Security Update for Microsoft Office (Jan 2019) (macOS)

high Nessus Plugin ID 121542

Synopsis

An application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.

Description

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. (CVE-2019-0585)

- An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. An attacker who successfully exploited this vulnerability could read arbitrary files from a targeted system. To exploit the vulnerability, an attacker could craft a special document file and convince the user to open it.
An attacker must know the file location whose data they wish to exfiltrate. The update addresses the vulnerability by changing the way certain Word functions handle security warnings.
(CVE-2019-0561)

Solution

Microsoft has released a set of patches for Microsoft Office for Mac.

See Also

http://www.nessus.org/u?e9b07569

http://www.nessus.org/u?1b3317ba

http://www.nessus.org/u?0dca17f3

Plugin Details

Severity: High

ID: 121542

File Name: macos_ms19_jan_office.nasl

Version: 1.4

Type: local

Agent: macosx

Published: 2/1/2019

Updated: 10/31/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-0585

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x, cpe:/a:microsoft:office, cpe:/a:microsoft:excel_for_mac, cpe:/a:microsoft:word, cpe:/a:microsoft:excel, cpe:/a:microsoft:powerpoint, cpe:/a:microsoft:outlook, cpe:/a:microsoft:onenote

Required KB Items: Host/MacOSX/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/16/2019

Vulnerability Publication Date: 1/8/2019

Reference Information

CVE: CVE-2019-0561, CVE-2019-0585

BID: 106339, 106392