Microsoft Office CVE-2015-6172 Remote Code Execution Vulnerability
2015-12-08T00:00:00
ID SMNTC-78549 Type symantec Reporter Symantec Security Response Modified 2015-12-08T00:00:00
Description
Description
Microsoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.
Technologies Affected
Microsoft Microsoft Office Compatibility Pack SP 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Recommendations
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.
Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.
Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.
Updates are available. Please see the references or vendor advisory for more information.
{"id": "SMNTC-78549", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Office CVE-2015-6172 Remote Code Execution Vulnerability", "description": "### Description\n\nMicrosoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Microsoft Microsoft Office Compatibility Pack SP 3 \n * Microsoft Office 2010 Service Pack 2 (32-bit editions) \n * Microsoft Office 2010 Service Pack 2 (64-bit editions) \n * Microsoft Word 2007 Service Pack 3 \n * Microsoft Word 2010 Service Pack 2 (32-bit editions) \n * Microsoft Word 2010 Service Pack 2 (64-bit editions) \n * Microsoft Word 2013 RT Service Pack 1 \n * Microsoft Word 2013 Service Pack 1 (32-bit editions) \n * Microsoft Word 2013 Service Pack 1 (64-bit editions) \n * Microsoft Word 2016 (32-bit edition) \n * Microsoft Word 2016 (64-bit edition) \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2015-12-08T00:00:00", "modified": "2015-12-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/78549", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2015-6172"], "lastseen": "2018-03-12T04:25:05", "viewCount": 2, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2018-03-12T04:25:05", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-6172"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806183", "OPENVAS:1361412562310806177", "OPENVAS:1361412562310806174"]}, {"type": "nessus", "idList": ["SMB_NT_MS15-131.NASL"]}, {"type": "mskb", "idList": ["KB3116111"]}, {"type": "kaspersky", "idList": ["KLA10716"]}], "modified": "2018-03-12T04:25:05", "rev": 2}, "vulnersScore": 8.6}, "affectedSoftware": [{"version": "2007 Service Pack 3 ", "name": "Microsoft Word", "operator": "eq"}, {"version": "2016 (32-bit edition) ", "name": "Microsoft Word", "operator": "eq"}, {"version": "3 ", "name": "Microsoft Microsoft Office Compatibility Pack SP", "operator": "eq"}, {"version": "2010 Service Pack 2 (32-bit editions) ", "name": "Microsoft Word", "operator": "eq"}, {"version": "2010 Service Pack 2 (32-bit editions) ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2013 Service Pack 1 (32-bit editions) ", "name": "Microsoft Word", "operator": "eq"}, {"version": "2010 Service Pack 2 (64-bit editions) ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2016 (64-bit edition) ", "name": "Microsoft Word", "operator": "eq"}, {"version": "2013 Service Pack 1 (64-bit editions) ", "name": "Microsoft Word", "operator": "eq"}, {"version": "2013 RT Service Pack 1 ", "name": "Microsoft Word", "operator": "eq"}, {"version": "2010 Service Pack 2 (64-bit editions) ", "name": "Microsoft Word", "operator": "eq"}]}
{"cve": [{"lastseen": "2021-02-02T06:21:28", "description": "Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka \"Microsoft Office RCE Vulnerability.\"", "edition": 4, "cvss3": {}, "published": "2015-12-09T11:59:00", "title": "CVE-2015-6172", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-6172"], "modified": "2018-10-12T22:10:00", "cpe": ["cpe:/a:microsoft:word:2007", "cpe:/a:microsoft:word:2013", "cpe:/a:microsoft:office:2010", "cpe:/a:microsoft:word:2010", "cpe:/a:microsoft:office_compatibility_pack:*"], "id": "CVE-2015-6172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6172", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-06-10T19:49:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6124", "CVE-2015-6172"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-131.", "modified": "2020-06-09T00:00:00", "published": "2015-12-09T00:00:00", "id": "OPENVAS:1361412562310806183", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806183", "type": "openvas", "title": "Microsoft Office Word Multiple Remote Code Execution Vulnerabilities (3116111)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Word Multiple Remote Code Execution Vulnerabilities (3116111)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806183\");\n script_version(\"2020-06-09T05:48:43+0000\");\n script_cve_id(\"CVE-2015-6124\", \"CVE-2015-6172\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 05:48:43 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 13:16:16 +0530 (Wed, 09 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Office Word Multiple Remote Code Execution Vulnerabilities (3116111)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-131.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaws are due to improper handling of files\n in the memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to run arbitrary code in the context of the current user and\n to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Word 2007 Service Pack 3 and prior\n\n - Microsoft Word 2010 Service Pack 2 and prior\n\n - Microsoft Word 2013 Service Pack 1 and prior\n\n - Microsoft Word 2016 Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3101532\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3114342\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3114458\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS15-131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"SMB/Office/Word/Version\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms15-131\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n##word 2007, 2010, 2013, 2016\nexeVer = get_kb_item(\"SMB/Office/Word/Version\");\nif(!exeVer){\n exit(0);\n}\n\nexePath = get_kb_item(\"SMB/Office/Word/Install/Path\");\nif(!exePath){\n exePath = \"Unable to fetch the install path\";\n}\n\nif(exeVer && exeVer =~ \"^(12|14|15|16).*\")\n{\n if(exeVer =~ \"^12\"){\n Vulnerable_range = \"12 - 12.0.6740.4999\";\n }\n else if(exeVer =~ \"^14\"){\n Vulnerable_range = \"14 - 14.0.7164.5000\";\n }\n else if(exeVer =~ \"^15\"){\n Vulnerable_range = \"15 - 15.0.4779.1000\";\n }\n else if(exeVer =~ \"^16\"){\n Vulnerable_range = \"16 - 16.0.4312.1000\";\n }\n\n if(version_in_range(version:exeVer, test_version:\"12.0\", test_version2:\"12.0.6740.4999\") ||\n version_in_range(version:exeVer, test_version:\"14.0\", test_version2:\"14.0.7164.5000\") ||\n version_in_range(version:exeVer, test_version:\"15.0\", test_version2:\"15.0.4779.1000\") ||\n version_in_range(version:exeVer, test_version:\"16.0\", test_version2:\"16.0.4312.1000\"))\n {\n report = 'File checked: ' + exePath + \"winword.exe\" + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T14:00:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6124", "CVE-2015-6172", "CVE-2015-6118"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-131.", "modified": "2019-12-20T00:00:00", "published": "2015-12-09T00:00:00", "id": "OPENVAS:1361412562310806174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806174", "type": "openvas", "title": "Microsoft Office Suite Remote Code Execution Vulnerabilities (3116111)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Suite Remote Code Execution Vulnerabilities (3116111)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806174\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2015-6118\", \"CVE-2015-6124\", \"CVE-2015-6172\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 12:09:07 +0530 (Wed, 09 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Office Suite Remote Code Execution Vulnerabilities (3116111)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-131.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist in the way that Microsoft\n Outlook parses specially crafted email messages.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a\n context-dependent attacker to corrupt memory and potentially\n execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Office 2007 Service Pack 3 and prior\n\n - Microsoft Office 2010 Service Pack 2 and prior\n\n - Microsoft Office 2013 Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3085549\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3114403\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3114425\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_ms_office_detection_900025.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/Office/Ver\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nofficeVer = get_kb_item(\"MS/Office/Ver\");\n\n## MS Office 2007\nif(officeVer && officeVer =~ \"^12\\.\")\n{\n dllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"CommonFilesDir\");\n if(dllPath)\n {\n msoVer = fetch_file_version(sysPath:dllPath, file_name:\"Microsoft Shared\\OFFICE12\\mso.dll\");\n if(msoVer)\n {\n if(version_in_range(version:msoVer, test_version:\"12.0\", test_version2:\"12.0.6739.4999\"))\n {\n report = 'File checked: ' + dllPath + \"\\Microsoft Shared\\OFFICE12\" + \"\\mso.dll\" + '\\n' +\n 'File version: ' + msoVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6739.4999 \\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n\n mspVer = fetch_file_version(sysPath:dllPath, file_name:\"Microsoft Shared\\OFFICE12\\msptls.dll\");\n if(mspVer)\n {\n if(version_in_range(version:mspVer, test_version:\"12.0\", test_version2:\"12.0.6739.4999\"))\n {\n report = 'File checked: ' + dllPath + \"\\Microsoft Shared\\OFFICE12\" + \"\\msptls.dll\" + '\\n' +\n 'File version: ' + mspVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6739.4999 \\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\n\n## For office 2010 Wwlibcxm.dll is mentioned and it is not available so ignoring\n## version check for office 2010 https://support.microsoft.com/en-us/kb/2965311\n## MS Office 2010\nif(officeVer && officeVer =~ \"^14\\.\")\n{\n dllPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"CommonFilesDir\");\n\n if(dllPath)\n {\n dllVer = fetch_file_version(sysPath:dllPath, file_name:\"Microsoft Shared\\OFFICE14\\msptls.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"14.0\", test_version2:\"14.0.7164.4999\"))\n {\n report = 'File checked: ' + dllPath + \"\\Microsoft Shared\\OFFICE14\" + \"\\msptls.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: 14.0 - 14.0.7164.4999 \\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-10T19:51:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6124", "CVE-2015-6172", "CVE-2015-6122", "CVE-2015-6040"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-113.", "modified": "2020-06-09T00:00:00", "published": "2015-12-09T00:00:00", "id": "OPENVAS:1361412562310806177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806177", "type": "openvas", "title": "Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (3116111)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (3116111)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806177\");\n script_version(\"2020-06-09T05:48:43+0000\");\n script_cve_id(\"CVE-2015-6040\", \"CVE-2015-6122\", \"CVE-2015-6124\", \"CVE-2015-6172\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 05:48:43 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 14:32:12 +0530 (Wed, 09 Dec 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (3116111)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-113.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Microsoft Excel improperly handles the loading of dynamic link library\n (DLL) files.\n\n - Improper handling of files in the memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to run arbitrary code and corrupt memory in the context of the\n current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office Compatibility Pack Service Pack 3 and prior.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3116111\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3114431\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3114457\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS15-131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/Office/ComptPack/Version\", \"SMB/Office/XLCnv/Version\", \"SMB/Office/WordCnv/Version\");\n\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/security/bulletin/ms15-131\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\ncmpPckVer = get_kb_item(\"SMB/Office/ComptPack/Version\");\nif(cmpPckVer && cmpPckVer =~ \"^12\\.\")\n{\n xlcnvVer = get_kb_item(\"SMB/Office/XLCnv/Version\");\n if(xlcnvVer && xlcnvVer =~ \"^12\\.\")\n {\n ## took the file excelconv.exe which is updated after patch\n if(version_in_range(version:xlcnvVer, test_version:\"12.0\", test_version2:\"12.0.6739.4999\"))\n {\n report = 'File checked: excelconv.exe' + '\\n' +\n 'File version: ' + xlcnvVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6739.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nwordcnvVer = get_kb_item(\"SMB/Office/WordCnv/Version\");\nif(wordcnvVer && wordcnvVer =~ \"^12\\.\")\n{\n # Office Word Converter\n path = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"ProgramFilesDir\");\n if(path)\n {\n sysVer = fetch_file_version(sysPath:path + \"\\Microsoft Office\\Office12\", file_name:\"Wordcnv.dll\");\n if(sysVer && sysVer =~ \"^12\\.\")\n {\n if(version_in_range(version:sysVer, test_version:\"12.0\", test_version2:\"12.0.6740.4999\"))\n {\n report = 'File checked: Wordcnv.dll' + '\\n' +\n 'File version: ' + sysVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6740.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n\n InsPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\", item:\"CommonFilesDir\");\n if(InsPath)\n {\n offPath = InsPath + \"\\Microsoft Shared\\Office12\";\n exeVer = fetch_file_version(sysPath:offPath, file_name:\"Mso.dll\");\n if(exeVer && exeVer =~ \"^12\\.\")\n {\n if(version_in_range(version:exeVer, test_version:\"12.0\", test_version2:\"12.0.6739.4999\"))\n {\n report = 'File checked: Mso.dll' + '\\n' +\n 'File version: ' + exeVer + '\\n' +\n 'Vulnerable range: 12.0 - 12.0.6739.4999' + '\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:49:29", "bulletinFamily": "info", "cvelist": ["CVE-2015-6124", "CVE-2015-6172", "CVE-2015-6118", "CVE-2015-6122", "CVE-2015-6177", "CVE-2015-6040"], "description": "### *Detect date*:\n12/08/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Office 2007 Service Pack 3 \nMicrosoft Office 2010 Service Pack 2 \nMicrosoft Office 2013 Service Pack 1 \nMicrosoft Office 2016 \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office for Mac 2011 \nMicrosoft Office for Mac 2016\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-6122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6122>) \n[CVE-2015-6118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6118>) \n[CVE-2015-6177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6177>) \n[CVE-2015-6124](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6124>) \n[CVE-2015-6172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6172>) \n[CVE-2015-6040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6040>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *CVE-IDS*:\n[CVE-2015-6122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6122>)9.3Critical \n[CVE-2015-6118](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6118>)9.3Critical \n[CVE-2015-6177](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6177>)9.3Critical \n[CVE-2015-6124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6124>)9.3Critical \n[CVE-2015-6172](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6172>)9.3Critical \n[CVE-2015-6040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6040>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3085549](<http://support.microsoft.com/kb/3085549>) \n[3114422](<http://support.microsoft.com/kb/3114422>) \n[3114479](<http://support.microsoft.com/kb/3114479>) \n[3114431](<http://support.microsoft.com/kb/3114431>) \n[3114425](<http://support.microsoft.com/kb/3114425>) \n[3114433](<http://support.microsoft.com/kb/3114433>) \n[3114382](<http://support.microsoft.com/kb/3114382>) \n[3114415](<http://support.microsoft.com/kb/3114415>) \n[3114342](<http://support.microsoft.com/kb/3114342>) \n[3114403](<http://support.microsoft.com/kb/3114403>) \n[3119518](<http://support.microsoft.com/kb/3119518>) \n[3085528](<http://support.microsoft.com/kb/3085528>) \n[3116111](<http://support.microsoft.com/kb/3116111>) \n[3114457](<http://support.microsoft.com/kb/3114457>) \n[3101532](<http://support.microsoft.com/kb/3101532>) \n[3114458](<http://support.microsoft.com/kb/3114458>) \n[3119517](<http://support.microsoft.com/kb/3119517>)", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2015-12-08T00:00:00", "id": "KLA10716", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10716", "title": "\r KLA10716Code execution vulnerabilities in Microsoft Office ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:41:58", "bulletinFamily": "microsoft", "cvelist": ["CVE-2015-6124", "CVE-2015-6172", "CVE-2015-6118", "CVE-2015-6122", "CVE-2015-6177", "CVE-2015-6040"], "description": "<html><body><p>Resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a vulnerability in Microsoft Office. To learn more about the vulnerability, see <a href=\"https://technet.microsoft.com/library/security/ms15-131\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS15-131</a>.<span></span><br/></div><h2>More information about this security update</h2><div class=\"kb-moreinformation-section section\">The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.