MS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X)

medium Nessus Plugin ID 22025

Synopsis

An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.

Description

The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run.

To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel or another Office application.

Solution

Microsoft has released a set of patches for Office for Mac OS X.

See Also

http://technet.microsoft.com/en-us/security/bulletin/ms06-037

http://technet.microsoft.com/en-us/security/bulletin/ms06-038

Plugin Details

Severity: Medium

ID: 22025

File Name: macosx_ms_06-037.nasl

Version: 1.34

Type: local

Agent: macosx

Published: 7/11/2006

Updated: 7/24/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2006-3059

Vulnerability Information

CPE: cpe:/a:microsoft:office:2001:sr1:mac_os, cpe:/a:microsoft:office:2004::mac

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/11/2006

Vulnerability Publication Date: 6/14/2006

Exploitable With

Core Impact

Reference Information

CVE: CVE-2006-1301, CVE-2006-1302, CVE-2006-1304, CVE-2006-1306, CVE-2006-1308, CVE-2006-1309, CVE-2006-1316, CVE-2006-1318, CVE-2006-1540, CVE-2006-2388, CVE-2006-2389, CVE-2006-3059

BID: 18422, 18853, 18885, 18886, 18888, 18889, 18890, 18910, 18911, 18912, 18938

CWE: 94

MSFT: MS06-037, MS06-038

MSKB: 917284, 917285