Microsoft Excel CVE-2014-6361 Memory Corruption Vulnerability
2014-12-09T00:00:00
ID SMNTC-71501 Type symantec Reporter Symantec Security Response Modified 2014-12-09T00:00:00
Description
Description
Microsoft Excel is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Technologies Affected
Microsoft Excel 2007 SP3
Microsoft Excel 2010 SP1 (32-bit editions)
Microsoft Excel 2010 SP1 (64-bit editions)
Microsoft Excel 2010 SP2 (32-bit editions)
Microsoft Excel 2010 SP2 (64-bit editions)
Microsoft Excel 2013 (32-bit editions)
Microsoft Excel 2013 (64-bit editions)
Microsoft Excel 2013 RT
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office Compatibility Pack
Recommendations
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.
Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.
Updates are available. Please see the references or vendor advisory for more information.
{"published": "2014-12-09T00:00:00", "id": "SMNTC-71501", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [{"differentElements": ["description", "href", "affectedSoftware"], "edition": 1, "lastseen": "2016-09-04T11:42:47", "bulletin": {"published": "2014-12-09T00:00:00", "href": "https://www.symantec.com/security_response/vulnerability.jsp?bid=71501", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "reporter": "Symantec Security Response", "history": [], "description": "### Description\n\nMicrosoft Excel is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. \n\n### Technologies Affected\n\n * Microsoft Excel 2007 SP3\n * Microsoft Excel 2010 SP1 (32-bit editions)\n * Microsoft Excel 2010 SP1 (64-bit editions)\n * Microsoft Excel 2010 SP2 (32-bit editions)\n * Microsoft Excel 2010 SP2 (64-bit editions)\n * Microsoft Excel 2013 (32-bit editions)\n * Microsoft Excel 2013 (64-bit editions)\n * Microsoft Excel 2013 RT\n * Microsoft Excel 2013 RT Service Pack 1\n * Microsoft Excel 2013 Service Pack 1 (32-bit editions)\n * Microsoft Excel 2013 Service Pack 1 (64-bit editions)\n * Microsoft Office Compatibility Pack\n\n### Recommendations\n\n#### Run all software as a nonprivileged user with minimal access rights.\n\nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n#### Deploy network intrusion detection systems to monitor network traffic for malicious activity.\n\nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n#### Do not accept or execute files from untrusted or unknown sources.\n\nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n#### Do not follow links provided by unknown or untrusted sources.\n\nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n#### Implement multiple redundant layers of security.\n\nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities. \n\nUpdates are available. Please see the references or vendor advisory for more information. \n", "bulletinFamily": "software", "viewCount": 0, "cvelist": ["CVE-2014-6361"], "affectedSoftware": [{"version": "2007 SP3", "name": "Microsoft Excel", "operator": "eq"}, {"version": "RT", "name": "Microsoft Excel 2013", "operator": "eq"}, {"version": "2013 (32-bit editions)", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2013 (64-bit editions)", "name": "Microsoft Excel", "operator": "eq"}, {"version": "RT SP1", "name": "Microsoft Excel 2013", "operator": "eq"}, {"version": "SP1 (32-bit editions)", "name": "Microsoft Excel 2010", "operator": "eq"}, {"version": "SP2 (64-bit editions)", "name": "Microsoft Excel 2010", "operator": "eq"}, {"version": "SP1 (64-bit editions)", "name": "Microsoft Excel 2013", "operator": "eq"}, {"version": "SP2 (32-bit editions)", "name": "Microsoft Excel 2010", "operator": "eq"}, {"version": "SP1 (64-bit editions)", "name": "Microsoft Excel 2010", "operator": "eq"}, {"version": "any", "name": "Microsoft Office Compatibility Pack", "operator": "eq"}, {"version": "SP1 (32-bit editions)", "name": "Microsoft Excel 2013", "operator": "eq"}], "type": "symantec", "hash": "31dc52e76e9858fe3ce2487143659a517b581521e21b92bff5384b29c0588154", "references": [], "enchantments": {"score": {"value": 5.1, "modified": "2016-09-04T11:42:47"}}, "title": "Microsoft Excel CVE-2014-6361 Memory Corruption Vulnerability", "id": "SMNTC-71501", "lastseen": "2016-09-04T11:42:47", "edition": 1, "objectVersion": "1.2", "hashmap": [{"hash": "f2b87025849f413acd761f4b50d26a01", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "6508140894c3ab4b9f0d6fc0c74b7d00", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "fa434888fe0a3c50e96167378620d99a", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}, {"hash": "035733eadc62278b3a78158b2569913c", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "f3ef17e220ef3e2b7d85f43e12f15b75", "key": "affectedSoftware"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "published"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "modified"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}], "modified": "2014-12-09T00:00:00"}}], "description": "### Description\n\nMicrosoft Excel is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Excel 2007 SP3 \n * Microsoft Excel 2010 SP1 (32-bit editions) \n * Microsoft Excel 2010 SP1 (64-bit editions) \n * Microsoft Excel 2010 SP2 (32-bit editions) \n * Microsoft Excel 2010 SP2 (64-bit editions) \n * Microsoft Excel 2013 (32-bit editions) \n * Microsoft Excel 2013 (64-bit editions) \n * Microsoft Excel 2013 RT \n * Microsoft Excel 2013 RT Service Pack 1 \n * Microsoft Excel 2013 Service Pack 1 (32-bit editions) \n * Microsoft Excel 2013 Service Pack 1 (64-bit editions) \n * Microsoft Office Compatibility Pack \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "hash": "0d3efc4616847aae195504efe4f0b643e218af056146f80ad44e5ffeacbb3036", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "type": "symantec", "lastseen": "2018-03-12T00:30:51", "edition": 2, "title": "Microsoft Excel CVE-2014-6361 Memory Corruption Vulnerability", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/71501", "modified": "2014-12-09T00:00:00", "bulletinFamily": "software", "viewCount": 1, "cvelist": ["CVE-2014-6361"], "affectedSoftware": [{"version": "2010 SP2 (32-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2013 Service Pack 1 (64-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2010 SP2 (64-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2010 SP1 (64-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2013 RT ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2013 RT Service Pack 1 ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2013 (32-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2007 SP3 ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2013 Service Pack 1 (32-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2013 (64-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2010 SP1 (32-bit editions) ", "name": "Microsoft Excel", "operator": "eq"}], "references": [], "reporter": "Symantec Security Response", "hashmap": [{"hash": "4bef5a39c4aea737e9bfaeb7eba6d1a0", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "f2b87025849f413acd761f4b50d26a01", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "d45b733affa4c21454f4db7c894d4851", "key": "description"}, {"hash": "3d16c53580e93009be65ede2e4d44e8a", "key": "href"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "modified"}, {"hash": "86ffd76294760c93a6b08c9c98b80d63", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}, {"hash": "fa434888fe0a3c50e96167378620d99a", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}], "objectVersion": "1.3"}
{"cve": [{"lastseen": "2018-10-13T11:06:31", "references": ["https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083"], "description": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Excel Invalid Pointer Remote Code Execution Vulnerability.\"", "edition": 2, "reporter": "NVD", "published": "2014-12-10T19:59:12", "title": "CVE-2014-6361", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-6361"], "scanner": [], "modified": "2018-10-12T18:07:45", "cpe": ["cpe:/a:microsoft:excel:2007:sp3", "cpe:/a:microsoft:excel:2010:sp2:~~~x86~~", "cpe:/a:microsoft:excel:2010:sp2:~~~~x64~", "cpe:/a:microsoft:excel:2013::~~rt_gold~~~", "cpe:/a:microsoft:office_compatibility_pack", "cpe:/a:microsoft:excel:2013:sp1"], "id": "CVE-2014-6361", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6361", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:41:20", "references": ["https://technet.microsoft.com/en-us/security/bulletin/ms14-083", "http://secunia.com/advisories/61151", "https://support.microsoft.com/kb/3017347"], "pluginID": "1361412562310805023", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS14-083.", "edition": 9, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-12-10T00:00:00", "title": "Microsoft Office Excel Remote Code Execution Vulnerabilities (3017347)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6361", "CVE-2014-6360"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310805023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_excel_ms14-083.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# Microsoft Office Excel Remote Code Execution Vulnerabilities (3017347)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805023\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-6360\", \"CVE-2014-6361\");\n script_bugtraq_id(71500, 71501);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 10:25:07 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"Microsoft Office Excel Remote Code Execution Vulnerabilities (3017347)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS14-083.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to,\n\n - An error related to a global free which can be exploited to corrupt memory.\n\n - An error related to an invalid pointer which can be exploited to corrupt\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Excel 2013\n Microsoft Excel 2007 Service Pack 3 and prior\n Microsoft Excel 2010 Service Pack 2 and prior\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed\n hotfixes or download and install the hotfixes from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61151\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3017347\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms14-083\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Excel/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nexcelVer = get_kb_item(\"SMB/Office/Excel/Version\");\nif(excelVer =~ \"^(12|14|15)\\..*\")\n{\n if(version_in_range(version:excelVer, test_version:\"12.0\", test_version2:\"12.0.6712.4999\") ||\n version_in_range(version:excelVer, test_version:\"14.0\", test_version2:\"14.0.7140.4999\") ||\n version_in_range(version:excelVer, test_version:\"15.0\", test_version2:\"15.0.4675.999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-26T13:22:11", "references": ["https://technet.microsoft.com/en-us/security/bulletin/ms14-083", "http://secunia.com/advisories/61151", "https://support.microsoft.com/kb/3017347"], "pluginID": "1361412562310805024", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS14-083.", "edition": 10, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-12-10T00:00:00", "title": "Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (3017347)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6361", "CVE-2014-6360"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310805024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms_office_and_compat_pack_ms14-083.nasl 12513 2018-11-23 14:24:09Z cfischer $\n#\n# Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (3017347)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805024\");\n script_version(\"$Revision: 12513 $\");\n script_cve_id(\"CVE-2014-6360\", \"CVE-2014-6361\");\n script_bugtraq_id(71500, 71501);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 15:24:09 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-12-10 10:52:06 +0530 (Wed, 10 Dec 2014)\");\n script_name(\"Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (3017347)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS14-083.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to,\n\n - An error related to a global free which can be exploited to corrupt memory.\n\n - An error related to an invalid pointer which can be exploited to corrupt\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Compatibility Pack Service Pack 3\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed\n hotfixes or download and install the hotfixes from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/61151\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/3017347\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms14-083\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/ComptPack/Version\", \"SMB/Office/XLCnv/Version\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\ncmpPckVer = get_kb_item(\"SMB/Office/ComptPack/Version\");\nif(cmpPckVer && cmpPckVer =~ \"^12\\.\")\n{\n xlcnvVer = get_kb_item(\"SMB/Office/XLCnv/Version\");\n if(xlcnvVer && xlcnvVer =~ \"^12\\.\")\n {\n ## took the file excelconv.exe which is updated after patch\n if(version_in_range(version:xlcnvVer, test_version:\"12.0\", test_version2:\"12.0.6713.4999\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-17T02:52:47", "references": ["https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-083"], "pluginID": "79832", "description": "The remote Windows host has a version of Microsoft Excel or Office Compatibility Pack that is affected by multiple remote code execution vulnerabilities due to Microsoft Excel improperly handling objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user.", "edition": 7, "reporter": "Tenable", "published": "2014-12-09T00:00:00", "title": "MS14-083: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6361", "CVE-2014-6360"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:microsoft:excel_viewer", "cpe:/a:microsoft:excel", "cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS14-083.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79832);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2014-6360\", \"CVE-2014-6361\");\n script_bugtraq_id(71500, 71501);\n script_xref(name:\"MSFT\", value:\"MS14-083\");\n script_xref(name:\"MSKB\", value:\"2910902\");\n script_xref(name:\"MSKB\", value:\"2910929\");\n script_xref(name:\"MSKB\", value:\"2920790\");\n script_xref(name:\"MSKB\", value:\"2920791\");\n script_xref(name:\"MSKB\", value:\"2984942\");\n\n script_name(english:\"MS14-083: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)\");\n script_summary(english:\"Checks the Excel versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office component installed on the remote host is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has a version of Microsoft Excel or Office\nCompatibility Pack that is affected by multiple remote code execution\nvulnerabilities due to Microsoft Excel improperly handling objects in\nmemory. A remote attacker can exploit these vulnerabilities by\nconvincing a user to open a specially crafted Office file, resulting\nin execution of arbitrary code in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-083\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Excel 2007, Excel 2010,\nExcel 2013, and Office Compatibility Pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS14-083\";\nkbs = make_list(\n 2910902,\n 2910929,\n 2920790,\n 2920791,\n 2984942\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\ninfo = \"\";\nvuln = FALSE;\n\n######################################################################\n# Office\n######################################################################\ninstalls = get_kb_list(\"SMB/Office/Excel/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/Excel/' - '/ProductPath';\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n path = installs[install];\n path = path - '\\\\Excel.exe';\n info = '';\n\n # Office 2007 SP3\n if (ver[0] == 12)\n # Ensure share is accessible\n {\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n if (\n (ver[0] == 12 && ver[1] == 0 && ver[2] < 6712) ||\n (ver[0] == 12 && ver[1] == 0 && ver[2] == 6712 && ver[3] < 5000)\n )\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel 2007' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.6712.5000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2984942\");\n }\n }\n }\n else if (ver[0] == 14)\n {\n # Office 2010 SP2\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n if (\n (ver[0] == 14 && ver[1] == 0 && ver[2] < 7140) ||\n (ver[0] == 14 && ver[1] == 0 && ver[2] == 7140 && ver[3] < 5000)\n )\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel 2010' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 14.0.7140.5000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2910902\");\n }\n }\n }\n else if (ver[0] == 15)\n {\n # Office 2013\n if (\n (ver[0] == 15 && ver[1] == 0 && ver[2] < 4675) ||\n (ver[0] == 15 && ver[1] == 0 && ver[2] == 4675 && ver[3] < 1000)\n )\n {\n vuln = TRUE;\n info =\n '\\n Product : Excel 2013' +\n '\\n File : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 15.0.4675.1000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2910929\");\n }\n }\n }\n}\n\n######################################################################\n# Microsoft Office Compatibility Pack\n######################################################################\nversion = '';\ninstalls = get_kb_list(\"SMB/Office/ExcelCnv/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n version = install - 'SMB/Office/ExcelCnv/' - '/ProductPath';\n path = installs[install];\n if (isnull(path)) path = \"n/a\";\n\n ver = split(version, sep:\".\", keep:FALSE);\n for (i = 0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n if (\n (ver[0] == 12 && ver[1] == 0 && ver[2] < 6713) ||\n (ver[0] == 12 && ver[1] == 0 && ver[2] == 6713 && ver[3] < 5000)\n )\n {\n info =\n '\\n Product : 2007 Office system and the Office Compatibility Pack' +\n '\\n File : '+ path +\n '\\n Installed version : '+ version +\n '\\n Fixed version : 12.0.6713.5000' +\n '\\n';\n hotfix_add_report(info, bulletin:bulletin, kb:\"2920790\");\n }\n }\n}\n\n# Check for 2920791\ninstalls = get_kb_list(\"SMB/Office/ExcelViewer/*/ProductPath\");\nif(!isnull(installs)) \n{\n foreach install (keys(installs))\n {\n path = installs[install];\n path = ereg_replace(pattern:\"\\\\[A-Za-z.]+$\", replace:\"\\\", string:path);\n vuln = hotfix_is_vulnerable(file:\"xlview.exe\", version:\"12.0.6716.5000\", min_version:\"12.0.0.0\", path:path, bulletin:bulletin, kb:\"2920791\");\n if(vuln) break;\n }\n}\n\nif (!version)\n{\n # Additional check if registry key is missing\n path = get_kb_item(\"SMB/Office/Excel/12.0/Path\");\n\n kb = \"2920790\";\n if (\n hotfix_is_vulnerable(file:\"excelcnv.exe\", version:\"12.0.6713.5000\", min_version:\"12.0.0.0\", path:path, bulletin:bulletin, kb:kb)\n ) vuln = TRUE;\n}\n\nif (info || vuln)\n{\n set_kb_item(name:\"SMB/Missing/\" + bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "references": [], "description": "Memory corruptions, index overflows, use-after-free, uninitialized pointers.", "edition": 1, "reporter": "MICROSOFT", "published": "2015-01-14T00:00:00", "title": "Microsoft Office multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:58", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Office", "version": "2013", "operator": "eq"}, {"name": "Office", "version": "2012", "operator": "eq"}, {"name": "Office", "version": "2010", "operator": "eq"}, {"name": "Office", "version": "2007", "operator": "eq"}], "cvelist": ["CVE-2014-6357", "CVE-2014-6361", "CVE-2014-6356", "CVE-2014-6364", "CVE-2014-6360"], "modified": "2015-01-14T00:00:00", "id": "SECURITYVULNS:VULN:14212", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14212", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-12-06T13:24:00", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n12/09/2014\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Office products. Malicious users can exploit these vulnerabilities to run arbitrary code, cause denial of service, loss of integrity, security bypass, privilege escalation and obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Office 2003, \nMicrosoft Office 2007, \nMicrosoft Office 2010, \nMicrosoft Office 2013, \nMicrosoft Office 2013 RT, \nMicrosoft Office for Mac, \nMicrosoft Word Viewer, \nMicrosoft Office Web Apps, \nMicrosoft SharePoint Server, \nMicrosoft Office Compatibility Pack, \nMicrosoft OneNote.\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2014-1818](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1818>) \n[CVE-2014-1817](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1817>) \n[CVE-2014-2778](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-2778>) \n[CVE-2014-4077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4077>) \n[CVE-2014-0260](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0260>) \n[CVE-2014-0259](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0259>) \n[CVE-2014-2815](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-2815>) \n[CVE-2014-6333](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6333>) \n[CVE-2014-6361](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6361>) \n[CVE-2014-6360](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6360>) \n[CVE-2014-6364](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6364>) \n[CVE-2014-6357](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6357>) \n[CVE-2014-1761](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1761>) \n[CVE-2014-0258](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0258>) \n[CVE-2014-1808](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1808>) \n[CVE-2014-1756](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1756>) \n[CVE-2014-1757](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1757>) \n[CVE-2014-1758](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1758>) \n[CVE-2014-6334](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6334>) \n[CVE-2014-6335](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6335>) \n[CVE-2014-4117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-4117>) \n[CVE-2014-1809](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-1809>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2014-1818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1818>) \n[CVE-2014-1817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1817>) \n[CVE-2014-2778](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2778>) \n[CVE-2014-4077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4077>) \n[CVE-2014-0260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0260>) \n[CVE-2014-0259](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0259>) \n[CVE-2014-2815](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2815>) \n[CVE-2014-6333](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6333>) \n[CVE-2014-6361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6361>) \n[CVE-2014-6360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6360>) \n[CVE-2014-6364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6364>) \n[CVE-2014-6357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6357>) \n[CVE-2014-1761](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1761>) \n[CVE-2014-0258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0258>) \n[CVE-2014-1808](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1808>) \n[CVE-2014-1756](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1756>) \n[CVE-2014-1757](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1757>) \n[CVE-2014-1758](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1758>) \n[CVE-2014-6334](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6334>) \n[CVE-2014-6335](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6335>) \n[CVE-2014-4117](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4117>) \n[CVE-2014-1809](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1809>) \n\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[2967487](<http://support.microsoft.com/kb/2967487>) \n[2969261](<http://support.microsoft.com/kb/2969261>) \n[2992719](<http://support.microsoft.com/kb/2992719>) \n[3017301](<http://support.microsoft.com/kb/3017301>) \n[3017349](<http://support.microsoft.com/kb/3017349>) \n[3017347](<http://support.microsoft.com/kb/3017347>) \n[3009710](<http://support.microsoft.com/kb/3009710>) \n[3000434](<http://support.microsoft.com/kb/3000434>) \n[2961033](<http://support.microsoft.com/kb/2961033>) \n[2961037](<http://support.microsoft.com/kb/2961037>) \n[2950145](<http://support.microsoft.com/kb/2950145>) \n[2949660](<http://support.microsoft.com/kb/2949660>) \n[2916605](<http://support.microsoft.com/kb/2916605>) \n[2977201](<http://support.microsoft.com/kb/2977201>)", "edition": 27, "reporter": "Kaspersky Lab", "published": "2014-12-09T00:00:00", "title": "\r KLA10616Multiple vulnerabilities in Microsoft Office ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2014-0258", "CVE-2014-4077", "CVE-2014-6357", "CVE-2014-6361", "CVE-2014-1809", "CVE-2014-1817", "CVE-2014-6334", "CVE-2014-6335", "CVE-2014-1758", "CVE-2014-1818", "CVE-2014-0259", "CVE-2014-1757", "CVE-2014-2778", "CVE-2014-6364", "CVE-2014-1808", "CVE-2014-0260", "CVE-2014-1761", "CVE-2014-2815", "CVE-2014-4117", "CVE-2014-1756", "CVE-2014-6360", "CVE-2014-6333"], "modified": "2018-12-04T00:00:00", "id": "KLA10616", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10616", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
