Apple Pages < 2.1 / 5.1 Microsoft Word Document Handling Double Free Arbitrary Code Execution

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

An application on the remote host could allow arbitrary code
execution.

Description :

According to its self-reported version number, the Apple Pages install
on the remote Mac OS X host reportedly has a double-free issue in its
handling of Microsoft Word documents that could lead to unexpected
program termination or arbitrary code execution.

See also :

http://support.apple.com/kb/HT6117

Solution :

Upgrade to Apple Pages 2.1 / 5.1 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 72281 ()

Bugtraq ID: 65113

CVE ID: CVE-2014-1252