This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through Microsoft
The remote Mac OS X host is running a version of Microsoft Office that
is affected by the following vulnerabilities :
- A memory corruption vulnerability could be triggered
when parsing specially crafted RTF-formatted data.
- Several memory corruption vulnerabilities could be
triggered when reading a specially crafted Excel file.
(CVE-2012-0141 / CVE-2012-0142 / CVE-2012-0143 /
- A record parsing mismatch exists when opening a
specially crafted Excel file. (CVE-2012-1847)
If a remote attacker can trick a user into opening a malicious file
using the affected install, these vulnerabilities could be leveraged
to execute arbitrary code subject to the user's privileges.
See also :
Microsoft has released patches for Office for Mac 2011 and Office 2008
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true