Security Updates for Microsoft Office Web Apps (November 2017)

critical Nessus Plugin ID 104560

Synopsis

The Microsoft Office Web Apps installation on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

Solution

Microsoft has released the following security updates to address this issue:
-KB4011271
-KB4011247

See Also

http://www.nessus.org/u?60113b23

http://www.nessus.org/u?557afc84

Plugin Details

Severity: Critical

ID: 104560

File Name: smb_nt_ms17_nov_office_web.nasl

Version: 1.3

Type: local

Agent: windows

Published: 11/14/2017

Updated: 5/7/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Based on the vendor advisory.

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:office_web_apps

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 11/14/2017

Vulnerability Publication Date: 11/14/2017

Reference Information

MSFT: MS17-4011247, MS17-4011271

MSKB: 4011247, 4011271