MS11-089 / MS11-094 / MS11-096 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2590602 / 2639142 / 2640241) (Mac OS X)

high Nessus Plugin ID 57286

Synopsis

An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.

Description

The remote Mac OS X host is running a version of Microsoft Office that is affected by the following vulnerabilities :

- A use-after-free vulnerability could be triggered when reading a specially crafted Word file. (CVE-2011-1983)

- A memory corruption vulnerability could be triggered when reading a specially crafted Excel file.
(CVE-2011-3403)

- A memory corruption vulnerability could be triggered when reading an invalid record in a specially crafted PowerPoint file. (CVE-2011-3413)

If a remote attacker can trick a user into opening a malicious file using the affected install, these vulnerabilities could be leveraged to execute arbitrary code subject to the user's privileges.

Solution

Microsoft has released a patch for Office for Mac 2011, Office 2008 for Mac, and Office 2004 for Mac.

See Also

http://technet.microsoft.com/en-us/security/bulletin/ms11-089

http://technet.microsoft.com/en-us/security/bulletin/ms11-094

http://technet.microsoft.com/en-us/security/bulletin/ms11-096

Plugin Details

Severity: High

ID: 57286

File Name: macosx_ms_office_dec2011.nasl

Version: 1.21

Type: local

Agent: macosx

Published: 12/13/2011

Updated: 11/27/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:microsoft:office:2004::mac, cpe:/a:microsoft:office:2008::mac, cpe:/a:microsoft:office:2011::mac

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/13/2011

Vulnerability Publication Date: 12/13/2011

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-1983, CVE-2011-3403, CVE-2011-3413

BID: 50954, 50956, 50964

IAVA: 2011-A-0166

MSFT: MS11-089, MS11-094, MS11-096

MSKB: 2590602, 2639142, 2640241, 2644347, 2644354, 2644358