### Description
Microsoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
### Technologies Affected
* Microsoft Excel 2003 SP3
* Microsoft Excel 2007 SP3
* Microsoft Excel 2010 SP1 (32-bit editions)
* Microsoft Excel 2010 SP1 (64-bit editions)
* Microsoft Excel 2010 SP2 (32-bit editions)
* Microsoft Excel 2010 SP2 (64-bit editions)
* Microsoft Excel Viewer
* Microsoft Office Compatibility Pack SP3
### Recommendations
**Run all software as a nonprivileged user with minimal access rights.**
When possible, run all software as a user with minimal privileges and limited access to system resources. Use additional precautions such as restrictive environments to insulate software that may potentially handle malicious content.
**Deploy network intrusion detection systems to monitor network traffic for malicious activity.**
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.
**Do not follow links provided by unknown or untrusted sources.**
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Updates are available. Please see the references or vendor advisory for more information.
{"id": "SMNTC-62225", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Excel CVE-2013-3159 XML Files Handling Information Disclosure Vulnerability", "description": "### Description\n\nMicrosoft Excel is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Excel 2003 SP3 \n * Microsoft Excel 2007 SP3 \n * Microsoft Excel 2010 SP1 (32-bit editions) \n * Microsoft Excel 2010 SP1 (64-bit editions) \n * Microsoft Excel 2010 SP2 (32-bit editions) \n * Microsoft Excel 2010 SP2 (64-bit editions) \n * Microsoft Excel Viewer \n * Microsoft Office Compatibility Pack SP3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nWhen possible, run all software as a user with minimal privileges and limited access to system resources. Use additional precautions such as restrictive environments to insulate software that may potentially handle malicious content.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2013-09-10T00:00:00", "modified": "2013-09-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/62225", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2013-3159"], "lastseen": "2021-06-08T19:04:00", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-3159"]}, {"type": "mskb", "idList": ["KB2858300"]}, {"type": "nessus", "idList": ["MACOSX_MS13-073.NASL", "SMB_NT_MS13-073.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310902996", "OPENVAS:1361412562310902997", "OPENVAS:1361412562310902998", "OPENVAS:1361412562310902999", "OPENVAS:902996", "OPENVAS:902997", "OPENVAS:902998", "OPENVAS:902999"]}, {"type": "ptsecurity", "idList": ["PT-2013-72"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13276"]}]}, "score": {"value": -0.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2013-3159"]}, {"type": "mskb", "idList": ["KB2858300"]}, {"type": "nessus", "idList": ["BLUECOAT_MGNT_CONSOLE.NASL", "BLUECOAT_REPORTER.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310902996"]}, {"type": "ptsecurity", "idList": ["PT-2013-72"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13276"]}]}, "exploitation": null, "vulnersScore": -0.8}, "affectedSoftware": [{"name": "microsoft excel", "operator": "eq", "version": "2010 SP1 (64-bit editions) "}, {"name": "microsoft excel", "operator": "eq", "version": "2010 SP1 (32-bit editions) "}, {"name": "microsoft excel", "operator": "eq", "version": "2010 SP2 (64-bit editions) "}, {"name": "microsoft excel", "operator": "eq", "version": "2010 SP2 (32-bit editions) "}, {"name": "microsoft excel", "operator": "eq", "version": "2003 SP3 "}, {"name": "microsoft excel", "operator": "eq", "version": "2007 SP3 "}], "immutableFields": [], "edition": 2, "scheme": null, "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 1659703426, "affected_software_major_version": 1666691171}}
{"ptsecurity": [{"lastseen": "2021-10-22T10:43:38", "description": "# PT-2013-72: XML External Entities Resolution vulnerability in Microsoft Office Excel\n\n## Vulnerable software\n\nMicrosoft Office Excel \nVersion: 2010 SP2 and earlier; 2007 SP3 and earlier; 2003 SP3 and earlier\n\nMicrosoft Excel Viewer \nVersion: 2007 SP3 and earlier\n\nLink: \n<http://microsoft.com/>[](<http://qutim.org/>)\n\n## Severity level\n\nSeverity level: Medium \nImpact: Internal Network Resources and File System Access, Denial of Service \nAccess Vector: Remote \n\n\nCVSS v2: \nBase Score: 5.8 \nVector: (AV:N/AC:M/Au:N/C:P/I:N/A:P)\n\nCVE: CVE-2013-3159\n\n## Software description\n\nMicrosoft Office Excel is a commercial spreadsheet application written and distributed by Microsoft for Microsoft Windows and Mac OS X. \n\n## Vulnerability description\n\nThe specialists of the Positive Research center have detected an XML External Entities Resolution vulnerability in Microsoft Office Excel.\n\nThe vulnerability is possible due to unsafe parsing of XML external entities. If an attacker makes a victim open a specially crafted XML document, Microsoft Office Excel installed on the vistim's system will automatically send the contents of local or remote resource to the attacker's server. It also makes possible to conduct denial of service attacks.\n\n## How to fix\n\nUse vendor's advisory: \n<http://technet.microsoft.com/en-us/security/bulletin/ms13-073>\n\n## Advisory status\n\n26.11.2012 - Vendor gets vulnerability details \n10.09.2013 - Vendor releases fixed version and details \n09.10.2013 - Public disclosure\n\n## Credits\n\nThe vulnerability was detected by Timur Yunusov, Alexey Osipov and Ilya Karpov, Positive Research Center (Positive Technologies Company)\n\n## References\n\n<http://en.securitylab.ru/lab/PT-2013-72> \n\n\nReports on the vulnerabilities previously discovered by Positive Research:\n\n<http://www.ptsecurity.com/research/advisory/> \n<http://en.securitylab.ru/lab/>\n", "cvss3": {}, "published": "2012-11-26T00:00:00", "type": "ptsecurity", "title": "PT-2013-72: XML External Entities Resolution vulnerability in Microsoft Office Excel", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3159"], "modified": "2013-10-09T00:00:00", "id": "PT-2013-72", "href": "https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2013-72/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:51:01", "description": "Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka \"XML External Entities Resolution Vulnerability.\"", "cvss3": {}, "published": "2013-09-11T14:03:00", "type": "cve", "title": "CVE-2013-3159", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3159"], "modified": "2018-10-12T22:04:00", "cpe": ["cpe:/a:microsoft:excel:2010", "cpe:/a:microsoft:excel:2007", "cpe:/a:microsoft:excel:2003"], "id": "CVE-2013-3159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3159", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*", "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*", "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:x64:*", "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:x86:*:*"]}], "mskb": [{"lastseen": "2021-01-01T22:40:11", "description": "<html><body><p>This security update addresses the vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validates data when parsing specially crafted Office files and by correcting how the XML parser used by Excel resolves external entities within a specially crafted file.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS13-073. To view the complete security bulletin, visit one of the following Microsoft websites: <ul class=\"sbody-free_list\"><li>Home users:<div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms13-073\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS13-073</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. These articles may contain known issue information. If this is the case, the known issue is listed below each article link. <ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2760583\" id=\"kb-link-8\">2760583 </a> MS13-073: Description of the security update for Microsoft Office Excel 2007: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2760588\" id=\"kb-link-9\">2760588 </a> MS13-073: Description of the security update for Microsoft Excel 2007 (xlconv-x-none.msp): September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2760590\" id=\"kb-link-10\">2760590 </a> MS13-073: Description of the security update for Microsoft Office Excel Viewer 2007: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2760597\" id=\"kb-link-11\">2760597 </a> MS13-073: Description of the security update for Microsoft Excel 2010: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2768017\" id=\"kb-link-12\">2768017 </a> MS13-073: Description of the security update for Microsoft Excel 2013: September 10, 2013</li><li><a href=\"https://support.microsoft.com/en-us/help/2810048\" id=\"kb-link-13\">2810048 </a> MS13-073: Description of the security update for Microsoft Excel 2003: September 10, 2013</li></ul><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">excel2007-kb2760583-fullfile-x86-glb.exe</td><td class=\"sbody-td\">8FD16A3D1C4DA075891721202BC5734B75229F21</td><td class=\"sbody-td\">A741EA7CE7FABB40D011C3141EBBB06C6B6473DB23B57D90A8A52A24A5820AE0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">excel2010-kb2760597-fullfile-x64-glb.exe</td><td class=\"sbody-td\">EA9BEBA1E7D06C13531A67671A5E73259FBDE93D</td><td class=\"sbody-td\">134497AEA1D38DB03032CD58BFF4B619D8CD16938709E1EE7F73EDFCE59A6CDF</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">excel2010-kb2760597-fullfile-x86-glb.exe</td><td class=\"sbody-td\">0A329ED77A783DBAE7DB221DEA444E2508671A38</td><td class=\"sbody-td\">FE471E005A512AD64B9F4DD9CE653741A7874E6088D48E6BD78F3C582191832A</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">graph2010-kb2687275-fullfile-x64-glb.exe</td><td class=\"sbody-td\">07D569E5CA650CB5E4BDF090E4BE6EAC91511018</td><td class=\"sbody-td\">98999DDB40B437D0A2E9C9DA6827F6A369F7D914E0FF1E6F0A8AD468797CFC13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">graph2010-kb2687275-fullfile-x86-glb.exe</td><td class=\"sbody-td\">71598A0D6E189AD0D4E4785EC5ACC2A4F4823814</td><td class=\"sbody-td\">32458E0DDDBD6D9805C94E419B567050AE0943CFC8B333FBAAA7734033F38AE2</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wdsrv2010-kb2760755-fullfile-x64-glb.exe</td><td class=\"sbody-td\">F55883F6C0D5A5EDD2F04747880159D96A72743F</td><td