Microsoft Office Trust Access to VBA Project Model Object Enabled

high Nessus Plugin ID 123461

Synopsis

A Microsoft Office application installed on the remote host has trust access to VBA project model object enabled.

Description

A Microsoft Office application installed on the remote host has trust access to VBA project model object enabled.

Solution

Disable the trust access to VBA project model object.

Plugin Details

Severity: High

ID: 123461

File Name: smb_nt_trust_access_vba_project.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 3/28/2019

Updated: 5/16/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Tenable research analyzed the issue and assigned a score for it.

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible