CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
96.4%
The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities in Microsoft Office due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to open a specially crafted Office document, to execute arbitrary code in the context of the current user.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(100758);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/02/17");
script_cve_id("CVE-2017-8509", "CVE-2017-8511", "CVE-2017-8545");
script_bugtraq_id(98812, 98815, 98917);
script_xref(name:"MSKB", value:"3212223");
script_xref(name:"MSFT", value:"MS17-3212223");
script_xref(name:"IAVA", value:"2017-A-0179-S");
script_name(english:"Security Update for Microsoft Office (June 2017) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote macOS or Mac OS X host is
affected by multiple remote code execution vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The Microsoft Office application installed on the remote macOS or Mac
OS X host is missing a security update. It is, therefore, affected by
multiple remote code execution vulnerabilities in Microsoft Office due
to improper handling of objects in memory. An unauthenticated, remote
attacker can exploit these vulnerabilities, by convincing a user to
open a specially crafted Office document, to execute arbitrary code in
the context of the current user.");
# https://support.microsoft.com/en-us/help/3212223/description-of-the-security-update-for-office-for-mac-2011-14-7-5-june
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8fbc6de6");
# https://support.office.com/en-us/article/Release-notes-for-Office-2016-for-Mac-ed2da564-6d53-4542-9954-7e3209681a41
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?68489292");
# https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8509
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?069ce460");
# https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8511
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b685de7b");
script_set_attribute(attribute:"solution", value:
"Microsoft has released patches for Microsoft Office for Mac 2011 and
Microsoft Office 2016 for Mac.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8511");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/13");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word_for_mac");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:outlook");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_office_installed.nbin");
script_require_keys("Host/MacOSX/Version");
script_require_ports("installed_sw/Office for Mac 2011", "installed_sw/Microsoft Outlook", "installed_sw/Microsoft Word", "installed_sw/Microsoft PowerPoint");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
# Office 2011
apps = make_list(
"Office for Mac 2011",
"Microsoft Word",
"Microsoft PowerPoint"
);
report = "";
foreach app (apps)
{
installs = get_installs(app_name:app);
if (isnull(installs[1])) continue;
foreach install (installs[1])
{
version = install['version'];
path = install['path'];
app_label = app;
app_lower = tolower(app);
fix = NULL;
fix_disp = NULL;
# only word and powerpoint are affected
if (app_lower !~ "word" && app_lower !~ "powerpoint") continue;
if (version =~ "^14\.")
{
if (app !~ " for Mac 2011$") app_label += " for Mac 2011";
fix = '14.7.5';
}
else
{
if (version =~ "^15\.") app_label += " for Mac 2016";
fix = '15.35.0';
fix_disp = '15.35 (17061000)';
}
if (fix && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
report +=
'\n Product : ' + app_label +
'\n Installed version : ' + version;
if (!empty_or_null(fix_disp))
{
report += '\n Fixed version : ' + fix_disp;
fix_disp = '';
}
else report += '\n Fixed version : ' + fix;
os = get_kb_item("Host/MacOSX/Version");
if (os =~ "^Mac OS X 10\.[0-9](\.|$)" && app_label =~ " for Mac 2016$")
report += '\n Note : Update will require Mac OS X 10.10.0 or later.\n';
else report += '\n';
}
}
}
# Report findings.
if (!empty(report))
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
else
audit(AUDIT_HOST_NOT, "affected");
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
96.4%