Untrusted Microsoft Office Macro Execution Enabled

high Nessus Plugin ID 123459

Synopsis

A Microsoft Office application installed on the remote host has untrusted macro execution settings enabled.

Description

A Microsoft Office application installed on the remote host has untrusted macro execution settings enabled.

Note: This plugin first checks to verify that there are any Microsoft Office products actually installed. If there are, it will enumerate the registry keys that are set when an Office application allows the execution of untrusted macros. In some in edge cases, the registry settings that allow the execution of untrusted macros may still be present and set, even if there are no installed Microsoft Office products. In this scenario, this plugin will require paranoid mode to check these registry keys.

Solution

Disable the macro execution trust settings.

See Also

http://www.nessus.org/u?6b8542dc

http://www.nessus.org/u?308194e9

Plugin Details

Severity: High

ID: 123459

File Name: smb_nt_office_macro_enabled.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 3/28/2019

Updated: 10/18/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Tenable research analyzed the issue and assigned a score for it.

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible