Detections
Analytics
MS11-036 / MS11-045: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2545814 / 2537146) (Mac OS X)
high Nessus Plugin ID 55135
Language:
Synopsis
An application installed on the remote Mac OS X host is affected by multiple remote code execution vulnerabilities.Description
The remote Mac OS X host has a version of Microsoft Office that is affected by multiple vulnerabilities that could lead to arbitrary code execution.If a remote attacker can trick a user into opening a malicious PowerPoint or Excel file using the affected install, these vulnerabilities could be leveraged to execute arbitrary code subject to the user's privileges.
Solution
Microsoft has released a set of patches for Office for Mac 2011, Office 2008 for Mac, Office 2004 for Mac, and Open XML File Format Converter for Mac.See Also
http://technet.microsoft.com/en-us/security/bulletin/ms11-036
http://technet.microsoft.com/en-us/security/bulletin/ms11-045
Plugin Details
Severity: High
ID: 55135
File Name: macosx_ms_office_jun2011.nasl
Version: 1.26
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 6/15/2011
Updated: 11/27/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:microsoft:office:2004::mac, cpe:/a:microsoft:office:2008::mac, cpe:/a:microsoft:office:2011::mac, cpe:/a:microsoft:open_xml_file_format_converter:::mac
Required KB Items: Host/uname, Host/MacOSX/packages
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/14/2011
Vulnerability Publication Date: 5/10/2011
Exploitable With
Core Impact
Reference Information
CVE: CVE-2011-1269, CVE-2011-1270, CVE-2011-1272, CVE-2011-1273, CVE-2011-1274, CVE-2011-1275, CVE-2011-1276, CVE-2011-1277, CVE-2011-1278, CVE-2011-1279
BID: 47699, 47700, 48157, 48158, 48159, 48160, 48161, 48162, 48163, 48164