CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.6%
The Microsoft PowerPoint Products are missing a security update. It is, therefore, affected by the following vulnerability:
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(205595);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/16");
script_cve_id("CVE-2024-38171");
script_xref(name:"MSKB", value:"5002586");
script_xref(name:"MSFT", value:"MS24-5002586");
script_xref(name:"IAVA", value:"2024-A-0494");
script_name(english:"Security Updates for Microsoft PowerPoint Products (August 2024)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft PowerPoint Products are missing a security update.");
script_set_attribute(attribute:"description", value:
"The Microsoft PowerPoint Products are missing a security
update. It is, therefore, affected by the following
vulnerability:
- A remote code execution vulnerability. An attacker can
exploit this to bypass authentication and execute
unauthorized arbitrary commands. (CVE-2024-38171)");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5002586");
script_set_attribute(attribute:"solution", value:
"Microsoft has released KB5002586 to address this issue.
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic
updates are enabled or open any office app and manually perform an
update.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38171");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("office_installed.nasl", "microsoft_office_compatibility_pack_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('vcf_extras_office.inc');
var bulletin = 'MS24-08';
var kbs = make_list(
'5002586'
);
var severity = SECURITY_HOLE;
var constraints = [
{ 'kb':'5002586', 'channel':'MSI', 'fixed_version': '16.0.5461.1000', 'sp' : 0}
];
vcf::microsoft::office_product::check_version_and_report(
kbs:kbs,
constraints:constraints,
severity:severity,
bulletin:bulletin,
subproduct:'PowerPoint'
);
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.6%