MS12-029 / MS12-030: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2680352 / 2663830) (Mac OS X)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities.

Description :

The remote Mac OS X host is running a version of Microsoft Office that
is affected by the following vulnerabilities :

- A memory corruption vulnerability could be triggered
when parsing specially crafted RTF-formatted data.

- Several memory corruption vulnerabilities could be
triggered when reading a specially crafted Excel file.
(CVE-2012-0141 / CVE-2012-0142 / CVE-2012-0143 /

- A record parsing mismatch exists when opening a
specially crafted Excel file. (CVE-2012-1847)

If a remote attacker can trick a user into opening a malicious file
using the affected install, these vulnerabilities could be leveraged
to execute arbitrary code subject to the user's privileges.

See also :

Solution :

Microsoft has released patches for Office for Mac 2011 and Office 2008
for Mac.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 59046 ()

Bugtraq ID: 53342

CVE ID: CVE-2012-0141

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial