Vulnerabilities > CVE-2019-1331 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS19_OCT_OFFICE_WEB.NASL description The Microsoft Office Online Server installation on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. last seen 2020-03-18 modified 2019-10-15 plugin id 129885 published 2019-10-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129885 title Security Updates for Microsoft Office Online Server (October 2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include('compat.inc'); if (description) { script_id(129885); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value: "2020/03/13"); script_cve_id("CVE-2019-1331"); script_xref(name:"MSKB", value:"4475595"); script_xref(name:"MSFT", value:"MS19-4475595"); script_name(english:"Security Updates for Microsoft Office Online Server (October 2019)"); script_set_attribute(attribute:"synopsis", value: "The Microsoft Office Online Server installation on the remote host is missing a security update."); script_set_attribute(attribute:"description", value: "The Microsoft Office Online Server installation on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."); # https://support.microsoft.com/en-us/help/4475595/security-update-for-office-online-server-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3089fa2a"); script_set_attribute(attribute:"solution", value: "Upgrade to the latest version of Office Online Server and apply the KB4475595 patch to address this issue."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1331"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office_online_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("office_installed.nasl", "microsoft_owa_installed.nbin", "microsoft_office_compatibility_pack_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include('audit.inc'); include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('misc_func.inc'); include('install_func.inc'); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS19-10'; kbs = make_list('4475595'); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1); port = kb_smb_transport(); # Get installs of Office Web Apps owa_installs = get_installs(app_name:'Microsoft Office Web Apps'); if (!empty_or_null(owa_installs)) { foreach owa_install (owa_installs[1]) { if (owa_install['Product'] == '2016') { oos_path = owa_install['path']; oos_sp = owa_install['SP']; } } } vuln = FALSE; #################################################################### # Office Online Server #################################################################### if (oos_path && (!isnull(oos_sp) && oos_sp == '0')) { path = hotfix_append_path(path:oos_path, value:"ExcelServicesEcs\bin"); if (hotfix_check_fversion(file:'xlsrv.dll', version:'16.0.10351.20000', min_version:'16.0.0.0', path:path, kb:'4475595', product:'Office Online Server') == HCF_OLDER) vuln = TRUE; } if (vuln) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS19_OCT_OFFICE.NASL description The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1327, CVE-2019-1331) last seen 2020-06-01 modified 2020-06-02 plugin id 129730 published 2019-10-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129730 title Security Updates for Microsoft Office Products (October 2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include('compat.inc'); if (description) { script_id(129730); script_version("1.9"); script_cvs_date("Date: 2020/01/30"); script_cve_id("CVE-2019-1327", "CVE-2019-1331"); script_xref(name:"MSKB", value:"4475558"); script_xref(name:"MSKB", value:"4475554"); script_xref(name:"MSKB", value:"4475569"); script_xref(name:"MSFT", value:"MS19-4475558"); script_xref(name:"MSFT", value:"MS19-4475554"); script_xref(name:"MSFT", value:"MS19-4475569"); script_name(english:"Security Updates for Microsoft Office Products (October 2019)"); script_set_attribute(attribute:"synopsis", value: "The Microsoft Office Products are affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1327, CVE-2019-1331)"); # https://support.microsoft.com/en-us/help/4475558/security-update-for-office-2013-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b215d1b"); # https://support.microsoft.com/en-us/help/4475554/description-of-the-security-update-for-office-2016-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?477338a6"); # https://support.microsoft.com/en-us/help/4475569/security-update-for-office-2010-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1cf3228a"); script_set_attribute(attribute:"solution", value: "Microsoft has released the following security updates to address this issue: -KB4475558 -KB4475554 -KB4475569 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1331"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("office_installed.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include('audit.inc'); include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('misc_func.inc'); include('install_func.inc'); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS19-10'; kbs = make_list( '4475558', '4475554', '4475569' ); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1); vuln = FALSE; port = kb_smb_transport(); office_vers = hotfix_check_office_version(); # Office 2010 SP2 if (office_vers['14.0']) { office_sp = get_kb_item('SMB/Office/2010/SP'); if (!isnull(office_sp) && office_sp == 2) { prod = 'Microsoft Office 2010 SP2'; path = hotfix_get_officeprogramfilesdir(officever:'14.0'); path = hotfix_append_path(path:path, value:'Microsoft Office\\Office14'); kb = '4475569'; file = 'graph.exe'; version = '14.0.7239.5000'; if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER) vuln = TRUE; } } # Office 2013 SP1 if (office_vers['15.0']) { office_sp = get_kb_item('SMB/Office/2013/SP'); if (!isnull(office_sp) && office_sp == 1) { prod = 'Microsoft Office 2013 SP1'; path = hotfix_get_officeprogramfilesdir(officever:'15.0'); path = hotfix_append_path(path:path, value:'Microsoft Office\\Office15'); kb = '4475558'; file = 'graph.exe'; version = '15.0.5179.1000'; if (hotfix_check_fversion(file:file, version:version, path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ) vuln = TRUE; } } # Office 2016 if (office_vers['16.0']) { office_sp = get_kb_item('SMB/Office/2016/SP'); if (!isnull(office_sp) && office_sp == 0) { prod = 'Microsoft Office 2016'; path = hotfix_get_officeprogramfilesdir(officever:'16.0'); path = hotfix_append_path(path:path, value:'Microsoft Office\\root\\Office16'); # MSI graph.exe if (hotfix_check_fversion(file:'graph.exe', version:'16.0.4912.1000', channel:'MSI', channel_product:'Office', path:path, kb:'4475554', bulletin:bulletin, product:prod) == HCF_OLDER) vuln = TRUE; path = hotfix_get_officecommonfilesdir(officever:'16.0'); prod2019 = 'Microsoft Office 2019'; mso_dll_path = hotfix_append_path(path:path, value:'Microsoft Shared\\Office16'); c2r_path = mso_dll_path; if ( hotfix_check_fversion(file:"mso.dll", version:"16.0.10730.20386", channel:"Deferred", channel_product:"Office", path:c2r_path, bulletin:bulletin, product:prod) == HCF_OLDER || hotfix_check_fversion(file:"mso.dll", version:"16.0.11328.20438", channel:"Deferred", channel_version:"1902", channel_product:"Office", path:c2r_path, bulletin:bulletin, product:prod) == HCF_OLDER || hotfix_check_fversion(file:"mso.dll", version:"16.0.11929.20396", channel:"First Release for Deferred", channel_product:"Office", path:c2r_path, bulletin:bulletin, product:prod) == HCF_OLDER || hotfix_check_fversion(file:"mso.dll", version:"16.0.12026.20320", channel:"Current", channel_product:"Office", path:c2r_path, bulletin:bulletin, product:prod) == HCF_OLDER || # 2019 hotfix_check_fversion(file:"mso.dll", version:"16.0.12026.20320", channel:"2019 Retail", channel_product:"Office", path:c2r_path, bulletin:bulletin, product:prod2019) == HCF_OLDER || hotfix_check_fversion(file:"mso.dll", version:"16.0.10351.20054", channel:"2019 Volume", channel_product:"Office", path:c2r_path, bulletin:bulletin, product:prod2019) == HCF_OLDER ) vuln = TRUE; } } if (vuln) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS19_OCT_OFFICE_SHAREPOINT.NASL description The Microsoft SharePoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim last seen 2020-06-01 modified 2020-06-02 plugin id 129731 published 2019-10-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129731 title Security Updates for Microsoft SharePoint Server (Oct 2019) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(129731); script_version("1.4"); script_cvs_date("Date: 2019/10/31 15:18:52"); script_cve_id( "CVE-2019-1070", "CVE-2019-1328", "CVE-2019-1329", "CVE-2019-1330", "CVE-2019-1331" ); script_xref(name:"MSKB", value:"4462176"); script_xref(name:"MSKB", value:"4462215"); script_xref(name:"MSKB", value:"4475608"); script_xref(name:"MSKB", value:"4484111"); script_xref(name:"MSKB", value:"4484110"); script_xref(name:"MSKB", value:"4484122"); script_xref(name:"MSKB", value:"4484131"); script_xref(name:"MSFT", value:"MS19-4462176"); script_xref(name:"MSFT", value:"MS19-4462215"); script_xref(name:"MSFT", value:"MS19-4475608"); script_xref(name:"MSFT", value:"MS19-4484110"); script_xref(name:"MSFT", value:"MS19-4484111"); script_xref(name:"MSFT", value:"MS19-4484122"); script_xref(name:"MSFT", value:"MS19-4484131"); script_xref(name:"IAVA", value:"2019-A-0359"); script_name(english:"Security Updates for Microsoft SharePoint Server (Oct 2019)"); script_summary(english:"Checks for Microsoft security updates."); script_set_attribute(attribute:"synopsis", value: "The Microsoft