MS15-081: Vulnerability in Microsoft Office Could Allow Remote Code Execution (3072620) (Mac OS X)

High Nessus Plugin ID 85349

Synopsis

An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.

Description

The remote Mac OS X host has a version of Microsoft Office installed that is affected by multiple remote code execution vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2468, CVE-2015-2469, CVE-2015-2477)

- A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2470)

Solution

Microsoft has released a patch for Office for Mac 2011.

See Also

https://technet.microsoft.com/library/security/ms15-081

Plugin Details

Severity: High

ID: 85349

File Name: macosx_ms15-081_office_2011.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 2015/08/12

Updated: 2018/08/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:microsoft:office:2011:mac, cpe:/a:microsoft:office:2016:mac

Patch Publication Date: 2015/08/11

Vulnerability Publication Date: 2015/08/11

Reference Information

CVE: CVE-2015-2468, CVE-2015-2469, CVE-2015-2470, CVE-2015-2477

BID: 76206, 76212, 76214, 76219

MSFT: MS15-081

IAVA: 2015-A-0194

MSKB: 3081349