MS13-026: Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682) (Mac OS X)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Outlook for Mac install has an information disclosure
vulnerability.

Description :

The remote Mac OS X host is running a version of Microsoft Outlook
that allows content from a remote server to be loaded without user
interaction when a user previews or opens a specially crafted HTML
email message. This could allow an attacker to verify that an account
is actively used and that the email had been viewed.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms13-026

Solution :

Microsoft has released patches for Office for Mac 2011 and Office 2008
for Mac.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 65217 ()

Bugtraq ID: 58333

CVE ID: CVE-2013-0095