Detections
Analytics
MS06-058 / MS06-059 / MS06-0060 / MS06-062: Vulnerabilities in Microsoft Office Allow Remote Code Execution (924163 / 924164 / 924554 / 922581) (Mac OS X)
high Nessus Plugin ID 22539
Synopsis
An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.Description
The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Word, Excel, PowerPoint or another Office application.
Solution
Microsoft has released a set of patches for Office for Mac OS X.See Also
http://technet.microsoft.com/en-us/security/bulletin/ms06-058
http://technet.microsoft.com/en-us/security/bulletin/ms06-059
http://technet.microsoft.com/en-us/security/bulletin/ms06-060
http://technet.microsoft.com/en-us/security/bulletin/ms06-062
Plugin Details
Severity: High
ID: 22539
File Name: macosx_ms_office_oct2006.nasl
Version: 1.28
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 10/11/2006
Updated: 11/27/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 6.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2006-4694
Vulnerability Information
CPE: cpe:/a:microsoft:office:2001:sr1:mac_os, cpe:/a:microsoft:office:2004::mac
Required KB Items: Host/MacOSX/packages
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/10/2006
Vulnerability Publication Date: 7/3/2006
Reference Information
CVE: CVE-2006-2387, CVE-2006-3431, CVE-2006-3434, CVE-2006-3647, CVE-2006-3650, CVE-2006-3864, CVE-2006-3867, CVE-2006-3875, CVE-2006-3876, CVE-2006-3877, CVE-2006-4693, CVE-2006-4694
BID: 18872, 20226, 20322, 20325, 20341, 20344, 20345, 20382, 20383, 20384, 20391