Security Update for Microsoft Office (April 2017) (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote macOS or Mac OS X host is
affected by a spoofing vulnerability.

Description :

The Microsoft Office application installed on the remote macOS or Mac
OS X host is missing a security update. It is, therefore, affected by
a spoofing vulnerability in Microsoft Outlook due to improper
validation of input passed via HTML tags. An unauthenticated, remote
attacker can exploit this, by sending an email with specific HTML
tags, to display a malicious authentication prompt and gain access to
a user's authentication information or login credentials.

See also :

http://www.nessus.org/u?e6f0a227

Solution :

Microsoft has released a patch for Microsoft Outlook for Mac 2011.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 99313 ()

Bugtraq ID: 97463

CVE ID: CVE-2017-0207

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now