<br/><ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/help/3085528\" id=\"kb-link-3\" target=\"_self\">KB3085528 MS15-131: Description of the security update for Office 2010: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114479\" id=\"kb-link-4\" target=\"_self\">KB3114479 MS15-131: Description of the security update for Word Viewer: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3085549\" id=\"kb-link-5\" target=\"_self\">KB3085549 MS15-131: Description of the security update for the 2007 Microsoft Office Suite: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3101532\" id=\"kb-link-6\" target=\"_self\">KB3101532 MS15-131: Description of the security update for Word 2010: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114342\" id=\"kb-link-7\" target=\"_self\">KB3114342 MS15-131: Description of the security update for Word 2013: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114382\" id=\"kb-link-8\" target=\"_self\">KB3114382 MS15-131: Description of the security update for Word 2016: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114403\" id=\"kb-link-9\" target=\"_self\">KB3114403 MS15-131: Description of the security update for Office 2010: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114415\" id=\"kb-link-10\" target=\"_self\">KB3114415 MS15-131: Description of the security update for Excel 2010: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114422\" id=\"kb-link-11\" target=\"_self\">KB3114422 MS15-131: Description of the security update for Excel 2007: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114425\" id=\"kb-link-12\" target=\"_self\">KB3114425 MS15-131: Description of the security update for the 2007 Microsoft Office Suite: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114431\" id=\"kb-link-13\" target=\"_self\">KB3114431 MS15-131: Description of the security update for the Office Compatibility Pack Service Pack 3: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114433\" id=\"kb-link-14\" target=\"_self\">KB3114433 MS15-131: Description of the security update for Microsoft Excel Viewer 2007: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114457\" id=\"kb-link-15\" target=\"_self\">KB3114457 MS15-131: Description of the security update for the Office Compatibility Pack Service Pack 3: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3114458\" id=\"kb-link-16\" target=\"_self\">KB3114458 MS15-131: Description of the security update for Word 2007: December 8, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3119517\" id=\"kb-link-17\" target=\"_self\">KB3119517 MS15-131: Description of the security update for Office for Mac 2011: December 10, 2015</a></li><li><a href=\"https://support.microsoft.com/help/3119518\" id=\"kb-link-18\" target=\"_self\">KB3119518 MS15-131: Description of the security update for Office 2016 for Mac: December 10, 2015</a></li></ul><h3 class=\"sbody-h3\">Nonsecurity-related fixes and improvements that are included in this security update</h3><ul class=\"sbody-free_list\"><li>This security update adds support for Mail Apps API requirement set 1.3 to Outlook 2013.<br/><br/><span class=\"text-base\">Note</span> To apply this update, install this security update together with December 8, 2015, update for Outlook 2013 (<a href=\"https://support.microsoft.com/help/3114358\" id=\"kb-link-19\" target=\"_self\">KB3114358</a>). See <a href=\"https://support.microsoft.com/help/3085636\" id=\"kb-link-20\" target=\"_self\">KB3085636</a> for more information.<br/></li><li>Renames the \"Add-Ins\" string to the \"Add-ins\" string for consistency.<br/></li><li>This security update also contains fixes for the following nonsecurity issues:<br/><ul class=\"sbody-free_list\"><li>When there is more than one ActiveX (OCX) object in a document in Word 2013, an infinite scroll occurs between objects. This issue occurs after you apply <a href=\"https://support.microsoft.com/help/2956163\" id=\"kb-link-21\" target=\"_self\">MS15-022: Description of the security update for Word 2013: March 10, 2015 (KB2956163)</a>.<br/></li><li>When you use a printer to print a document, and then you change to another printer programmatically in Word 2013, Word 2013 may crash.<br/></li><li>When you reopen a drawing that contains a Word object in Visio 2016, the Word object that is displayed as an icon doesn't appear. If you press Ctrl+A to select all shapes in the document to locate the Word object and then try to change the icon in the <strong class=\"uiterm\">Convert</strong> dialog box, you receive the following error message:<div class=\"sbody-error\">An error (1424) occurred during the action Convert Object. <br/>The object is empty. <br/></div><br/></li><li>When you press the F9 key repeatedly to update a nested field (an IF field that has a condition for a Caps switch) in Word 2016, the result of the field calculation that is displayed toggles between the condition in which all letters are capitalized and the condition in which the first letter is a capital.<br/></li><li>The <a href=\"https://msdn.microsoft.com/en-us/library/office/ff191963.aspx\" id=\"kb-link-22\" target=\"_self\">ContentControlOnExit</a>event isn't triggered when you edit a content control in the document body and then click into the header of a document in Word 2016.<br/><br/></li><li>After you enable the Track Changes function in Word 2016, deleted text is tracked for reviewers that have the same user name.<br/></li><li>Assume that you have a document that has footnotes and both manual and automatic page breaks in Word 2016. You set the <strong class=\"uiterm\">Numbering</strong> to <strong class=\"uiterm\">Restart each page in the Footnote and Endnote</strong> dialog box. When you print a document in the background, footnote numbers in the printout are numbered consecutively instead of being restarted on each page.<br/></li><li>Some text about document upload errors and digital signatures are unreadable on the Backstage in Word 2016 that uses the Dark Gray theme.<br/></li><li>HTML tables aren't displayed correctly in documents in Word 2016.<br/></li><li>When you use add-ins API to set content control text in a co-authoring session in Word 2016, Word 2016 may crash.<br/></li><li>If a range only contains the close tag of a content control, the <a href=\"https://msdn.microsoft.com/en-us/library/microsoft.office.interop.word.range.contentcontrols(v=office.15).aspx\" id=\"kb-link-23\" target=\"_self\">Range.ContentControls</a> property doesn't collect the content control.<br/></li><li>Translates some terms in multiple languages to make sure of accurate meaning.<br/></li></ul></li></ul></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">The 2007 Microsoft Office system (all editions) and other software</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\">Reference Table</span><br/><br/>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For the 2007 Microsoft Office system, Service Pack 3:<br/><span class=\"text-base\">msptls2007-kb3085549-fullfile-x86-glb.exe</span><span class=\"text-base\"><br/><span class=\"text-base\">mso2007-kb3114425-fullfile-x86-glb.exe</span></span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Excel 2007 Service Pack 3:<br/><span class=\"text-base\">excel2007-kb3114422-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Word 2007 Service Pack 3:<br/><span class=\"text-base\">word2007-kb3114458-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Office Compatibility Pack:<br/><span class=\"text-base\">xlconv2007-kb3114433-fullfile-x86-glb.exe</span><br/><span class=\"text-base\">wordconv2007-kb3114457-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Excel Viewer:<br/><span class=\"text-base\">xlview2007-kb3114433-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-25\" target=\"_self\">Microsoft Knowledge Base Article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-26\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in <span class=\"text-base\">Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3085549\" id=\"kb-link-27\" target=\"_self\">Microsoft Knowledge Base Article 3085549</a><br/>See <a href=\"https://support.microsoft.com/help/3114425\" id=\"kb-link-28\" target=\"_self\">Microsoft Knowledge Base Article 3114425</a><br/>See <a href=\"https://support.microsoft.com/help/3114422\" id=\"kb-link-29\" target=\"_self\">Microsoft Knowledge Base Article 3114422</a><br/>See <a href=\"https://support.microsoft.com/help/3114458\" id=\"kb-link-30\" target=\"_self\">Microsoft Knowledge Base Article 3114458</a><br/>See <a href=\"https://support.microsoft.com/help/3114433\" id=\"kb-link-31\" target=\"_self\">Microsoft Knowledge Base Article 3114433</a><br/>See <a href=\"https://support.microsoft.com/help/3114457\" id=\"kb-link-32\" target=\"_self\">Microsoft Knowledge Base Article 3114457</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2010 (all editions)</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><h5 class=\"sbody-h5 text-subtitle\">Reference table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Microsoft Office 2010 Service Pack 2 (32-bit editions)<br/><span class=\"text-base\">kb24286772010-kb3114403-fullfile-x86-glb.exe</span><br/><span class=\"text-base\">msptls2010-kb3085528-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Office 2010 Service Pack 2 (64-bit editions)<br/><span class=\"text-base\">kb24286772010-kb3114403-fullfile-x64-glb.exe</span><br/><span class=\"text-base\">msptls2010-kb3085528-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Office 2010 Service Pack 2 (32-bit editions)<br/><span class=\"text-base\">kb24286772010-kb3114403-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Office 2010 Service Pack 2 (64-bit editions)<br/><span class=\"text-base\">kb24286772010-kb3114403-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Excel 2010 Service Pack 2 (32-bit editions)<br/><span class=\"text-base\">excel2010-kb3114415-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Excel 2010 Service Pack 2 (64-bit editions)<br/><span class=\"text-base\">excel2010-kb3114415-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Word 2010 Service Pack 2 (32-bit editions):<br/><span class=\"text-base\">word2010-kb3101532-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Word 2010 Service Pack 2 (64-bit editions):<br/><span class=\"text-base\">word2010-kb3101532-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-33\" target=\"_self\">Microsoft Knowledge Base Article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-34\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in <span class=\"text-base\">Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3114403\" id=\"kb-link-35\" target=\"_self\">Microsoft Knowledge Base Article 3114403</a><br/>See <a href=\"https://support.microsoft.com/help/3085528\" id=\"kb-link-36\" target=\"_self\">Microsoft Knowledge Base Article 3085528</a><br/>See <a href=\"https://support.microsoft.com/help3114403\" id=\"kb-link-37\" target=\"_self\">Microsoft Knowledge Base Article 3114403</a><br/>See <a href=\"https://support.microsoft.com/help/3114415\" id=\"kb-link-38\" target=\"_self\">Microsoft Knowledge Base Article 3114415</a><br/>See <a href=\"https://support.microsoft.com/help/3101532\" id=\"kb-link-39\" target=\"_self\">Microsoft Knowledge Base Article 3101532</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2013 (all editions)</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><h5 class=\"sbody-h5 text-subtitle\">Reference table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For supported editions of Microsoft Word 2013 Service Pack 1 (32-bit editions):<br/><span class=\"text-base\">word2013-kb3114342-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For supported editions of Microsoft Word 2013 Service Pack 1 (64-bit editions):<br/><span class=\"text-base\">word2013-kb3114342-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-40\" target=\"_self\">Microsoft Knowledge Base Article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-41\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in <span class=\"text-base\">Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3114342\" id=\"kb-link-42\" target=\"_self\">Microsoft Knowledge Base Article 3114342</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2013 RT (all editions)</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">The 3114342 update for Microsoft Word 2013 RT is available through <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-43\" target=\"_self\">Windows Update</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-44\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then click <span class=\"text-base\">Windows Update</span>. Under <strong class=\"uiterm\">See also</strong>, click <span class=\"text-base\">Installed updates</span>, and then select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3114342\" id=\"kb-link-45\" target=\"_self\">Microsoft Knowledge Base Article 3114342</a></td></tr></table></div><h4 class=\"sbody-h4\">Microsoft Office 2016 (all editions)</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><span class=\"text-base\"><h5 class=\"sbody-h5 text-subtitle\">Reference table</h5></span>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Microsoft Word 2016 (32-bit edition):<br/><span class=\"text-base\">word2016-kb3114382-fullfile-x86-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Microsoft Word 2016 (64-bit edition):<br/><span class=\"text-base\">word2016-kb3114382-fullfile-x64-glb.exe</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/912203\" id=\"kb-link-46\" target=\"_self\">Microsoft Knowledge Base Article 912203</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message is displayed that advises you to restart.<br/><br/>To help reduce the possibility that a restart will be required, stop all affected services and close all applications that may use the affected files before you install the security update. For more information about the reasons why you may be prompted to restart, see <a href=\"https://support.microsoft.com/help/887012\" id=\"kb-link-47\" target=\"_self\">Microsoft Knowledge Base Article 887012</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">Use <span class=\"text-base\">Add or Remove Programs</span> item in <span class=\"text-base\">Control Panel</span>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3114382\" id=\"kb-link-48\" target=\"_self\">Microsoft Knowledge Base Article 3114382</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Office for Mac 2011</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><h5 class=\"sbody-h5 text-subtitle\">Prerequisites</h5><ul class=\"sbody-free_list\"><li>You must be running Mac OS X version 10.5.8 or a later version on an Intel processor.</li><li>Mac OS X user accounts must have administrator credentials to install this security update.</li></ul><h5 class=\"sbody-h5 text-subtitle\">Installing the update</h5>Download and install the appropriate language version of the Microsoft Office for Mac 2011 14.5.8 Update from the <a href=\"https://www.microsoft.com/en-us/download/details.aspx?id=49874\" id=\"kb-link-49\" target=\"_self\">Microsoft Download Center</a>. Then, follow these steps:<br/><ol class=\"sbody-num_list\"><li>Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.</li><li>Open the Microsoft Office for Mac 2011 14.5.8 Update volume on your desktop. This step might have been performed for you.</li><li>To start the update process, in the Microsoft Office for Mac 2011 14.5.8 Update volume window, double-click the Microsoft Office for Mac 2011 14.5.8 Update application, and then follow the instructions.</li><li>When the installation is complete, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the \"Verifying update installation\" section. To remove the update installer, drag the Microsoft Office for Mac 2011 14.5.8 Update volume to the Trash, and then drag the file that you downloaded to the Trash.</li></ol><h5 class=\"sbody-h5 text-subtitle\">Verifying update installation</h5>To verify that a security update is installed on an affected system, follow these steps:<br/><ol class=\"sbody-num_list\"><li>In <span class=\"text-base\">Finder</span>, locate the <span class=\"text-base\">Application Folder</span> (Microsoft Office 2011).</li><li>Select <span class=\"text-base\">Word</span>, <span class=\"text-base\">Excel</span>, <span class=\"text-base\">PowerPoint</span>, or <span class=\"text-base\">Outlook</span>, and start the application.</li><li>On the application menu, click <span class=\"text-base\">About <<strong class=\"sbody-strong\">Application_Name</strong>></span> (where <<strong class=\"sbody-strong\">Application_Name</strong>> is a placeholder that represents Word, Excel, PowerPoint, or Outlook).</li></ol>If the<strong class=\"uiterm\"> Latest Installed Update Version </strong>number is <span class=\"text-base\">14.5.8</span>, the update was successfully installed.<br/><br/><h5 class=\"sbody-h5 text-subtitle\">Restart requirement</h5>This update doesn't require you to restart your computer.<br/><br/><h5 class=\"sbody-h5 text-subtitle\">Removing the update</h5>This security update cannot be uninstalled.<br/><br/><h5 class=\"sbody-h5 text-subtitle\">More information</h5>If you have technical questions or problems with downloading or using this update, see <a href=\"https://www.microsoft.com/mac/support\" id=\"kb-link-50\" target=\"_self\">Microsoft for Mac Support</a> to learn about the support options that are available to you.<br/><h4 class=\"sbody-h4\">Office 2016 for Mac</h4><div class=\"kb-collapsible kb-collapsible-collapsed\"><h5 class=\"sbody-h5 text-subtitle\">Prerequisites</h5><ul class=\"sbody-free_list\"><li>Mac OS X Yosemite 10.10 or a later version on an Intel processor.</li><li>A valid Microsoft Office 365 subscription.</li></ul><h5 class=\"sbody-h5 text-subtitle\">Installing the update</h5>Download and install the appropriate language version of the Microsoft Office 2016 for Mac 15.16.0 Update from the <a href=\"https://www.microsoft.com/download/details.aspx?familyid=6c1741ba-696f-4fd6-9fe3-aca2b2ecc64e\" id=\"kb-link-51\" target=\"_self\">Microsoft Download Center</a>. Then, follow these steps:<br/><ol class=\"sbody-num_list\"><li>Exit any applications that are running. This includes virus-protection applications and all Microsoft Office applications because they could interfere with the installation.</li><li>Open the Microsoft Office 2016 for Mac 15.16.0 Update volume on your desktop. This step might have been performed for you.</li><li>To start the update process, in the Microsoft Office 2016 for Mac 15.16.0 Update volume window, double-click the Microsoft Office 2016 for Mac 15.16.0 Update application, and follow the instructions.</li><li>When the installation finishes successfully, you can remove the update installer from your hard disk. To verify that the installation finished successfully, see the \"Verifying update installation\" section. To remove the update installer, first drag the Microsoft Office 2016 for Mac 15.16.0 Update volume to the Trash, and then drag the file that you downloaded to the Trash.