class=\"sbody-td\">5B4F1B2D87C63D0B9DCB017FF5B09ED309A7C8402AD34694FACEB1F43150E126</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlconv2007-kb2760588-fullfile-x86-glb.exe</td><td class=\"sbody-td\">60F61CB663E9562E32799E2188D11DB346313E31</td><td class=\"sbody-td\">6644B99D1A83B7D32D8D9C8A90FEE7742160A3B6F020FE3BF303FE454CD0ABEB</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrv2010-kb2760595-fullfile-x64-glb.exe</td><td class=\"sbody-td\">B4D49782733AC2158F1C07177DB44320A543AC34</td><td class=\"sbody-td\">CAA100BC32C152A21E0391D3779360E70F8062006C938A7E2D3F51F378C0ECF0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrvapp2007-kb2760589-fullfile-x64-glb.exe</td><td class=\"sbody-td\">B188BF54191B670760C514ED44A8066FC03A528A</td><td class=\"sbody-td\">295C2683D3D0BC90604694735F1C20C98B350217BEC7BCB8F0E35A8567F9D768</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlsrvapp2007-kb2760589-fullfile-x86-glb.exe</td><td class=\"sbody-td\">6E90D96E807A8694CEBFA1459F2AB696FDD56DF6</td><td class=\"sbody-td\">6AA3CC62A521B10629C4998567A63A3BEC61F48243780AA79C40F96FAF7B8B44</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlview2007-kb2760590-fullfile-x86-glb.exe</td><td class=\"sbody-td\">55C7B6442366AFC6EACFDF6047EA9F1335933B0D</td><td class=\"sbody-td\">EF672F28301954566CC33E9425155729AF1EF9E350EB055E735DF464DB1A9F95</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">xlwac2010-kb2760594-fullfile-x64-glb.exe</td><td class=\"sbody-td\">722CDD51E9AF23F29372D020938AEFC5DA350096</td><td class=\"sbody-td\">E7116450C7F9304939EFA1F74B9D0E2655243455964478DA485229CD7D55EBF3</td></tr></table></div></div><br/></span></div></div></div></div></body></html>", "edition": 2, "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "mskb", "title": "MS13-073: Vulnerabilities in Microsoft Excel could allow remote code execution: September 10, 2013", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2013-09-10T17:10:48", "id": "KB2858300", "href": "https://support.microsoft.com/en-us/help/2858300/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-10T19:53:54", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2858300)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902999", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902999", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2858300)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902999\");\n script_version(\"2020-06-09T08:59:39+0000\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 08:59:39 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 13:54:46 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2858300)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-073.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists when processing XML data, which can be exploited to\n disclose contents of certain local files by sending specially crafted XML\n data including external entity references.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Compatibility Pack Service Pack 3 and prior.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to corrupt memory and\n disclose sensitive information.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760588\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/ComptPack/Version\", \"SMB/Office/XLCnv/Version\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\ncmpPckVer = get_kb_item(\"SMB/Office/ComptPack/Version\");\nif(cmpPckVer && cmpPckVer =~ \"^12\\.\")\n{\n xlcnvVer = get_kb_item(\"SMB/Office/XLCnv/Version\");\n if(xlcnvVer && xlcnvVer =~ \"^12\\.\")\n {\n if(version_in_range(version:xlcnvVer, test_version:\"12.0\", test_version2:\"12.0.6679.4999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:03", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Excel Remote Code Execution Vulnerabilities (2858300)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2017-05-11T00:00:00", "id": "OPENVAS:902997", "href": "http://plugins.openvas.org/nasl.php?oid=902997", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms_excel_ms13-073.nasl 6104 2017-05-11 09:03:48Z teissa $\n#\n# Microsoft Office Excel Remote Code Execution Vulnerabilities (2858300)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(902997);\n script_version(\"$Revision: 6104 $\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 13:11:33 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Excel Remote Code Execution Vulnerabilities (2858300)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws exists when processing XML data, which can be exploited to\ndisclose contents of certain local files by sending specially crafted XML\ndata including external entity references.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to corrupt memory and\ndisclose sensitive information.\n\nImpact Level: Application \";\n\n tag_affected =\n\"Microsoft Excel 2013\nMicrosoft Excel 2003 Service Pack 3 and prior\nMicrosoft Excel 2007 Service Pack 3 and prior\nMicrosoft Excel 2010 Service Pack 2 and prior\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-073\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2810048\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760583\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760597\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2768017\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Excel/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nexcelVer = \"\";\n\n## Check for Office Excel 2003/2007/2010/2013\nexcelVer = get_kb_item(\"SMB/Office/Excel/Version\");\nif(excelVer =~ \"^(11|12|14|15)\\..*\")\n{\n ## Check version Excel.exe\n if(version_in_range(version:excelVer, test_version:\"11.0\", test_version2:\"11.0.8403\") ||\n version_in_range(version:excelVer, test_version:\"12.0\", test_version2:\"12.0.6679.4999\") ||\n version_in_range(version:excelVer, test_version:\"14.0\", test_version2:\"14.0.7104.4999\") ||\n version_in_range(version:excelVer, test_version:\"15.0\", test_version2:\"15.0.4535.1002\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-01-08T14:02:23", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Excel Remote Code Execution Vulnerabilities (2858300)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310902997", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902997", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Excel Remote Code Execution Vulnerabilities (2858300)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902997\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 13:11:33 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Excel Remote Code Execution Vulnerabilities (2858300)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-073.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists when processing XML data, which can be exploited to\n disclose contents of certain local files by sending specially crafted XML data including external entity references.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Excel 2013\n\n - Microsoft Excel 2003 Service Pack 3 and prior\n\n - Microsoft Excel 2007 Service Pack 3 and prior\n\n - Microsoft Excel 2010 Service Pack 2 and prior\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to corrupt memory and\n disclose sensitive information.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2810048\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760583\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760597\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2768017\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Excel/Version\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nexcelVer = get_kb_item(\"SMB/Office/Excel/Version\");\nif(excelVer =~ \"^1[1245]\\.\")\n{\n if(version_in_range(version:excelVer, test_version:\"11.0\", test_version2:\"11.0.8403\") ||\n version_in_range(version:excelVer, test_version:\"12.0\", test_version2:\"12.0.6679.4999\") ||\n version_in_range(version:excelVer, test_version:\"14.0\", test_version2:\"14.0.7104.4999\") ||\n version_in_range(version:excelVer, test_version:\"15.0\", test_version2:\"15.0.4535.1002\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:10", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (2858300)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2017-05-12T00:00:00", "id": "OPENVAS:902998", "href": "http://plugins.openvas.org/nasl.php?oid=902998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms_excel_viewer_ms13-073.nasl 6115 2017-05-12 09:03:25Z teissa $\n#\n# Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (2858300)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(902998);\n script_version(\"$Revision: 6115 $\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-12 11:03:25 +0200 (Fri, 12 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 13:36:18 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (2858300)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws exists when processing XML data, which can be exploited to\ndisclose contents of certain local files by sending specially crafted XML\ndata including external entity references.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to corrupt memory and\ndisclose sensitive information.\n\nImpact Level: Application \";\n\n tag_affected =\n\"Microsoft Office Excel Viewer 2007\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-073\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54739\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760590\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/XLView/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nexcelviewVer = \"\";\n\n## Microsoft Office Excel Viewer 2007\nexcelviewVer = get_kb_item(\"SMB/Office/XLView/Version\");\nif(excelviewVer =~ \"^12\\..*\")\n{\n ## check for Xlview.exe version\n if(version_in_range(version:excelviewVer, test_version:\"12.0\", test_version2:\"12.0.6679.4999\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:07", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2858300)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2017-05-08T00:00:00", "id": "OPENVAS:902999", "href": "http://plugins.openvas.org/nasl.php?oid=902999", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms_office_compatibility_pack_ms13-073.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2858300)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(902999);\n script_version(\"$Revision: 6079 $\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 13:54:46 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2858300)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws exists when processing XML data, which can be exploited to\ndisclose contents of certain local files by sending specially crafted XML\ndata including external entity references.