Microsoft Office Invalid Index CVE-2014-6356 Memory Corruption Vulnerability
2014-12-09T00:00:00
ID SMNTC-71470 Type symantec Reporter Symantec Security Response Modified 2014-12-09T00:00:00
Description
Description
Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.
Technologies Affected
Microsoft Office 2007 SP3
Microsoft Office 2010 (32-bit edition) SP1
Microsoft Office 2010 (32-bit edition) SP2
Microsoft Office 2010 (64-bit edition) SP1
Microsoft Office 2010 (64-bit edition) SP2
Microsoft Office Compatibility Pack SP3
Recommendations
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.
Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.
Updates are available. Please see the references or vendor advisory for more information.
{"published": "2014-12-09T00:00:00", "id": "SMNTC-71470", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [{"differentElements": ["description", "href", "affectedSoftware"], "edition": 1, "lastseen": "2016-09-04T11:41:29", "bulletin": {"published": "2014-12-09T00:00:00", "href": "https://www.symantec.com/security_response/vulnerability.jsp?bid=71470", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "reporter": "Symantec Security Response", "history": [], "description": "### Description\n\nMicrosoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. \n\n### Technologies Affected\n\n * Microsoft Office 2007 SP3\n * Microsoft Office 2010 (32-bit edition) SP1\n * Microsoft Office 2010 (32-bit edition) SP2\n * Microsoft Office 2010 (64-bit edition) SP1\n * Microsoft Office 2010 (64-bit edition) SP2\n * Microsoft Office Compatibility Pack SP3\n\n### Recommendations\n\n#### Run all software as a nonprivileged user with minimal access rights.\n\nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n#### Deploy network intrusion detection systems to monitor network traffic for malicious activity.\n\nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n#### Do not accept or execute files from untrusted or unknown sources.\n\nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n#### Do not follow links provided by unknown or untrusted sources.\n\nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n#### Implement multiple redundant layers of security.\n\nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities. \n\nUpdates are available. Please see the references or vendor advisory for more information. \n", "bulletinFamily": "software", "viewCount": 0, "cvelist": ["CVE-2014-6356"], "affectedSoftware": [{"version": "SP3", "name": "Microsoft Office Compatibility Pack", "operator": "eq"}, {"version": "SP2", "name": "Microsoft Office 2010 (32-bit edition)", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Office 2010 (32-bit edition)", "operator": "eq"}, {"version": "SP2", "name": "Microsoft Office 2010 (64-bit edition)", "operator": "eq"}, {"version": "2007 SP3", "name": "Microsoft Office", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Office 2010 (64-bit edition)", "operator": "eq"}], "type": "symantec", "hash": "28f18ab190bf9fca2d6829a703812b5303f680eb0f166b21bf453a7b7e047919", "references": [], "enchantments": {"score": {"value": 7.6, "modified": "2016-09-04T11:41:29"}}, "title": "Microsoft Office Invalid Index CVE-2014-6356 Memory Corruption Vulnerability", "id": "SMNTC-71470", "lastseen": "2016-09-04T11:41:29", "edition": 1, "objectVersion": "1.2", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "930e01eb79ed3e7301ab98e6b6deabc1", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "2c7062b6125ac079570b705c92eb9e66", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}, {"hash": "123da52f4ba4d05ba2fc7c7a89dbc60c", "key": "href"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "published"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "modified"}, {"hash": "ff806125aff137419104eb10a98cc234", "key": "description"}, {"hash": "02b1286a0bfca54d488ce4fbfa9865e7", "key": "cvelist"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}], "modified": "2014-12-09T00:00:00"}}], "description": "### Description\n\nMicrosoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Office 2007 SP3 \n * Microsoft Office 2010 (32-bit edition) SP1 \n * Microsoft Office 2010 (32-bit edition) SP2 \n * Microsoft Office 2010 (64-bit edition) SP1 \n * Microsoft Office 2010 (64-bit edition) SP2 \n * Microsoft Office Compatibility Pack SP3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "hash": "01e05bba540f865fcf88533c5b2ed9a128960d6d4c5543fc9d9cc0b19089b392", "enchantments": {"score": {"value": 9.1, "vector": "NONE", "modified": "2018-03-13T20:24:10"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-6356"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805113", "OPENVAS:1361412562310805029", "OPENVAS:1361412562310805026", "OPENVAS:1361412562310805025", "OPENVAS:1361412562310805027", "OPENVAS:1361412562310805028"]}, {"type": "nessus", "idList": ["SMB_NT_MS14-081.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14212"]}], "modified": "2018-03-13T20:24:10"}, "vulnersScore": 9.1}, "type": "symantec", "lastseen": "2018-03-13T20:24:10", "edition": 2, "title": "Microsoft Office Invalid Index CVE-2014-6356 Memory Corruption Vulnerability", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/71470", "modified": "2014-12-09T00:00:00", "bulletinFamily": "software", "viewCount": 2, "cvelist": ["CVE-2014-6356"], "affectedSoftware": [{"version": "2010 (64-bit edition) SP1 ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2007 SP3 ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2010 (32-bit edition) SP1 ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2010 (64-bit edition) SP2 ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2010 (32-bit edition) SP2 ", "name": "Microsoft Office", "operator": "eq"}], "references": [], "reporter": "Symantec Security Response", "hashmap": [{"hash": "c00bd8604a2664c10329d037dd29d7d5", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "02b1286a0bfca54d488ce4fbfa9865e7", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "ae4e8042553adce0961322f649a813bc", "key": "description"}, {"hash": "8121e719b0de3331c7f83c8be747da8d", "key": "href"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "modified"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}, {"hash": "2c7062b6125ac079570b705c92eb9e66", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}], "objectVersion": "1.3"}
{"cve": [{"lastseen": "2019-05-29T18:13:48", "bulletinFamily": "NVD", "description": "Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Invalid Index Remote Code Execution Vulnerability.\"", "modified": "2018-10-12T22:07:00", "id": "CVE-2014-6356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6356", "published": "2014-12-11T00:59:00", "title": "CVE-2014-6356", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:22", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.", "modified": "2019-05-20T00:00:00", "published": "2014-12-10T00:00:00", "id": "OPENVAS:1361412562310805029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805029", "title": "Microsoft Office Word Remote Code Execution Vulnerabilities-3017301 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Remote Code Execution Vulnerabilities-3017301 (Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805029\");\n script_version(\"2019-05-20T11:12:48+0000\");\n script_cve_id(\"CVE-2014-6356\", \"CVE-2014-6357\");\n script_bugtraq_id(71469, 71470);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 11:12:48 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 13:24:58 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"Microsoft Office Word Remote Code Execution Vulnerabilities-3017301 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - An invalid indexing error when parsing Office files can be exploited to\n execute arbitrary code via a specially crafted Office file.\n\n - A use-after-free error when parsing Office files can be exploited to execute\n arbitrary code via a specially crafted Office file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute the arbitrary code, cause memory corruption and\n compromise the system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2011 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61149\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3018888\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS14-081\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_microsoft_office_detect_macosx.nasl\");\n script_mandatory_keys(\"MS/Office/MacOSX/Ver\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms14-081\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noffVer = get_kb_item(\"MS/Office/MacOSX/Ver\");\n\nif(!offVer || offVer !~ \"^14\\.\"){\n exit(0);\n}\n\nif(version_in_range(version:offVer, test_version:\"14.0\", test_version2:\"14.4.6\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.", "modified": "2019-05-03T00:00:00", "published": "2014-12-10T00:00:00", "id": "OPENVAS:1361412562310805026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805026", "title": "Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (3017301)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (3017301)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805026\");\n script_version(\"2019-05-03T12:31:27+0000\");\n script_cve_id(\"CVE-2014-6356\", \"CVE-2014-6357\");\n script_bugtraq_id(71469, 71470);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 12:31:27 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 12:31:36 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (3017301)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - An invalid indexing error when parsing Office files can be exploited to\n execute arbitrary code via a specially crafted Office file.\n\n - A use-after-free error when parsing Office files can be exploited to execute\n arbitrary code via a specially crafted Office file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute the arbitrary code, cause memory corruption and\n compromise the system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Word Viewer 2007 SP3 and prior.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61149\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3017301\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS14-081\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordView/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwordviewVer = get_kb_item(\"SMB/Office/WordView/Version\");\nif(wordviewVer)\n{\n if(version_in_range(version:wordviewVer, test_version:\"11.0\", test_version2:\"11.0.8413\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.", "modified": "2019-05-03T00:00:00", "published": "2014-12-10T00:00:00", "id": "OPENVAS:1361412562310805113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805113", "title": "Microsoft SharePoint Server WAS Remote Code Execution Vulnerability (3017301)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft SharePoint Server WAS Remote Code Execution Vulnerability (3017301)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:sharepoint_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805113\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_cve_id(\"CVE-2014-6356\", \"CVE-2014-6357\");\n script_bugtraq_id(71470, 71469);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 11:30:23 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"Microsoft SharePoint Server WAS Remote Code Execution Vulnerability (3017301)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to an invalid indexing error\n and a use-after-free error when parsing Office files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute the arbitrary code and compromise the system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft SharePoint Server 2010\n\n Word Automation Services Service Pack 2 and prior, Microsoft\n\n SharePoint Server 2013 Word Automation Services Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61149\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/2899581\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/2883050\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/ms14-081\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_sharepoint_sever_n_foundation_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/SharePoint/Server/Ver\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nshareVer = infos['version'];\npath = infos['location'];\nif(!path || \"Could not find the install location\" >< path){\n exit(0);\n}\n\n## SharePoint Server 2010\nif(shareVer =~ \"^14\\..*\")\n{\n dllVer2 = fetch_file_version(sysPath:path,\n file_name:\"\\14.0\\WebServices\\WordServer\\Core\\sword.dll\");\n if(dllVer2)\n {\n if(version_in_range(version:dllVer2, test_version:\"14.0\", test_version2:\"14.0.7140.4999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\n\n## SharePoint Server 2013\nif(shareVer =~ \"^15\\..*\")\n{\n dllVer2 = fetch_file_version(sysPath:path,\n file_name:\"\\15.0\\WebServices\\ConversionServices\\sword.dll\");\n if(dllVer2)\n {\n if(version_in_range(version:dllVer2, test_version:\"15.0\", test_version2:\"15.0.4675.999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.", "modified": "2019-05-03T00:00:00", "published": "2014-12-10T00:00:00", "id": "OPENVAS:1361412562310805027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805027", "title": "MS Office Compatibility Pack Remote Code Execution Vulnerabilities (3017301)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# MS Office Compatibility Pack Remote Code Execution Vulnerabilities (3017301)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805027\");\n script_version(\"2019-05-03T12:31:27+0000\");\n script_cve_id(\"CVE-2014-6356\", \"CVE-2014-6357\");\n script_bugtraq_id(71469, 71470);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 12:31:27 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 12:32:44 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"MS Office Compatibility Pack Remote Code Execution Vulnerabilities (3017301)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - An invalid indexing error when parsing Office files can be exploited to\n execute arbitrary code via a specially crafted Office file.\n\n - A use-after-free error when parsing Office files can be exploited to execute\n arbitrary code via a specially crafted Office file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute the arbitrary code, cause memory corruption and\n compromise the system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Compatibility Pack SP3 and prior.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61149\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3017301\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/2920792\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS14-081\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/WordCnv/Version\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nwordcnvVer = get_kb_item(\"SMB/Office/WordCnv/Version\");\nif(wordcnvVer && wordcnvVer =~ \"^12.*\")\n{\n # Office Word Converter\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\n if(path)\n {\n sysVer = fetch_file_version(sysPath:path + \"\\Microsoft Office\\Office12\", file_name:\"Wordcnv.dll\");\n if(sysVer)\n {\n if(version_in_range(version:sysVer, test_version:\"12.0\", test_version2:\"12.0.6713.4999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.", "modified": "2019-05-03T00:00:00", "published": "2014-12-10T00:00:00", "id": "OPENVAS:1361412562310805025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805025", "title": "Microsoft Office Word Remote Code Execution Vulnerabilities (3017301)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Remote Code Execution Vulnerabilities (3017301)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805025\");\n script_version(\"2019-05-03T12:31:27+0000\");\n script_cve_id(\"CVE-2014-6356\", \"CVE-2014-6357\");\n script_bugtraq_id(71469, 71470);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 12:31:27 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 12:08:06 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"Microsoft Office Word Remote Code Execution Vulnerabilities (3017301)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - An invalid indexing error when parsing Office files can be exploited to\n execute arbitrary code via a specially crafted Office file.\n\n - A use-after-free error when parsing Office files can be exploited to execute\n arbitrary code via a specially crafted Office file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute the arbitrary code, cause memory corruption and\n compromise the system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Word 2007 SP3 and prior\n Microsoft Word 2010 Service Pack 2 and prior\n Microsoft Word 2013 Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61149\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3017301\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS14-081\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nwinwordVer = get_kb_item(\"SMB/Office/Word/Version\");\n\n## Microsoft Office Word 2007\nif(winwordVer && winwordVer =~ \"^(12|14|15).*\")\n{\n ## 15 < 15.0.4675.1000\n if(version_in_range(version:winwordVer, test_version:\"12.0\", test_version2:\"12.0.6713.4999\") ||\n version_in_range(version:winwordVer, test_version:\"14.0\", test_version2:\"14.0.7140.4999\") ||\n version_in_range(version:winwordVer, test_version:\"15.0\", test_version2:\"15.0.4675.999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:41", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.", "modified": "2019-05-03T00:00:00", "published": "2014-12-10T00:00:00", "id": "OPENVAS:1361412562310805028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805028", "title": "Microsoft Office Web Apps Remote Code Execution Vulnerabilities (3017301)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Web Apps Remote Code Execution Vulnerabilities (3017301)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:office_web_apps\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805028\");\n script_version(\"2019-05-03T12:31:27+0000\");\n script_cve_id(\"CVE-2014-6356\", \"CVE-2014-6357\");\n script_bugtraq_id(71469, 71470);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 12:31:27 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 12:57:43 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"Microsoft Office Web Apps Remote Code Execution Vulnerabilities (3017301)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS14-081.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - An invalid indexing error when parsing Office files can be exploited to\n execute arbitrary code via a specially crafted Office file.\n\n - A use-after-free error when parsing Office files can be exploited to execute\n arbitrary code via a specially crafted Office file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute the arbitrary code, cause memory corruption and\n compromise the system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Web Applications 2010 Service Pack 2 and prior,\n\n Microsoft Web Applications 2013 Service Pack 1 and prior.\n\n Microsoft Office Compatibility Pack SP3 and prior.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61149\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/2889851\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/2910892\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS14-081\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_office_web_apps_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Office/Web/Apps/Ver\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nwebappVer = infos['version'];\npath = infos['location'];\nif(!path || \"Could not find the install location\" >< path){\n exit(0);\n}\n\nif(webappVer =~ \"^14\\..*\")\n{\n ## Microsoft Office Web Apps 2010\n dllVer = fetch_file_version(sysPath:path,\n file_name:\"\\14.0\\WebServices\\ConversionService\\Bin\\Converter\\msoserver.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.7140.4999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\n## Microsoft Office Web Apps 2013\nif(webappVer =~ \"^15\\..*\")\n{\n path = path + \"\\PPTConversionService\\bin\\Converter\\\";\n\n dllVer = fetch_file_version(sysPath:path, file_name:\"msoserver.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"15.0\", test_version2:\"15.0.4675.999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2019-09-11T12:37:39", "bulletinFamily": "microsoft", "description": "<html><body><p>Resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.</p><h2>Introduction</h2><div class=\"kb-summary-section section\">This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.<br/><span></span></div><h2>Summary</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS14-081. Learn more about how to obtain the fixes included in this security bulletin:<br/><ul class=\"sbody-free_list\"><li>For individual, small business and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see <a href=\"http://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-1\" target=\"_self\">Get security updates automatically</a> on the Microsoft Safety and Security Center website.<br/></li><li>For IT professionals, see <a href=\"http://technet.microsoft.com/security/bulletin/ms14-081\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS14-081</a> on the Security TechCenter website.</li></ul></div><h2></h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-3\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-4\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/gp/cu_sc_virsec_master\" id=\"kb-link-5\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-6\" target=\"_self\">International Support</a></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">More information about this security update</h3><h4 class=\"sbody-h4\">Known issues and additional information about this security update</h4>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.<br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/2910916\" id=\"kb-link-7\">2910916 </a> MS14-081: Description of the security update for Word 2013: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2899518\" id=\"kb-link-8\">2899518 </a> MS14-081: Description of the security update for Office 2010: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2899519\" id=\"kb-link-9\">2899519 </a> MS14-081: Description of the security update for Word 2010: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2920793\" id=\"kb-link-10\">2920793 </a> MS14-081: Description of the security update for Word 2007: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/3018888\" id=\"kb-link-11\">3018888 </a> MS14-081: Description of the security update for Office for Mac: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2920729\" id=\"kb-link-12\">2920729 </a> MS14-081: Description of the security update for Word Viewer: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2920792\" id=\"kb-link-13\">2920792 </a> MS14-081: Description of the security update for Office Compatibility Pack SP3: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2883050\" id=\"kb-link-14\">2883050 </a> MS14-081: Description of the security update for SharePoint Server 2013: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2899581\" id=\"kb-link-15\">2899581 </a> MS14-081: Description of the security update for SharePoint Server 2010: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2889851\" id=\"kb-link-16\">2889851 </a> MS14-081: Description of the security update for Office Web Apps Server 2013: December 9, 2014</li><li><a href=\"https://support.microsoft.com/en-us/help/2910892\" id=\"kb-link-17\">2910892 </a> MS14-081: Description of the security update for Office Web Apps 2010: December 9, 2014</li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">The 2007 Microsoft Office system (all editions) and other software</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Microsoft Office Word 2007:<br/><span class=\"text-base\">word2007-kb2920793-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Office Word Viewer:<br/><span class=\"text-base\">office-kb2920729-fullfile-enu.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Office Compatibility Pack:<br/><span class=\"text-base\">wordconv2007-kb2920792-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-19\" target=\"_self\">Microsoft Knowledge Base Article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-20\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in <span class=\"text-base\">Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/2920793\" id=\"kb-link-21\" target=\"_self\">Microsoft Knowledge Base Article 2920793</a>,<br/><a href=\"https://support.microsoft.com/help/2920729\" id=\"kb-link-22\" target=\"_self\">Microsoft Knowledge Base Article 2920729</a>,<br/><a href=\"https://support.microsoft.com/help/2920792\" id=\"kb-link-23\" target=\"_self\">Microsoft Knowledge Base Article 2920792</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2010 (all editions)</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Microsoft Office 2010 (32-bit editions):<br/><span class=\"text-base\">kb24286772010-kb2899518-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Office 2010 (64-bit editions):<br/><span class=\"text-base\">kb24286772010-kb2899518-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Word 2010 (32-bit editions):<br/><span class=\"text-base\">word2010-kb2899519-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Word 2010 (64-bit editions):<br/><span class=\"text-base\">word2010-kb2899519-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-24\" target=\"_self\">Microsoft Knowledge Base Article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-25\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in <span class=\"text-base\">Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/2899518\" id=\"kb-link-26\" target=\"_self\">Microsoft Knowledge Base Article 2899518</a>,<br/><a href=\"https://support.microsoft.com/help/2899519\" id=\"kb-link-27\" target=\"_self\">Microsoft Knowledge Base Article 2899519</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2013 (all editions)</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For supported editions of Microsoft Word 2013 (32-bit editions):<br/><span class=\"text-base\">word2013-kb2910916-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For supported editions of Microsoft Word 2013 (64-bit editions):<br/><span class=\"text-base\">word2013-kb2910916-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-28\" target=\"_self\">Microsoft Knowledge Base Article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-29\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in <span class=\"text-base\">Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/2910916\" id=\"kb-link-30\" target=\"_self\">Microsoft Knowledge Base Article 2910916</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2013 RT (all editions)</h4><span class=\"text-base\">Reference table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">The 2910916 update for Microsoft Office 2013 RT is available through <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-31\" target=\"_self\">Windows Update</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons that you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-32\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/2910916\" id=\"kb-link-33\" target=\"_self\">Microsoft Knowledge Base Article 2910916</a></td></tr></table></div><h4 class=\"sbody-h4\">Office for Mac 2011</h4><span class=\"text-base\">Prerequisites</span><br/><br/>To install this update, you must have a computer that is running Mac OS X version 10.5.8 or a later version on an Intel processor, and user accounts must have administrative credentials. <br/><br/><br/><br/> <br/></div><br/></span></div></div></div></div><h2></h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">kb24286772010-kb2899518-fullfile-x64-glb.exe</td><td class=\"sbody-td\">1DBDF44EDEEE3EC64E1B9B888AD96AB28D460B66</td><td class=\"sbody-td\">4D879D5F2ADC81B90783B7ACD310447CDE7ACF784CB7F4E5C65FEA5DFC258E87</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">kb24286772010-kb2899518-fullfile-x86-glb.exe</td><td class=\"sbody-td\">2E6C5104696410DF2B74EC2B3841CC0102D4391F</td><td class=\"sbody-td\">C7F66D171298DC351369F6529BCC8D4B230DD7321D8D55D7F42936E6CA364767</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">office-kb2920729-fullfile-enu.exe</td><td class=\"sbody-td\">13D464EE669E4D923D8A4636500044EFC440EA1F</td><td class=\"sbody-td\">1431ECCB1705B140C2276BAF14A195C0C1AAA82210A76E30496A132A9A9CC703</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wac2010-kb2910892-fullfile-x64-glb.exe</td><td class=\"sbody-td\">3FEE1C84B0272A5AEF1441EABC0E069A8036261B</td><td class=\"sbody-td\">175AAF7FEE3B96D8C4F5AE8FB35F9B1AD3A251607827ACE690C93323A00A7C40</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wacserver.exe (KB2889851)</td><td class=\"sbody-td\">18C65FBA211065CAF7EFCDAB04F008BB7EBE4CD6</td><td class=\"sbody-td\">D828348B292CD5D722E25B294045E1EBC232FED5371AD5BAEA6796B737451EA7</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wdsrv2010-kb2899581-fullfile-x64-glb.exe</td><td class=\"sbody-td\">EF3DD25A358978272560DB428E4021A7E611FEC7</td><td class=\"sbody-td\">114A137E52A3145020C766429C7ADC2648DA444136161D6608D55F09D5C06CEC</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wdsrvloc.exe</td><td class=\"sbody-td\">7B46CC7B47876F25208161822A285A0DB535C4C1</td><td class=\"sbody-td\">CB1A72BEC37711E3E1287155949E379BF2EF5F8FEC511768B79735EEE3638C32</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">word.exe</td><td class=\"sbody-td\">A73BE0E19570568FB7DA868E95C004668C66A4DB</td><td class=\"sbody-td\">8F188E8699FFAF14EACACCCAEA687148AC10F18F855B8C16CD1FDBDCDEEE109C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">word.exe</td><td class=\"sbody-td\">E6882E9539D3A90078158A61F34E5AB532F2CFA5</td><td class=\"sbody-td\">C44D9C3E8EB0EE6929F87047B03102BDE08C0AFF013319DB18C9B24B0264B73B</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">word2007-kb2920793-fullfile-x86-glb.exe</td><td class=\"sbody-td\">F6B3A330B67BBDF00DEF28D2E9616536E2C4C0A1</td><td class=\"sbody-td\">544FC721CE710998502F210FEAEA3961A6365D18F4B9A7C62E116A017AE8DA13</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">word2010-kb2899519-fullfile-x64-glb.exe</td><td class=\"sbody-td\">ABA4A02A9B3CA92A1F60E328C003C645FB7C838A</td><td class=\"sbody-td\">55E960F0DC4F1045A0176E3DC4B9EF1E1213B3F80233C31773605A37476AC24C</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">word2010-kb2899519-fullfile-x86-glb.exe</td><td class=\"sbody-td\">59506439D8D79DBC9AD52CBC7ADE3A6C268901B0</td><td class=\"sbody-td\">1C3C2FACF0B9EAFD838495DB5895C3C8570D78C688EE338D5310BC3B68AD1BC1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">wordconv2007-kb2920792-fullfile-x86-glb.exe</td><td class=\"sbody-td\">435DFD9D4BC9DF892D65B983AF29195EB075C639</td><td class=\"sbody-td\">3EE26F26AEEB9BC30BBB47A6D205BE1048ABF1C93655E493A403FC4595627E52</td></tr></table></div></div><br/></span></div></div></div></div></body></html>", "modified": "2014-12-09T18:37:37", "id": "KB3017301", "href": "https://support.microsoft.com/en-us/help/3017301/", "published": "2017-01-07T22:16:38", "title": "MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: December 9, 2014", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-03T12:15:48", "bulletinFamily": "scanner", "description": "The remote Windows host has a version of Microsoft Office, Microsoft\nWord, Office Compatibility Pack, Microsoft Word Viewer, SharePoint\nServer, or Microsoft Office Web Apps that is affected by one or more\nremote code execution vulnerabilities due to Microsoft Word improperly\nhandling objects in memory. A remote attacker can exploit this\nvulnerability by convincing a user to open a specially crafted Office\nfile, resulting in execution of arbitrary code in the context of the\ncurrent user.", "modified": "2019-11-02T00:00:00", "id": "SMB_NT_MS14-081.NASL", "href": "https://www.tenable.com/plugins/nessus/79830", "published": "2014-12-09T00:00:00", "title": "MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79830);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/30 