</li></ol><h5 class=\"sbody-h5 text-subtitle\">Verifying update installation</h5>To verify that a security update is installed on an affected system, follow these steps:<br/><ol class=\"sbody-num_list\"><li>In <span class=\"text-base\">Finder</span>, locate the <span class=\"text-base\">Application Folder</span> (Microsoft Office 2016).</li><li>Select <span class=\"text-base\">Word</span>, <span class=\"text-base\">Excel</span>, <span class=\"text-base\">PowerPoint</span>, or <span class=\"text-base\">Outlook</span>, and start the application.</li><li>On the application menu, click <strong class=\"uiterm\">About </strong><strong class=\"sbody-strong\"><strong class=\"uiterm\">Application_Name</strong></strong> (where <strong class=\"uiterm\">Application_Name</strong> is Word, Excel, PowerPoint or Outlook).</li></ol>If the Latest Installed Update Version number is <span class=\"text-base\">15.16.0</span>, the update was successfully installed.<br/><br/><h5 class=\"sbody-h5 text-subtitle\">Restart requirement</h5>This update doesn't require you to restart your computer.<br/><br/><h5 class=\"sbody-h5 text-subtitle\">Removing the update</h5>This security update cannot be uninstalled.<br/><br/><h5 class=\"sbody-h5 text-subtitle\">More information</h5>If you have technical questions or problems with downloading or using this update, see <a href=\"https://www.microsoft.com/mac/support\" id=\"kb-link-52\" target=\"_self\">Microsoft for Mac Support</a> to learn about the support options that are available to you.<br/></div><br/></div></div></div></div></div></div></div></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to get help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-53\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-54\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-55\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-56\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 4, "modified": "2020-04-16T07:12:53", "id": "KB3116111", "href": "https://support.microsoft.com/en-us/help/3116111/", "published": "2015-12-08T00:00:00", "title": "MS15-131: Security update for Microsoft Office to address remote code execution: December 8, 2015", "type": "mskb", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-03-01T06:18:50", "description": "The remote Windows host has a version of Microsoft Office, Word, Word\nViewer, Excel, Excel Viewer, or Microsoft Office Compatibility Pack\ninstalled that is affected by multiple remote code execution\nvulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n handling of objects in memory. A remote attacker can\n exploit these issues by convincing a user to open a\n specially crafted file in an affected version of Office,\n resulting in the execution of arbitrary code in the\n context of the current user. (CVE-2015-6040,\n CVE-2015-6118, CVE-2015-6122, CVE-2015-6124,\n CVE-2015-6177)\n\n - A remote code execution vulnerability exists due to\n improper parsing of email messages. A remote attacker\n can exploit this vulnerability by convincing a user to\n open or preview a specially crafted email message,\n resulting in the execution of arbitrary code in the\n context of the current user. (CVE-2015-6172)", "edition": 31, "published": "2015-12-08T00:00:00", "title": "MS15-131: Security Update for Microsoft Office to Address Remote Code Execution (3116111)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6124", "CVE-2015-6172", "CVE-2015-6118", "CVE-2015-6122", "CVE-2015-6177", "CVE-2015-6040"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:microsoft:word", "cpe:/a:microsoft:word_viewer", "cpe:/a:microsoft:excel_viewer", "cpe:/a:microsoft:office", "cpe:/a:microsoft:excel", "cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS15-131.NASL", "href": "https://www.tenable.com/plugins/nessus/87260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87260);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\n \"CVE-2015-6040\",\n \"CVE-2015-6118\",\n \"CVE-2015-6122\",\n \"CVE-2015-6124\",\n \"CVE-2015-6172\",\n \"CVE-2015-6177\"\n );\n script_bugtraq_id(\n 78543,\n 78546,\n 78547,\n 78548,\n 78549,\n 78550\n );\n script_xref(name:\"MSFT\", value:\"MS15-131\");\n script_xref(name:\"MSKB\", value:\"3085528\");\n script_xref(name:\"MSKB\", value:\"3085549\");\n script_xref(name:\"MSKB\", value:\"3101532\");\n script_xref(name:\"MSKB\", value:\"3114342\");\n script_xref(name:\"MSKB\", value:\"3114382\");\n script_xref(name:\"MSKB\", value:\"3114403\");\n script_xref(name:\"MSKB\", value:\"3114415\");\n script_xref(name:\"MSKB\", value:\"3114422\");\n script_xref(name:\"MSKB\", value:\"3114425\");\n script_xref(name:\"MSKB\", value:\"3114431\");\n script_xref(name:\"MSKB\", value:\"3114433\");\n script_xref(name:\"MSKB\", value:\"3114457\");\n script_xref(name:\"MSKB\", value:\"3114458\");\n script_xref(name:\"MSKB\", value:\"3114479\");\n script_xref(name:\"IAVA\", value:\"2015-A-0300\");\n\n script_name(english:\"MS15-131: Security Update for Microsoft Office to Address Remote Code Execution (3116111)\");\n script_summary(english:\"Checks the Office, SharePoint, and OWA versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple remote code execution\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has a version of Microsoft Office, Word, Word\nViewer, Excel, Excel Viewer, or Microsoft Office Compatibility Pack\ninstalled that is affected by multiple remote code execution\nvulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n handling of objects in memory. A remote attacker can\n exploit these issues by convincing a user to open a\n specially crafted file in an affected version of Office,\n resulting in the execution of arbitrary code in the\n context of the current user. (CVE-2015-6040,\n CVE-2015-6118, CVE-2015-6122, CVE-2015-6124,\n CVE-2015-6177)\n\n - A remote code execution vulnerability exists due to\n improper parsing of email messages. A remote attacker\n can exploit this vulnerability by convincing a user to\n