MS11-089 / MS11-094 / MS11-096 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2590602 / 2639142 / 2640241) (Mac OS X)
High Nessus Plugin ID 57286
SynopsisAn application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.
DescriptionThe remote Mac OS X host is running a version of Microsoft Office that is affected by the following vulnerabilities :
- A use-after-free vulnerability could be triggered when reading a specially crafted Word file. (CVE-2011-1983)
- A memory corruption vulnerability could be triggered when reading a specially crafted Excel file.
- A memory corruption vulnerability could be triggered when reading an invalid record in a specially crafted PowerPoint file. (CVE-2011-3413)
If a remote attacker can trick a user into opening a malicious file using the affected install, these vulnerabilities could be leveraged to execute arbitrary code subject to the user's privileges.
SolutionMicrosoft has released a patch for Office for Mac 2011, Office 2008 for Mac, and Office 2004 for Mac.