New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 8.9
SynopsisAn application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.
DescriptionThe remote Mac OS X host is running a version of Microsoft Office that is affected by the following vulnerabilities :
- A use-after-free vulnerability could be triggered when reading a specially crafted Word file. (CVE-2011-1983)
- A memory corruption vulnerability could be triggered when reading a specially crafted Excel file.
- A memory corruption vulnerability could be triggered when reading an invalid record in a specially crafted PowerPoint file. (CVE-2011-3413)
If a remote attacker can trick a user into opening a malicious file using the affected install, these vulnerabilities could be leveraged to execute arbitrary code subject to the user's privileges.
SolutionMicrosoft has released a patch for Office for Mac 2011, Office 2008 for Mac, and Office 2004 for Mac.