This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities.
The remote Mac OS X host has a version of Microsoft Word installed
that is affected by multiple vulnerabilities :
- A cross-site scripting vulnerability exists due to
improper sanitization of HTML strings. A remote attacker
can exploit this issue by convincing a user to open a
file or visit a website containing specially crafted
content, resulting in execution of arbitrary code in the
context of the current user. (CVE-2015-1639)
- A remote code execution vulnerability exists due to
improper handling rich text format files in memory. A
remote attacker can exploit this vulnerability by
convincing a user to open a specially crafted file using
the affected software, resulting in execution of
arbitrary code in the context of the current user.
See also :
Microsoft has released a patch for Office for Mac 2011.
Risk factor :
High / CVSS Base Score : 9.3