15:31:33\");\n\n script_cve_id(\"CVE-2014-6356\", \"CVE-2014-6357\");\n script_bugtraq_id(71469, 71470);\n script_xref(name:\"MSFT\", value:\"MS14-081\");\n script_xref(name:\"MSKB\", value:\"2920793\");\n script_xref(name:\"MSKB\", value:\"2899518\");\n script_xref(name:\"MSKB\", value:\"2899519\");\n script_xref(name:\"MSKB\", value:\"2910916\");\n script_xref(name:\"MSKB\", value:\"2920729\");\n script_xref(name:\"MSKB\", value:\"2920792\");\n script_xref(name:\"MSKB\", value:\"2899581\");\n script_xref(name:\"MSKB\", value:\"2883050\");\n script_xref(name:\"MSKB\", value:\"2910892\");\n script_xref(name:\"MSKB\", value:\"2889851\");\n script_xref(name:\"IAVA\", value:\"2014-A-0190\");\n\n script_name(english:\"MS14-081: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301)\");\n script_summary(english:\"Checks Word / Office Web Apps version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple remote code execution\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has a version of Microsoft Office, Microsoft\nWord, Office Compatibility Pack, Microsoft Word Viewer, SharePoint\nServer, or Microsoft Office Web Apps that is affected by one or more\nremote code execution vulnerabilities due to Microsoft Word improperly\nhandling objects in memory. A remote attacker can exploit this\nvulnerability by convincing a user to open a specially crafted Office\nfile, resulting in execution of arbitrary code in the context of the\ncurrent user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/ms14-081\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2007, 2010, 2013,\nOffice Compatibility Pack, Microsoft Word Viewer, SharePoint Server,\nand Office Web Apps.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_sharepoint_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var bulletin, vuln;\n\nfunction get_ver()\n{\n local_var fh, path, rc, share, ver;\n\n path = _FCT_ANON_ARGS[0];\n\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\n\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n ver = NULL;\n path = ereg_replace(string:path, pattern:\"^[A-Za-z]:(.*)\", replace:'\\\\1\\\\');\n\n fh = CreateFile(\n file : path,\n desired_access : GENERIC_READ,\n file_attributes : FILE_ATTRIBUTE_NORMAL,\n share_mode : FILE_SHARE_READ,\n create_disposition : OPEN_EXISTING\n );\n if (!isnull(fh))\n {\n ver = GetFileVersion(handle:fh);\n ver = join(ver, sep:\".\");\n CloseFile(handle:fh);\n }\n\n NetUseDel(close:FALSE);\n\n return ver;\n}\n\nfunction check_vuln(fix, kb, name, path, ver)\n{\n local_var info;\n\n if (isnull(ver))\n ver = get_ver(path);\n\n if (isnull(ver) || ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n return 0;\n\n info =\n '\\n Product : ' + name +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n\n vuln = TRUE;\n}\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nbulletin = 'MS14-081';\nkbs = make_list(\n 2920793, # Word 2007\n 2899518, # Office 2010\n 2899519, # Word 2010\n 2910916, # Word 2013\n 2920729, # Word Viewer\n 2920792, # Office Compatibility Pack SP3\n 2899581, # Word Automation Services SharePoint Server 2010\n 2883050, # Word Automation Services SharePoint Server 2013\n 2910892, # Office Web Apps 2010\n 2889851 # Office Web Apps 2013\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Connect to the registry.\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n\n# Get path information for SharePoint Server 2010.\nsps_2010_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\14.0\\InstallPath\"\n);\n\n# Get the path information for SharePoint Server 2013\nsps_2013_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Office Server\\15.0\\InstallPath\"\n);\n\nowa_2013_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office15.WacServer\\InstallLocation\"\n);\n\n# Close connection to registry.\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n# Get path information for Office Web Apps.\nowa_2010_path = sps_2010_path;\n######################################################################\n# Office Web Apps 2010 SP1 / SP2\n######################################################################\nif (owa_2010_path)\n{\n check_vuln(\n name : \"Office Web Apps 2010\",\n kb : \"2910892\",\n path : owa_2010_path + \"WebServices\\ConversionService\\Bin\\Converter\\sword.dll\",\n fix : \"14.0.7140.5000\"\n );\n}\n\n######################################################################\n# Office Web Apps 2013\n######################################################################\nif (owa_2013_path)\n{\n check_vuln(\n name : \"Office Web Apps 2013\",\n kb : \"2889851\",\n path : windir + \"\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.Office.Web.Apps.Environment.WacServer\\v4.0_15.0.0.0__71e9bce111e9429c\\Microsoft.Office.Web.Apps.Environment.WacServer.dll\",\n fix : \"15.0.4611.1000\"\n );\n}\n\n######################################################################\n# SharePoint Server 2010 SP1 / SP2\n######################################################################\nif (sps_2010_path)\n{\n check_vuln(\n name : \"Office SharePoint Server 2010\",\n kb : \"2899581\",\n path : sps_2010_path + \"WebServices\\WordServer\\Core\\sword.dll\",\n fix : \"14.0.7140.5000\"\n );\n}\n\n######################################################################\n# SharePoint