Vulnerabilities > CVE-2018-8587 - Unspecified vulnerability in Microsoft Office and Office 365 Proplus

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
microsoft
nessus

Summary

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS18_DEC_OUTLOOK.NASL
descriptionThe Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2018-8587)
last seen2020-06-01
modified2020-06-02
plugin id119598
published2018-12-11
reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/119598
titleSecurity Updates for Outlook (December 2018)
code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include("compat.inc");

if (description)
{
  script_id(119598);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/01");

  script_cve_id("CVE-2018-8587");
  script_xref(name:"MSKB", value:"4461576");
  script_xref(name:"MSKB", value:"4461556");
  script_xref(name:"MSKB", value:"4461544");
  script_xref(name:"MSFT", value:"MS18-4461576");
  script_xref(name:"MSFT", value:"MS18-4461556");
  script_xref(name:"MSFT", value:"MS18-4461544");

  script_name(english:"Security Updates for Outlook (December 2018)");
  script_summary(english:"Checks for Microsoft security updates.");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Outlook application installed on the remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Outlook application installed on the remote
host is missing a security update. It is, therefore,
affected by the following vulnerability :

  - A remote code execution vulnerability exists in
    Microsoft Outlook software when it fails to properly
    handle objects in memory. An attacker who successfully
    exploited the vulnerability could use a specially
    crafted file to perform actions in the security context
    of the current user. For example, the file could then
    take actions on behalf of the logged-on user with the
    same permissions as the current user.  (CVE-2018-8587)");
  # https://support.microsoft.com/en-us/help/4461576/descriptionofthesecurityupdateforoutlook2010december112018
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e27ba9e0");
  # https://support.microsoft.com/en-us/help/4461556/descriptionofthesecurityupdateforoutlook2013december112018
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc7b87af");
  # https://support.microsoft.com/en-us/help/4461544/descriptionofthesecurityupdateforoutlook2016december112018
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9a841a4");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released the following security updates to address this issue:  
  -KB4461576
  -KB4461556
  -KB4461544");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8587");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:outlook");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("office_installed.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("install_func.inc");

global_var vuln;

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = "MS18-12";
kbs = make_list(
'4461576',
'4461556',
'4461544'
);

if (get_kb_item("Host/patch_management_checks"))
  hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated", exit_code:1);

port = kb_smb_transport();

checks = make_array(
  "14.0", make_array("version", "14.0.7226.5000", "kb", "4461576"),
  "15.0", make_array("version", "15.0.5093.1000", "kb", "4461556"),
  "16.0", make_nested_list(
    make_array("sp", 0, "version", "16.0.4783.1000", "channel", "MSI", "kb", "4461544"),
    # C2R
    make_array("sp", 0, "version", "16.0.8431.2351", "channel", "Deferred"),
    make_array("sp", 0, "version", "16.0.9126.2336", "channel", "Deferred", "channel_version", "1803"),
    make_array("sp", 0, "version", "16.0.10730.20262", "channel", "First Release for Deferred"),
    make_array("sp", 0, "version", "16.0.11029.20108", "channel", "Current"),
    # 2019
    make_array("sp", 0, "version", "16.0.11029.20108", "channel", "2019 Retail"),
    make_array("sp", 0, "version", "16.0.10339.20026", "channel", "2019 Volume")
  )
  );

if (hotfix_check_office_product(product:"Outlook", checks:checks, bulletin:bulletin))
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}