Security Updates for Microsoft Office Viewer Products (September 2018)

High Nessus Plugin ID 117422

Synopsis

The Microsoft Office Viewer Products are missing a security update.

Description

The Microsoft Office Viewer Products are missing a security update. It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could access information previously deleted from the active worksheet. (CVE-2018-8429)

Solution

Microsoft has released KB4092467 to address this issue.

See Also

http://www.nessus.org/u?c4c6ce94

Plugin Details

Severity: High

ID: 117422

File Name: smb_nt_ms18_sep_excel_viewer.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2018/09/11

Modified: 2018/09/17

Dependencies: 57033, 27524, 93232, 13855

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSSv2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N

CVSSv3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:excel_viewer

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 2018/09/11

Vulnerability Publication Date: 2018/09/11

Reference Information

CVE: CVE-2018-8429

MSKB: 4092467

MSFT: MS18-4092467

IAVA: 2018-A-0291