open or preview a specially crafted email message,\n resulting in the execution of arbitrary code in the\n context of the current user. (CVE-2015-6172)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/ms15-131\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Office 2007, 2010, 2013,\n2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, and Microsoft\nOffice Compatibility Pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_owa_installed.nbin\" , \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var bulletin, vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-131';\nkbs = make_list(\n 3085528, # Office 2010 SP2\n 3085549, # Office 2007 SP3\n 3101532, # Office 2010 SP2\n 3114342, # Office 2013 SP1 / RT SP1\n 3114382, # Office 2016\n 3114403, # Office 2010 SP2\n 3114415, # Office 2010 SP2\n 3114422, # Office 2007 SP3\n 3114425, # Office 2007 SP3\n 3114431, # Office Compatibility Pack SP3\n 3114433, # Excel Viewer\n 3114457, # Office Compatibility Pack SP3\n 3114458, # Office 2007 SP3\n 3114479 # Word Viewer\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\nregistry_init();\n\n# Generic Office Checks\nfunction perform_office_checks()\n{\n local_var office_vers, office_sp, path;\n office_vers = hotfix_check_office_version();\n if (office_vers[\"12.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n path = hotfix_append_path(path:hotfix_get_officecommonfilesdir(officever:\"12.0\"), value:\"Microsoft Shared\\Office12\");\n if (\n hotfix_check_fversion(file:\"mso.dll\", version: \"12.0.6739.5000\" , path:path, bulletin:bulletin, kb:\"3114425\", product:\"Microsoft Office 2007 SP3\") == HCF_OLDER ||\n hotfix_check_fversion(file:\"msptls.dll\", version: \"12.0.6739.5000\" , path:path, bulletin:bulletin, kb:\"3085549\", product:\"Microsoft Office 2007 SP3\") == HCF_OLDER\n )\n vuln = TRUE;\n }\n }\n\n if (office_vers[\"14.0\"])\n {\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n path = hotfix_append_path(path:hotfix_get_officeprogramfilesdir(officever:\"14.0\"), value:\"Microsoft Office\\Office14\");\n if (\n hotfix_check_fversion(file:\"msptls.dll\", version: \"14.0.7164.5000\", path:path, bulletin:bulletin, kb:\"3085528\", product:\"Microsoft Office 2010 SP2\") == HCF_OLDER ||\n hotfix_check_fversion(file:\"wwlibcxm.dll\", version: \"14.0.7164.5001\", path:path, bulletin:bulletin, kb:\"3114403\", product:\"Microsoft Office 2010 SP2\") == HCF_OLDER\n )\n vuln = TRUE;\n }\n }\n}\n\nfunction perform_office_product_checks()\n{\n local_var excel_checks, word_checks, word_vwr_checks, vwr_checks, compat_checks;\n\n local_var installs, install, path; # For DLL checks\n\n ######################################################################\n # Excel Checks\n ######################################################################\n excel_checks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6739.5000\", \"kb\", \"3114422\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7164.5000\", \"kb\", \"3114415\")\n );\n if (hotfix_check_office_product(product:\"Excel\", checks:excel_checks, bulletin:bulletin))\n vuln = TRUE;\n\n ######################################################################\n # Word\n ######################################################################\n word_checks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6740.5000\", \"kb\", \"3114458\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7164.5001\", \"kb\", \"3101532\"),\n \"15.0\", make_array(\"sp\", 1, \"version\", \"15.0.4779.1001\", \"kb\", \"3114342\"),\n \"16.0\", make_nested_list(\n make_array(\"sp\", 0, \"version\", \"16.0.4312.1001\", \"channel\", \"MSI\", \"kb\", \"3114382\"),\n make_array(\"sp\", 0, \"version\", \"16.0.6001.1043\", \"channel\", \"Current\", \"kb\", \"3114382\")\n )\n );\n if (hotfix_check_office_product(product:\"Word\", checks:word_checks, bulletin:bulletin))\n vuln = TRUE;\n\n ######################################################################\n # Word Viewer KB: 3114479\n ######################################################################\n installs = get_kb_list(\"SMB/Office/WordViewer/*/ProductPath\");\n if(!isnull(installs))\n {\n word_vwr_checks = make_array(\n \"11.0\", make_array(\"version\", \"11.0.8422.0\", \"kb\", \"3114479\")\n );\n if (hotfix_check_office_product(product:\"WordViewer\", display_name:\"Word Viewer\", checks:word_vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n }\n\n ######################################################################\n # Excel Viewer KB: 3114433\n ######################################################################\n vwr_checks = make_array(\n \"12.0\", make_array(\"version\", \"12.0.6739.5000\", \"kb\", \"3114433\")\n );\n if (hotfix_check_office_product(product:\"ExcelViewer\", display_name:\"Excel Viewer\", checks:vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n\n ######################################################################\n # Excel Compatibility pack KB: 3114431\n ######################################################################\n compat_checks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6739.5000\", \"kb\", \"3114431\")\n );\n if (hotfix_check_office_product(product:\"ExcelCnv\", display_name:\"Office Compatibility Pack SP3\", checks:compat_checks, bulletin:bulletin))\n vuln = TRUE;\n\n ######################################################################\n # Word Compatibility pack KB: 3114457\n ######################################################################\n installs = get_kb_list(\"SMB/Office/WordCnv/*/ProductPath\");\n foreach install (keys(installs))\n {\n path = installs[install];\n path = ereg_replace(pattern:'^(.+)\\\\\\\\[^\\\\\\\\]+\\\\.exe$', replace:\"\\1\\\", string:path, icase:TRUE);\n if(hotfix_check_fversion(path:path, file:\"wordcnv.dll\", version:\"12.0.6740.5000\", kb: \"3114457\", bulletin:bulletin, min_version:\"12.0.0.0\", product:\"Microsoft Office Compatibility Pack\") == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\nperform_office_checks();\nperform_office_product_checks();\n\nif (vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
