Security Update for Microsoft Office Web Apps Server / Office Online Server (June 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The Microsoft Office Online Server or Office Web Apps Server installed
on the remote Windows host is missing a security update. It is,
therefore, affected by multiple remote code execution vulnerabilities
in Microsoft Office software due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit these
vulnerabilities, by convincing a user to open a specially crafted
Office document, to execute arbitrary code in the context of the
current user.

See also :

http://www.nessus.org/u?0a087079
http://www.nessus.org/u?844cbbef
http://www.nessus.org/u?9d99be37

Solution :

Microsoft has released a set of patches for Microsoft Office Web Apps
Server 2013 and Office Online Server.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 100783 ()

Bugtraq ID: 98812
98815
98816

CVE ID: CVE-2017-8509
CVE-2017-8511
CVE-2017-8512

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now