MS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X)

Medium Nessus Plugin ID 22025


An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.


The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel or another Office application.


Microsoft has released a set of patches for Office for Mac OS X.

See Also

Plugin Details

Severity: Medium

ID: 22025

File Name: macosx_ms_06-037.nasl

Version: 1.27

Type: local

Agent: macosx

Published: 2006/07/11

Modified: 2017/08/30

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5.1

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office:2001:sr1:mac_os, cpe:/a:microsoft:office:2004::mac

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/07/11

Vulnerability Publication Date: 2006/06/14

Exploitable With

Core Impact

Reference Information

CVE: CVE-2006-1301, CVE-2006-1302, CVE-2006-1304, CVE-2006-1306, CVE-2006-1308, CVE-2006-1309, CVE-2006-2388, CVE-2006-3059, CVE-2006-1316, CVE-2006-1318, CVE-2006-1540, CVE-2006-2389

BID: 18422, 18853, 18885, 18886, 18888, 18889, 18890, 18910, 18911, 18912, 18938

OSVDB: 24595, 26527, 27148, 27149, 27150, 28532, 28533, 28534, 28535, 28536, 28537, 28538

MSFT: MS06-037, MS06-038

MSKB: 917284, 917285

CWE: 94