MS16-148: Security Update for Microsoft Office (3204068) (macOS)

high Nessus Plugin ID 95810
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

An application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the Graphics Device Interface (GDI) component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-7257)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7298)

- Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291)

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands.
(CVE-2016-7266)

- An elevation of privilege vulnerability exists in the Microsoft AutoUpdate (MAU) application due to improper validation of updates. A local attacker can exploit this by placing a specially crafted application in a location used by the update application, resulting in the ability to execute arbitrary code in a privileged context.
(CVE-2016-7300)

Solution

Microsoft has released a set of patches for Microsoft Office for Mac 2011, Microsoft Office 2016 for Mac, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, Microsoft Word for Mac 2011, Microsoft Word 2016 for Mac, and Microsoft Auto Updater for Mac.

See Also

https://technet.microsoft.com/library/security/MS16-148

Plugin Details

Severity: High

ID: 95810

File Name: macosx_ms16-148_office.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 12/14/2016

Updated: 11/13/2019

Dependencies: macosx_office_installed.nbin

Risk Information

CVSS Score Source: CVE-2016-7298

VPR

Risk Factor: High

Score: 8.2

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:office, cpe:/a:microsoft:word_for_mac, cpe:/a:microsoft:excel_for_mac, cpe:/a:microsoft:auto_updater_for_mac

Required KB Items: Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/13/2016

Vulnerability Publication Date: 12/13/2016

Reference Information

CVE: CVE-2016-7257, CVE-2016-7263, CVE-2016-7264, CVE-2016-7266, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298, CVE-2016-7300

BID: 94662, 94668, 94670, 94671, 94672, 94720, 94755, 94769, 94784

MSFT: MS16-148

IAVA: 2016-A-0345

MSKB: 3198800, 3198808