MS14-081: Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301) (Mac OS X)

high Nessus Plugin ID 79829

Language:

Synopsis

An application installed on the remote Mac OS X host is affected by a remote code execution vulnerability.

Description

The remote Mac OS X host is running a version of Microsoft Word that is affected by a remote code execution vulnerability due to Microsoft Word improperly handling objects in memory. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user.

Solution

Microsoft has released a patch for Office for Mac 2011.

See Also

https://technet.microsoft.com/library/security/ms14-081

Plugin Details

Severity: High

ID: 79829

File Name: macosx_ms14-081.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 12/9/2014

Updated: 7/14/2018

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office:2011::mac

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/9/2014

Vulnerability Publication Date: 12/9/2014

Reference Information

CVE: CVE-2014-6357

BID: 71469

MSFT: MS14-081

IAVA: 2014-A-0190

MSKB: 3018888