The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in     Microsoft Excel software when the software fails to     properly handle objects in memory. An attacker who     successfully exploited the vulnerability could run     arbitrary code in the context of the current user. If     the current user is logged on with administrative user     rights, an attacker could take control of the affected     system. An attacker could then install programs; view,     change, or delete data; or create new accounts with full     user rights.  (CVE-2018-8147, CVE-2018-8148)

  - An information disclosure vulnerability exists in     Outlook when a message is opened. This vulnerability     could potentially result in the disclosure of sensitive     information to a malicious site.  (CVE-2018-8160)

  - A remote code execution vulnerability exists in     Microsoft Office software when the software fails to     properly handle objects in memory. An attacker who     successfully exploited the vulnerability could run     arbitrary code in the context of the current user. If     the current user is logged on with administrative user     rights, an attacker could take control of the affected     system. An attacker could then install programs; view,     change, or delete data; or create new accounts with full     user rights.  (CVE-2018-8157, CVE-2018-8158,     CVE-2018-8161)

  - A remote code execution vulnerability exists in     Microsoft InfoPath when the software fails to properly     handle objects in memory. An attacker who successfully     exploited the vulnerability could run arbitrary code in     the context of the current user. If the current user is     logged on with administrative user rights, an attacker     could take control of the affected system. An attacker     could then install programs; view, change, or delete     data; or create new accounts with full user rights.
    (CVE-2018-8173)

  - A security feature bypass vulnerability exists when the     Microsoft Outlook attachment block filter does not     properly handle attachments. An attacker who successfully     exploited the vulnerability could execute arbitrary     commands. The security feature bypass by itself does not     allow arbitrary code execution. (CVE-2018-8150)

Detections

Analytics

Security Updates for Microsoft Office Products (May 2018)

high Nessus Plugin ID 109614

Version 1.7