\n script_xref(name:\"MSKB\", value:\"2598243\");\n script_xref(name:\"MSKB\", value:\"2553447\");\n script_xref(name:\"MSKB\", value:\"2688865\");\n script_xref(name:\"MSKB\", value:\"2687626\");\n\n script_name(english:\"MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)\");\n script_summary(english:\"Checks version of Vbe6.dll / Vbe7.dll / Vbajet32.Dll\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"Arbitrary code can be executed on the remote host through Visual Basic\nfor Applications.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Visual Basic for Applications installed on the remote\nhost is affected by an insecure library loading vulnerability.\n\nA remote attacker could exploit this flaw by tricking a user into\nopening a legitimate Microsoft Office file located in the same\ndirectory as a maliciously crafted dynamic link library (DLL) file,\nresulting in arbitrary code execution.\n\nNote that if an affected copy of VBE6.DLL was installed by a third-\nparty application, it may be necessary to contact that application's\nvendor for an update.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2269637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-046\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for Office as well as Visual\nBasic for Applications Runtime and SDK.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_basic_software_development_kit\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS12-046';\nkbs = make_list('2598361', '2596744', '2598243', '2553447', '2688865', '2687626');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\ncommon = hotfix_get_commonfilesdir();\nif (!common) exit(1, \"hotfix_get_commonfilesdir() failed.\");\n\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:common);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n# Determine the applicable KB for the VBA6 related software\nvba6_kb = '2688865';\noffice_ver = hotfix_check_office_version();\nif (office_ver)\n{\n # Office 2007\n if (office_ver['12.0']) vba6_kb = \"2596744\";\n # Office 2003\n else if (office_ver['11.0']) vba6_kb = \"2598361\";\n}\n\nvuln = 0;\n\n# Office 2010\nif (office_ver['14.0'])\n{\n vuln += hotfix_is_vulnerable(path:common+\"\\Microsoft Shared\\VBA\\VBA7\", file:\"Vbe7.dll\", version:\"7.00.16.27\", bulletin:bulletin, kb:\"2598243\");\n vuln += hotfix_is_vulnerable(path:common+\"\\Microsoft Shared\\OFFICE14\", file:\"Vbajet32.Dll\", version:\"6.0.1.1627\", bulletin:bulletin, kb:\"2553447\");\n}\n\n# Office 2003 / 2007 / VBA\nvuln += hotfix_is_vulnerable(path:common+\"\\Microsoft Shared\\VBA\\VBA6\", file:\"Vbe6.dll\", version:\"6.5.10.54\", bulletin:bulletin, kb:vba6_kb);\n\nif (vuln > 0)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n exit(0, 'The host is not affected.');\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:14:02", "bulletinFamily": "scanner", "description": "The remote Mac OS X host is running a version of Microsoft Office for\nMac that is affected by a privilege escalation vulnerability in the\nway that folder permissions are set in certain installations. If an\nattacker places a malicious executable in the Office 2011 folder and\nlures a user into logging in and running that executable, he could\ncause arbitrary code to be executed in the context of that user.\n\nNote that this issue is primarily a risk on shared workstations, such\nas in a library or an Internet cafe.", "modified": "2018-07-14T00:00:00", "published": "2012-07-11T00:00:00", "id": "MACOSX_MS12-051.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59914", "title": "MS12-051: Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) (Mac OS X)", "type": "nessus", "sourceData": "#TRUSTED 14606f3684ec224d1eb8050437154963fbf2ed67a2ca6079511b4d2f0758bb69308db2ff090c648c3a8e6c025293ba2aefba0a89c9fda9f8574dc503e6c138143b16d720ded19c483feb79ff6711ae6ddd5b26260ed2bb65b60d93b973735dc6cb374cfdbd508710bc1c6de1cc22638cecb8ef431041201d3df12fb6a42f6484ba7a6a4aa6cd69d569640b1fe916adde4329bb83887271a13f176f5ad9976d346caa2cb193a329c2da36cbf2a95a10087ab462fbe57697174dea33e715a48418a57becb086fdc8cdc9c87b73b22b7a1478191e1244d913762c55fc727ec5ecd9334fe14af6b8c1f1f43b2c7b11f62546b0f6aba6c5990f480f526c10e5c1ec5d3dcdd8d0e4e84ae26832a8e9787412277d37a5bf331f25bed1ea58111dca63480240fb05699c88a00149b07c70cfdc8be07015182128b0c1d77411a06657c9da6f2e19b0ddc03e99600e34f06d789c4d9832c3e2c596f4a32dc1cdee679a5b62d6a68991dc30be04ea21df816c21a59d0601ac9cac37064b015c52418b24851daac2b5623006a324b036cc3fd79dd10b94e57536a1d5ff6c8a3da2687895ef76ef6e48acf9976c838e8170e00f485ee2d0b8e0ca95765f54829f76b9c910bc5c89ee98ce77eea3b970c203ab78f5f3940c75e5262086b16eeefa4e974a30849bde9330102d3e824e34b45c2e61b24416c7d10a78f687cb90d754a7eedbb73a06\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59914);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\"CVE-2012-1894\");\n script_bugtraq_id(54361);\n script_xref(name:\"MSFT\", value:\"MS12-051\");\n script_xref(name:\"MSKB\", value:\"2721015\");\n\n script_name(english:\"MS12-051: Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"An application installed on the remote Mac OS X host is affected by an\nelevation of privilege vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host is running a version of Microsoft Office for\nMac that is affected by a privilege escalation vulnerability in the\nway that folder permissions are set in certain installations. If an\nattacker places a malicious executable in the Office 2011 folder and\nlures a user into logging in and running that executable, he could\ncause arbitrary code to be executed in the context of that user.\n\nNote that this issue is primarily a risk on shared workstations, such\nas in a library or an Internet cafe.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms12-051\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a patch for Office for Mac 2011.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2011::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office for Mac 2011';\nplist = \"/Applications/Microsoft Office 2011/Office/MicrosoftComponentPlugin.framework/Versions/14/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^14\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '14.2.3';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:info);\n else security_warning(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac 2011 is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}