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to corrupt memory and\ndisclose sensitive information.\n\nImpact Level: Application \";\n\n tag_affected =\n\"Microsoft Office Compatibility Pack Service Pack 3 and prior\";\n\n tag_solution =\n\"Run Windows Update and update the listed hotfixes or download and update\nmentioned hotfixes in the advisory from the below link,\nhttps://technet.microsoft.com/en-us/security/bulletin/ms13-073\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54739\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2760588\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/ComptPack/Version\", \"SMB/Office/XLCnv/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nxlcnvVer = \"\";\n\n## Check for Office Compatibility Pack 2007 and 2007\nif(get_kb_item(\"SMB/Office/ComptPack/Version\") =~ \"^12\\..*\")\n{\n xlcnvVer = get_kb_item(\"SMB/Office/XLCnv/Version\");\n if(xlcnvVer)\n {\n ## Check for Office Excel Converter 2007\n if(version_in_range(version:xlcnvVer, test_version:\"12.0\", test_version2:\"12.0.6679.4999\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:11:15", "description": "This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Remote Code Execution Vulnerabilities-2858300 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2016-11-18T00:00:00", "id": "OPENVAS:902996", "href": "http://plugins.openvas.org/nasl.php?oid=902996", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-073_macosx.nasl 4570 2016-11-18 10:17:05Z antu123 $\n#\n# Microsoft Office Remote Code Execution Vulnerabilities-2858300 (Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(902996);\n script_version(\"$Revision: 4570 $\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-11-18 11:17:05 +0100 (Fri, 18 Nov 2016) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 12:29:56 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Remote Code Execution Vulnerabilities-2858300 (Mac OS X)\");\n\n tag_summary =\n\"This host is missing an important security update according to\nMicrosoft Bulletin MS13-073.\";\n\n tag_vuldetect =\n\"Get the vulnerable file version and check appropriate patch is applied\nor not.\";\n\n tag_insight =\n\"Multiple flaws exists when processing XML data, which can be exploited to\ndisclose contents of certain local files by sending specially crafted XML\ndata including external entity references.\";\n\n tag_impact =\n\"Successful exploitation will allow remote attackers to corrupt memory and\ndisclose sensitive information.\n\n Impact Level: Application \";\n\n tag_affected =\n\"Microsoft Office 2011 on Mac OS X\";\n\n tag_solution =\n\"Apply the patch from below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms13-073 \";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/54739/\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Office/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\noffVer = \"\";\n\n## Get the version from KB\noffVer = get_kb_item(\"MS/Office/MacOSX/Ver\");\n\n## check the version from KB\nif(!offVer || !(offVer =~ \"^(14)\")){\n exit(0);\n}\n\n## Check for Office Version < 2011 (14.3.7)\nif(version_in_range(version:offVer, test_version:\"14.0\", test_version2:\"14.3.6\"))\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-10T19:53:15", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Remote Code Execution Vulnerabilities-2858300 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902996", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902996", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Remote Code Execution Vulnerabilities-2858300 (Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902996\");\n script_version(\"2020-06-09T08:59:39+0000\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 08:59:39 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 12:29:56 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Remote Code Execution Vulnerabilities-2858300 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-073.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists when processing XML data, which can be exploited to\n disclose contents of certain local files by sending specially crafted XML data including external entity references.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2011 on Mac OS X.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to corrupt memory and\n disclose sensitive information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073\");\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Office/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noffVer = get_kb_item(\"MS/Office/MacOSX/Ver\");\n\nif(!offVer || offVer !~ \"^14\\.\"){\n exit(0);\n}\n\nif(version_in_range(version:offVer, test_version:\"14.0\", test_version2:\"14.3.6\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-10T19:53:10", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-073.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "openvas", "title": "Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (2858300)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-3159", "CVE-2013-3158", "CVE-2013-1315"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310902998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (2858300)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902998\");\n script_version(\"2020-06-09T08:59:39+0000\");\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 08:59:39 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-09-11 13:36:18 +0530 (Wed, 11 Sep 2013)\");\n script_name(\"Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (2858300)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-073.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists when processing XML data, which can be exploited to\n disclose contents of certain local files by sending specially crafted XML data including external entity references.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Excel Viewer 2007.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to corrupt memory and\n disclose sensitive information.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2760590\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/XLView/Version\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\n## Microsoft Office Excel Viewer 2007\nexcelviewVer = get_kb_item(\"SMB/Office/XLView/Version\");\nif(excelviewVer =~ \"^12\\.\")\n{\n if(version_in_range(version:excelviewVer, test_version:\"12.0\", test_version2:\"12.0.6679.4999\"))\n {\n report = report_fixed_ver(installed_version:excelviewVer, vulnerable_range:\"12.0 - 12.0.6679.4999\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:58:19", "description": "The remote Mac OS X host is running a version of Microsoft Excel that is affected by the following vulnerabilities :\n\n - Two memory corruption vulnerabilities exist due to the way the application handles objects in memory when parsing Office files. (CVE-2013-1315 / CVE-2013-3158)\n\n - An information disclosure vulnerability exists due to the way the application parses XML files containing external entities. (CVE-2013-3159)\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Excel file, it may be possible to leverage these issues to read arbitrary files on the target system or execute arbitrary code, subject to the user's privileges.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "nessus", "title": "MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1315", "CVE-2013-3158", "CVE-2013-3159"], "modified": "2022-06-29T00:00:00", "cpe": ["cpe:/a:microsoft:office:2011::mac"], "id": "MACOSX_MS13-073.NASL", "href": "https://www.tenable.com/plugins/nessus/69839", "sourceData": "#TRUSTED b0f1ce2af5be68c246a41cbb9813fbbb0a4ea33087337876b609f1f0df569382be56159100142584349c3fa6603044803546a023e8bab1cb7c7ff5cc0578047f74bf6b560ceb8c01a5cd5a10c7d0c6991d9901b96f19eb4961d773d39aac5cf2f7e20311743e8edc1c9e53894ee0a8a8a440e75b869aec90903915823640a816033c08da443f657fed91f691cd025d5becced0cee06f4304e17e472acdccdb4c8cc6993fb44c3d6c49155d95f059e180508ec0b2e4aa2803de258b11ce9f51ba98ec99eeb5a3b8d5d3f9117da6a943c7ef468fad622db5f61dfec8a9aa25a0e0d8cbda7e096a4b0b449a7c6eb7c575ee10ec82af59d5c473b6c6e911eb5409b05ecfa08179b651a9e6236de88bf1d59e1f9bb98d1fff6482d053ee83da92f6af8d96252425878e0b03248ce125b9a697c5a122def4c78b03100618c13a8b64a72a626ee1b080672952bfefc709ba9bc43244d60279d0c3243b9914b24641055f36663caf2dacd08c47bdc71cd62b699e63d0552a94632aa725d2047ceb3657499ede131e311b957542af9fb170c620597467d562b62c2950049c90a90c5a94f3e6e01238e4d65b2e24339346f8fea08cf606f0f6778e40a471922693af8fb866fadb493cd2da5750685ce406917cb9b9e1b4bbe10d3e549c0980347fb4a0f954cc3c623a9256caffb615ba781463b6b378170b65b802242a15e1464711cce6e6\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69839);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/29\");\n\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_xref(name:\"MSFT\", value:\"MS13-073\");\n script_xref(name:\"MSKB\", value:\"2877813\");\n\n script_name(english:\"MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300) (Mac OS X)\");\n script_summary(english:\"Check version of Microsoft Office\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"An application installed on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host is running a version of Microsoft Excel that\nis affected by the following vulnerabilities :\n\n - Two memory corruption vulnerabilities exist due to the\n way the application handles objects in memory when\n parsing Office files. (CVE-2013-1315 / CVE-2013-3158)\n\n - An information disclosure vulnerability exists due to\n the way the application parses XML files containing\n external entities. (CVE-2013-3159)\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Excel file, it may be possible to leverage these\nissues to read arbitrary files on the target system or execute\narbitrary code, subject to the user's privileges.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms13-073\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a patch for Office for Mac 2011.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office:2011::mac\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS ||\n get_one_kb_item('HostLevelChecks/proto') == 'local')\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n\n# Gather version info.