This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities.
The version of Microsoft Office installed on the remote Mac OS X host
is affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist due
to improper handling of objects in memory. A remote
attacker can exploit these vulnerabilities by convincing
a user to open a specially crafted Office file,
resulting in execution of arbitrary code in the context
of the current user. (CVE-2015-6038, CVE-2015-6094)
- A spoofing vulnerability exists in Microsoft Outlook for
Mac due to improper sanitization of HTML content. A
remote attacker can exploit this, via a crafted email,
to spoof content or to chain an attack to other
vulnerabilities in web services. (CVE-2015-6123)
See also :
Microsoft has released patches for Office for Mac 2011 and for Office
2016 for Mac.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true