MS12-029 / MS12-030: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2680352 / 2663830) (Mac OS X)
High Nessus Plugin ID 59046
SynopsisAn application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.
DescriptionThe remote Mac OS X host is running a version of Microsoft Office that is affected by the following vulnerabilities :
- A memory corruption vulnerability could be triggered when parsing specially crafted RTF-formatted data.
- Several memory corruption vulnerabilities could be triggered when reading a specially crafted Excel file.
(CVE-2012-0141 / CVE-2012-0142 / CVE-2012-0143 / CVE-2012-0184)
- A record parsing mismatch exists when opening a specially crafted Excel file. (CVE-2012-1847)
If a remote attacker can trick a user into opening a malicious file using the affected install, these vulnerabilities could be leveraged to execute arbitrary code subject to the user's privileges.
SolutionMicrosoft has released patches for Office for Mac 2011 and Office 2008 for Mac.