MS16-148: Security Update for Microsoft Office (3204068) (macOS)

High Nessus Plugin ID 95810

Synopsis

An application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-7257)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7298)

- Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291)

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands.
(CVE-2016-7266)

- An elevation of privilege vulnerability exists in the Microsoft AutoUpdate (MAU) application due to improper validation of updates. A local attacker can exploit this by placing a specially crafted application in a location used by the update application, resulting in the ability to execute arbitrary code in a privileged context.
(CVE-2016-7300)

Solution

Microsoft has released a set of patches for Microsoft Office for Mac 2011, Microsoft Office 2016 for Mac, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, Microsoft Word for Mac 2011, Microsoft Word 2016 for Mac, and Microsoft Auto Updater for Mac.

See Also

https://technet.microsoft.com/library/security/MS16-148

Plugin Details

Severity: High

ID: 95810

File Name: macosx_ms16-148_office.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 2016/12/14

Updated: 2019/11/13

Dependencies: 86383

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2016-7298

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:word_for_mac, cpe:/a:microsoft:excel_for_mac, cpe:/a:microsoft:auto_updater_for_mac

Required KB Items: Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/12/13

Vulnerability Publication Date: 2016/12/13

Reference Information

CVE: CVE-2016-7257, CVE-2016-7263, CVE-2016-7264, CVE-2016-7266, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298, CVE-2016-7300

BID: 94662, 94668, 94670, 94671, 94672, 94720, 94755, 94769, 94784

MSFT: MS16-148

IAVA: 2016-A-0345

MSKB: 3198800, 3198808