Security Update for Microsoft Office Web Apps Server / Office Online Server (June 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

An application installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The Microsoft Office Online Server or Office Web Apps Server installed
on the remote Windows host is missing a security update. It is,
therefore, affected by multiple remote code execution vulnerabilities
in Microsoft Office software due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit these
vulnerabilities, by convincing a user to open a specially crafted
Office document, to execute arbitrary code in the context of the
current user.

See also :

Solution :

Microsoft has released a set of patches for Microsoft Office Web Apps
Server 2013 and Office Online Server.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 100783 ()

Bugtraq ID: 98812

CVE ID: CVE-2017-8509

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now