MS11-089 / MS11-094 / MS11-096 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2590602 / 2639142 / 2640241) (Mac OS X)

High Nessus Plugin ID 57286

Synopsis

An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.

Description

The remote Mac OS X host is running a version of Microsoft Office that is affected by the following vulnerabilities :

- A use-after-free vulnerability could be triggered when reading a specially crafted Word file. (CVE-2011-1983)

- A memory corruption vulnerability could be triggered when reading a specially crafted Excel file.
(CVE-2011-3403)

- A memory corruption vulnerability could be triggered when reading an invalid record in a specially crafted PowerPoint file. (CVE-2011-3413)

If a remote attacker can trick a user into opening a malicious file using the affected install, these vulnerabilities could be leveraged to execute arbitrary code subject to the user's privileges.

Solution

Microsoft has released a patch for Office for Mac 2011, Office 2008 for Mac, and Office 2004 for Mac.

See Also

http://technet.microsoft.com/en-us/security/bulletin/ms11-089

http://technet.microsoft.com/en-us/security/bulletin/ms11-094

http://technet.microsoft.com/en-us/security/bulletin/ms11-096

Plugin Details

Severity: High

ID: 57286

File Name: macosx_ms_office_dec2011.nasl

Version: 1.18

Type: local

Agent: macosx

Published: 2011/12/13

Updated: 2018/07/14

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office:2004::mac, cpe:/a:microsoft:office:2008::mac, cpe:/a:microsoft:office:2011::mac

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/12/13

Vulnerability Publication Date: 2011/12/13

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-1983, CVE-2011-3403, CVE-2011-3413

BID: 50954, 50956, 50964

MSFT: MS11-089, MS11-094, MS11-096

IAVA: 2011-A-0166

MSKB: 2590602, 2639142, 2640241, 2644347, 2644354, 2644358