\ninfo = '';\ninstalls = make_array();\n\nprod = 'Office for Mac 2011';\nplist = \"/Applications/Microsoft Office 2011/Office/MicrosoftComponentPlugin.framework/Versions/14/Resources/Info.plist\";\ncmd = 'cat \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleShortVersionString | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (version && version =~ \"^[0-9]+\\.\")\n{\n version = chomp(version);\n if (version !~ \"^14\\.\") exit(1, \"Failed to get the version for \"+prod+\" - '\"+version+\"'.\");\n\n installs[prod] = version;\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fixed_version = '14.3.7';\n fix = split(fixed_version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(fix); i++)\n if ((ver[i] < fix[i]))\n {\n info +=\n '\\n Product : ' + prod +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n\n\n# Report findings.\nif (info)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:info);\n else security_hole(0);\n\n exit(0);\n}\nelse\n{\n if (max_index(keys(installs)) == 0) exit(0, \"Office for Mac 2011 is not installed.\");\n else\n {\n msg = 'The host has ';\n foreach prod (sort(keys(installs)))\n msg += prod + ' ' + installs[prod] + ' and ';\n msg = substr(msg, 0, strlen(msg)-1-strlen(' and '));\n\n msg += ' installed and thus is not affected.';\n\n exit(0, msg);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:59:21", "description": "The remote Windows host is running a version of Microsoft Excel that is affected by the following vulnerabilities :\n\n - Two memory corruption vulnerabilities exist due to the way the application handles objects in memory when parsing Office files. (CVE-2013-1315 / CVE-2013-3158)\n\n - An information disclosure vulnerability exists due to the way the application parses XML files containing external entities. (CVE-2013-3159)\n\nIf an attacker can trick a user on the affected host into opening a specially crafted Excel file, it may be possible to leverage these issues to read arbitrary files on the target system or execute arbitrary code, subject to the user's privileges.", "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "nessus", "title": "MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300))", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1315", "CVE-2013-3158", "CVE-2013-3159"], "modified": "2019-12-13T00:00:00", "cpe": ["cpe:/a:microsoft:excel", "cpe:/a:microsoft:excel_viewer", "cpe:/a:microsoft:office", "cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS13-073.NASL", "href": "https://www.tenable.com/plugins/nessus/69833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69833);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\"CVE-2013-1315\", \"CVE-2013-3158\", \"CVE-2013-3159\");\n script_bugtraq_id(62167, 62219, 62225);\n script_xref(name:\"MSFT\", value:\"MS13-073\");\n script_xref(name:\"MSKB\", value:\"2858300\");\n script_xref(name:\"MSKB\", value:\"2760583\");\n script_xref(name:\"MSKB\", value:\"2760588\");\n script_xref(name:\"MSKB\", value:\"2760590\");\n script_xref(name:\"MSKB\", value:\"2760597\");\n script_xref(name:\"MSKB\", value:\"2768017\");\n script_xref(name:\"MSKB\", value:\"2810048\");\n\n script_name(english:\"MS13-073: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300))\");\n script_summary(english:\"Checks versions of Excel, Excelcnv.exe, and Xlview.exe.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"It is possible to execute arbitrary code on the remote host through\nMicrosoft Excel.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is running a version of Microsoft Excel that\nis affected by the following vulnerabilities :\n\n - Two memory corruption vulnerabilities exist due to the\n way the application handles objects in memory when\n parsing Office files. (CVE-2013-1315 / CVE-2013-3158)\n\n - An information disclosure vulnerability exists due to\n the way the application parses XML files containing\n external entities. (CVE-2013-3159)\n\nIf an attacker can trick a user on the affected host into opening a\nspecially crafted Excel file, it may be possible to leverage these\nissues to read arbitrary files on the target system or execute\narbitrary code, subject to the user's privileges.\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-073\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5d71423\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Excel 2003, 2007, 2010,\n2013, Excel Viewer, and Office Compatibility Pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS13-073\";\nkbs = make_list(\n 2858300, 2760583, 2760588, 2760590, 2760597, 2768017, 2810048\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\ninfo = \"\";\nvuln = FALSE;\n\n######################################################################\n# Excel\n######################################################################\ninstalls = get_kb_list(\"SMB/Office/Excel/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/Excel/' - '/ProductPath';\n path = installs[install];\n if (isnull(path)) path = \"n/a\";\n\n ver = split(version, sep:\".\", keep:FALSE);\n for (i = 0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Excel 2013.\n if (\n (ver[0] == 15 && ver[1] == 0 && ver[2] < 4535) ||\n (ver[0] == 15 && ver[1] == 0 && ver[2] == 4535 && ver[3] < 1003)\n )\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel 2013' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 15.0.4535.1003' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2768017\");\n }\n\n # Excel 2010.\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (\n (!isnull(office_sp) && ( (office_sp == 1) || (office_sp == 2) ) ) &&\n (\n (ver[0] == 14 && ver[1] == 0 && ver[2] < 7104) ||\n (ver[0] == 14 && ver[1] == 0 && ver[2] == 7104 && ver[3] < 5000)\n )\n )\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel 2010' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.0.7104.5000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2760597\");\n }\n\n # Excel 2007.\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (\n (!isnull(office_sp) && (office_sp == 3)) &&\n (\n (ver[0] == 12 && ver[1] == 0 && ver[2] < 6679) ||\n (ver[0] == 12 && ver[1] == 0 && ver[2] == 6679 && ver[3] < 5000)\n )\n )\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel 2007' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6679.5000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2760583\");\n }\n\n # Excel 2003.\n office_sp = get_kb_item(\"SMB/Office/2003/SP\");\n if ((!isnull(office_sp) && office_sp == 3) && (ver[0] == 11 && ver[1] == 0 && ver[2] < 8404))\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel 2003' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 11.0.8404.0' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2810048\");\n }\n }\n}\n\n######################################################################\n# Excel Viewer\n######################################################################\nversion = '';\ninstalls = get_kb_list(\"SMB/Office/ExcelViewer/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/ExcelViewer/' - '/ProductPath';\n path = installs[install];\n if (isnull(path)) path = \"n/a\";\n\n ver = split(version, sep:\".\", keep:FALSE);\n for (i = 0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n # Excel Viewer 2007 SP3.\n if (\n (ver[0] == 12 && ver[1] == 0 && ver[2] >= 6611) &&\n (\n (ver[0] == 12 && ver[1] == 0 && ver[2] < 6679) ||\n (ver[0] == 12 && ver[1] == 0 && ver[2] == 6679 && ver[3] < 5000)\n )\n )\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel Viewer' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6679.5000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2760590\");\n break;\n }\n }\n}\nx86_path = hotfix_get_commonfilesdir();\nx64_path = hotfix_get_programfilesdirx86();\nif (!version)\n{\n kb = \"2760590\";\n if (\n (x86_path && hotfix_is_vulnerable(file:\"Xlview.exe\", version:\"12.0.6679.5000\", min_version:\"12.0.0.0\", path:x86_path + \"\\Microsoft Office\\Office12\", bulletin:bulletin, kb:kb)) ||\n (x64_path && hotfix_is_vulnerable(file:\"Xlview.exe\", arch:\"x64\", version:\"12.0.6679.5000\", min_version:\"12.0.0.0\", path:x64_path + \"\\Microsoft Office\\Office12\", bulletin:bulletin, kb:kb))\n ) vuln = TRUE;\n}\n\n\n######################################################################\n# Microsoft Office Compatibility Pack\n######################################################################\nversion = '';\ninstalls = get_kb_list(\"SMB/Office/ExcelCnv/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/ExcelCnv/' - '/ProductPath';\n path = installs[install];\n if (isnull(path)) path = \"n/a\";\n\n ver = split(version, sep:\".\", keep:FALSE);\n for (i = 0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if (\n (ver[0] == 12 && ver[1] == 0 && ver[2] < 6679) ||\n (ver[0] == 12 && ver[1] == 0 && ver[2] == 6679 && ver[3] < 5000)\n )\n {\n info =\n '\\n Product : 2007 Office system and the Office Compatibility Pack' +\n '\\n File : '+ path +\n '\\n Installed version : '+ version +\n '\\n Fixed version : 12.0.6679.5000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2760588\");\n }\n }\n}\nif (!version)\n{\n kb = \"2760588\";\n if (\n (x86_path && hotfix_is_vulnerable(file:\"Excelcnv.exe\", version:\"12.0.6679.5000\", min_version:\"12.0.0.0\", path:x86_path + \"\\Microsoft Office\\Office12\", bulletin:bulletin, kb:kb)) ||\n (x64_path && hotfix_is_vulnerable(file:\"Excelcnv.exe\", arch:\"x64\", version:\"12.0.6679.5000\", min_version:\"12.0.0.0\", path:x64_path + \"\\Microsoft Office\\Office12\", bulletin:bulletin, kb:kb))\n ) vuln = TRUE;\n}\n\nif (info || vuln)\n{\n set_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:07:48", "description": "Memory corruption on Outlook S/MIME parsing. Information leakage, multiple memory corruptions.", "edition": 2, "cvss3": {}, "published": "2013-09-11T00:00:00", "type": "securityvulns", "title": "Microsoft Office multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3847", "CVE-2013-3849", "CVE-2013-3851", "CVE-2013-3852", "CVE-2013-3850", "CVE-2013-3857", "CVE-2013-3848", "CVE-2013-3870", "CVE-2013-3157", "CVE-2013-3854", "CVE-2013-3159", "CVE-2013-3859", "CVE-2013-3855", "CVE-2013-3856", "CVE-2013-3158", "CVE-2013-3156", "CVE-2013-3853", "CVE-2013-3858", "CVE-2013-3160", "CVE-2013-1315", "CVE-2013-3155"], "modified": "2013-09-11T00:00:00", "id": "SECURITYVULNS:VULN:13276", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13276", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}