Vulnerabilities > CVE-2019-0953 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS19_MAY_OFFICE_WEB.NASL description The Microsoft Office Online Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-0953) last seen 2020-06-01 modified 2020-06-02 plugin id 130261 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130261 title Security Updates for Microsoft Office Online Server Apps (May 2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(130261); script_version("1.2"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id("CVE-2019-0953"); script_bugtraq_id(108211); script_xref(name:"MSKB", value:"4462169"); script_xref(name:"MSFT", value:"MS19-4462169"); script_name(english:"Security Updates for Microsoft Office Online Server Apps (May 2019)"); script_summary(english:"Checks for Microsoft security updates."); script_set_attribute(attribute:"synopsis", value: "The Microsoft Office Online Server installation on the remote host is missing a security update."); script_set_attribute(attribute:"description", value: "The Microsoft Office Online Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. (CVE-2019-0953)"); # https://support.microsoft.com/en-us/help/4462169/description-of-the-security-update-for-office-online-server-may-14 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4bde1dbb"); script_set_attribute(attribute:"solution", value: "Microsoft has released KB4462169 to address this issue."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0953"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_web_apps"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("office_installed.nasl","microsoft_owa_installed.nbin","microsoft_office_compatibility_pack_installed.nbin","smb_hotfixes.nasl","ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include('audit.inc'); include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('misc_func.inc'); include('install_func.inc'); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS19-05'; kbs = make_list('4462169'); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1); port = kb_smb_transport(); # Get installs of Office Web Apps owa_installs = get_installs(app_name:'Microsoft Office Web Apps'); if (!empty_or_null(owa_installs)) { foreach owa_install (owa_installs[1]) { if (owa_install['Product'] == '2016') { oos_path = owa_install['path']; oos_sp = owa_install['SP']; } } } vuln = FALSE; #################################################################### # Office Online Server #################################################################### if (oos_path && (!isnull(oos_sp) && oos_sp == '0')) { path = hotfix_append_path(path:oos_path, value:"ExcelServicesEcs\bin"); if (hotfix_check_fversion(file:'xlsrv.dll', version:'16.0.10344.20001', min_version:'16.0.0.0', path:path, kb:'4462169', product:'Office Online Server') == HCF_OLDER) vuln = TRUE; } if (vuln) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS19_MAY_WORD.NASL description The Microsoft Word Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. last seen 2020-06-01 modified 2020-06-02 plugin id 125072 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125072 title Security Updates for Microsoft Word Products (May 2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(125072); script_version("1.4"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id("CVE-2019-0953"); script_xref(name:"MSKB", value:"4464536"); script_xref(name:"MSFT", value:"MS19-4464536"); script_name(english:"Security Updates for Microsoft Word Products (May 2019)"); script_summary(english:"Checks for Microsoft security updates."); script_set_attribute(attribute:"synopsis", value: "The Microsoft Word Products are missing a security update."); script_set_attribute(attribute:"description", value: "The Microsoft Word Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user."); # https://support.microsoft.com/en-us/help/4464536/description-of-the-security-update-for-word-2016-may-14-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77c5f6dd"); script_set_attribute(attribute:"solution", value: "Microsoft has released KB4464536 to address this issue."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0953"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("office_installed.nasl","smb_hotfixes.nasl","ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include('audit.inc'); include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('install_func.inc'); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS19-05'; kbs = make_list('4464536'); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1); port = kb_smb_transport(); checks = make_array( '16.0', make_nested_list(make_array('sp', 0, 'version', '16.0.4849.1000', 'channel', 'MSI', 'kb', '4464536')) ); if (hotfix_check_office_product(product:'Word', checks:checks, bulletin:bulletin)) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family MacOS X Local Security Checks NASL id MACOS_MS19_MAY_OFFICE.NASL description The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Word software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary commands. last seen 2020-06-01 modified 2020-06-02 plugin id 125165 published 2019-05-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125165 title Security Update for Microsoft Office (May 2019) (macOS) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(125165); script_version("1.2"); script_cvs_date("Date: 2019/10/30 13:24:46"); script_cve_id("CVE-2019-0953"); script_name(english:"Security Update for Microsoft Office (May 2019) (macOS)"); script_summary(english:"Checks the version of Microsoft Office."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote macOS or Mac OS X host is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft Word software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary commands. "); # https://docs.microsoft.com/en-us/officeupdates/release-notes-office-2016-mac#may-2019-release script_set_attribute(attribute:"see_also",value:"http://www.nessus.org/u?6914a7b5"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Microsoft Office for Mac."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-0953"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/16"); script_set_attribute(attribute:"plugin_type",value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:excel"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:word"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:outlook"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:onenote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_office_installed.nbin"); script_require_keys("Host/MacOSX/Version"); script_require_ports( "installed_sw/Microsoft Word", "installed_sw/Microsoft Excel", "installed_sw/Microsoft PowerPoint", "installed_sw/Microsoft OneNote", "installed_sw/Microsoft Outlook" ); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); include("vcf.inc"); os = get_kb_item_or_exit("Host/MacOSX/Version"); apps = make_list( "Microsoft Word", "Microsoft Excel", "Microsoft PowerPoint", "Microsoft OneNote", "Microsoft Outlook" ); report = ''; #2016 min_ver_16 = '16'; fix_ver_16 = '16.16.10'; fix_disp_16 = '16.16.10 (19051200)'; #2019 min_ver_19 = '16.17.0'; fix_ver_19 = '16.25'; fix_disp_19 = '16.25 (19051201)'; foreach app (apps) { installs = get_installs(app_name:app); if (isnull(installs[1])) continue; foreach install (installs[1]) { version = install['version']; if (ver_compare(ver:version, minver:min_ver_19, fix:fix_ver_19, strict:FALSE) < 0) { app_label = app + ' for Mac 2019'; report += '\n\n Product : ' + app_label + '\n Installed version : ' + version + '\n Fixed version : ' + fix_disp_19; } else if (ver_compare(ver:version, minver:min_ver_16, fix:fix_ver_16, strict:FALSE) < 0) { app_label = app + ' for Mac 2016'; report += '\n\n Product : ' + app_label + '\n Installed version : ' + version + '\n Fixed version : ' + fix_disp_16; } } } if (empty(report)) audit(AUDIT_HOST_NOT, "affected"); if (os =~ "^Mac OS X 10\.[0-9](\.|$)") report += '\n Note : Update will require Mac OS X 10.10.0 or later.\n'; security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);