This script is Copyright (C) 2017 Tenable Network Security, Inc.
An application installed on the remote Windows host is affected by
The Microsoft Office Online Server or Office Web Apps Server installed
on the remote Windows host is missing a security update. It is,
therefore, affected by multiple remote code execution vulnerabilities
in Microsoft Office software due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit these
vulnerabilities, by convincing a user to open a specially crafted
Office document, to execute arbitrary code in the context of the
See also :
Microsoft has released a set of patches for Microsoft Office Web Apps
Server 2013 and Office Online Server.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false