Security Update for Microsoft Office Web Apps Server / Office Online Server (June 2017)
High Nessus Plugin ID 100783
SynopsisAn application installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe Microsoft Office Online Server or Office Web Apps Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to open a specially crafted Office document, to execute arbitrary code in the context of the current user.
SolutionMicrosoft has released a set of patches for Microsoft Office Web Apps Server 2013 and Office Online Server.