Server 2013\n######################################################################\nif (sps_2013_path)\n{\n check_vuln(\n name : \"Office SharePoint Server 2013\",\n kb : \"2883050\",\n path : sps_2013_path + \"WebServices\\ConversionServices\\sword.dll\",\n fix : \"15.0.4675.1000\"\n );\n}\n\n# Word\nkb = \"\";\ninstalls = get_kb_list(\"SMB/Office/Word/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/Word/' - '/ProductPath';\n path = installs[install];\n info = \"\";\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if(ver[0] == 15 && ver[1] == 0)\n {\n # Word 2013\n if (\n ver[2] < 4675 ||\n (ver[2] == 4675 && ver[3] < 1000)\n )\n {\n office_sp = get_kb_item(\"SMB/Office/2013/SP\");\n if (!isnull(office_sp) && (office_sp == 0 || office_sp == 1))\n {\n info =\n '\\n Product : Word 2013' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 15.0.4675.1000' + '\\n';\n kb = \"2910916\";\n }\n }\n }\n\n # Word 2010 SP1 and SP2\n if (\n ver[0] == 14 && ver[1] == 0 &&\n (\n ver[2] < 7140 ||\n (ver[2] == 7140 && ver[3] < 5000)\n )\n )\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && (office_sp == 2))\n {\n info =\n '\\n Product : Word 2010' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.0.7140.5000' + '\\n';\n kb = \"2899519\";\n }\n }\n\n # Word 2007 SP3\n if (\n ver[0] == 12 && ver[1] == 0 &&\n (\n ver[2] < 6713 ||\n (ver[2] == 6713 && ver[3] < 5000)\n )\n )\n {\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n info =\n '\\n Product : Word 2007 SP3' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6713.5000' + '\\n';\n kb = \"2920793\";\n }\n }\n\n if (info)\n {\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n vuln = TRUE;\n }\n }\n}\n\n# Word Viewer\ninstalls = get_kb_list(\"SMB/Office/WordViewer/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n info = \"\";\n version = install - 'SMB/Office/WordViewer/' - '/ProductPath';\n path = installs[install];\n if (isnull(path)) path = \"n/a\";\n\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if (ver[0] == 11 && ver[1] == 0 && ver[2] < 8414)\n {\n info =\n '\\n Product : Word Viewer' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 11.0.8414.0' + '\\n';\n kb = \"2920729\";\n }\n\n if (info)\n {\n hotfix_add_report(info, bulletin:bulletin, kb:kb);\n vuln = TRUE;\n break;\n }\n }\n}\n\n# Ensure Office is installed\noffice_vers = hotfix_check_office_version();\nif (!isnull(office_vers))\n{\n # Ensure we can get common files directory\n commonfiles = hotfix_get_officecommonfilesdir(officever:\"14.0\");\n if (commonfiles)\n {\n # Ensure share is accessible\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:commonfiles);\n if (is_accessible_share(share:share))\n {\n # Office 2010\n if (office_vers[\"14.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n path = get_kb_item(\"SMB/Office/Word/14.0/Path\");\n if (path)\n {\n old_report = hotfix_get_report();\n check_file = \"Wwlib.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"14.0.7140.5000\", min_version:\"14.0.0.0\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n kb_name = str_replace(find:\"//\", replace:\"/\", string:kb_name);\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office 2010' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.0.7140.5000' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2899518\");\n vuln = TRUE;\n }\n }\n }\n }\n }\n }\n}\n\nversion = '';\ninstalls = get_kb_list(\"SMB/Office/WordCnv/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/WordCnv/' - '/ProductPath';\n path = installs[install];\n\n if (!isnull(path))\n {\n share = hotfix_path2share(path:path);\n if (!is_accessible_share(share:share))\n audit(AUDIT_SHARE_FAIL, share);\n\n path = path - '\\\\Wordconv.exe';\n\n old_report = hotfix_get_report();\n check_file = \"wordcnv.dll\";\n\n if (hotfix_check_fversion(path:path, file:check_file, version:\"12.0.6713.5000\", min_version:\"12.0.0.0\") == HCF_OLDER)\n {\n file = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", string:path, replace:\"\\1\\\" + check_file);\n kb_name = \"SMB/FileVersions/\"+tolower(share-'$')+tolower(str_replace(string:file, find:\"\\\", replace:\"/\"));\n kb_name = ereg_replace(pattern:\"//\"+check_file, replace:\"/\"+check_file, string:kb_name);\n version = get_kb_item(kb_name);\n\n info =\n '\\n Product : Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats' +\n '\\n File : ' + path + '\\\\' + check_file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6713.5000' + '\\n';\n\n hcf_report = '';\n hotfix_add_report(old_report + info, bulletin:bulletin, kb:\"2920792\");\n vuln = TRUE;\n }\n }\n }\n}\n\nif (!version)\n{\n # Additional check if registry key is missing\n path = hotfix_get_officecommonfilesdir(officever:\"12.0\") + \"\\Microsoft Office\\Office12\";\n\n kb = \"2920792\";\n if (\n hotfix_is_vulnerable(file:\"wordcnv.dll\", version:\"12.0.6713.5000\", min_version:\"12.0.0.0\", path:path, bulletin:bulletin, kb:kb)\n ) vuln = TRUE;\n}\n\nif (vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Memory corruptions, index overflows, use-after-free, uninitialized pointers.", "modified": "2015-01-14T00:00:00", "published": "2015-01-14T00:00:00", "id": "SECURITYVULNS:VULN:14212", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14212", "title": "Microsoft Office multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