SharePoint Server installation on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The Microsoft SharePoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. (CVE-2019-1070) - A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross- site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. (CVE-2019-1328) - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. (CVE-2019-1329) - An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. (CVE-2019-1330) - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1331)"); # https://support.microsoft.com/en-us/help/4475608/security-update-for-sharepoint-enterprise-server-2013-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?73c5cc63"); # https://support.microsoft.com/en-us/help/4462176/security-update-for-sharepoint-server-2010-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?707ff09a"); # https://support.microsoft.com/en-us/help/4484122/security-update-for-sharepoint-foundation-2013-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9af99b6"); # https://support.microsoft.com/en-us/help/4462215/security-update-for-sharepoint-enterprise-server-2013-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dd9d4866"); # https://support.microsoft.com/en-us/help/4484111/security-update-for-sharepoint-enterprise-server-2016 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6fc6eac4"); # https://support.microsoft.com/en-us/help/4484110/security-update-for-sharepoint-server-2019-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9b7b956"); # https://support.microsoft.com/en-us/help/4484131/security-update-for-sharepoint-foundation-2010-october-8-2019 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cade65c4"); script_set_attribute(attribute:"solution", value: "Microsoft has released the following security updates to address this issue: -KB4462176 -KB4462215 -KB4475608 -KB4484110 -KB4484111 -KB4484122 -KB4484131"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1331"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sharepoint"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("microsoft_sharepoint_installed.nbin", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include('smb_func.inc'); include('smb_hotfixes.inc'); include('smb_hotfixes_fcheck.inc'); include('smb_reg_query.inc'); include('misc_func.inc'); include('install_func.inc'); include('lists.inc'); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS19-10'; kbs = make_list( '4484131', # 2010 Foundation '4462176', # 2010 '4484122', # 2013 Foundation '4475608', # 2013 Foundation '4462215', # 2013 Server '4484111', # 2016 Server '4484110' # 2019 Server ); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit('SMB/Registry/Enumerated', exit_code:1); # Get path information for Windows. windir = hotfix_get_systemroot(); if (isnull(windir)) exit(1, 'Failed to determine the location of %windir%.'); registry_init(); vuln = FALSE; port = kb_smb_transport(); install = get_single_install(app_name:'Microsoft SharePoint Server'); # direct reference lookup of product... kb_checks = { '2010': # direct reference lookup of SP... { '2': {'Server': [{ 'kb': '4462176', 'path': install['path'], 'append':'bin', 'file':'xlsrv.dll', 'version':'14.0.7239.5000', 'min_version':'14.0.0.0', 'product_name':'Microsoft SharePoint Enterprise Server 2010 SP2' }], # direct reference lookup of edition... 'Foundation': [{ 'kb': '4484131', 'path': hotfix_get_commonfilesdir(), 'append':'microsoft shared\\web server extensions\\14\\bin', 'file':'onetutil.dll', 'version':'14.0.7237.5000', 'version':'14.0.7239.5000', 'min_version':'14.0.0.0', 'product_name':'Microsoft SharePoint Foundation Server 2010 SP2' }] } }, '2013': # direct reference lookup of SP... { '1': # direct reference lookup of edition... {'Server': [{ 'kb': '4462215', 'path': install['path'], 'append':'bin', 'file':'xlsrv.dll', 'version':'15.0.5179.1000', 'min_version':'15.0.0.0', 'product_name':'Microsoft SharePoint Enterprise Server 2013 SP1' }, { 'kb': '4475608', 'path': install['path'], 'append':'transformapps', 'file':'docxpageconverter.exe', 'version':'15.0.5179.1000', 'min_version':'15.0.0.0', 'product_name':'Microsoft SharePoint Enterprise Server 2013 SP1' }], 'Foundation': [{ 'kb': '4484122', 'path': hotfix_get_commonfilesdir(), 'append':'microsoft shared\\web server extensions\\15\\bin', 'file':'csisrv.dll', 'version':'15.0.5111.1000', 'min_version':'15.0.0.0', 'product_name':'Microsoft SharePoint Foundation Server 2013 SP1' }] } }, '2016': # direct reference lookup of SP... { '0': # direct reference lookup of edition... {'Server': [{ 'kb': '4484111', 'path': install['path'], 'append':'webservices\\conversionservices', 'file':'msoserver.dll', 'version':'16.0.4912.1000', 'min_version':'16.0.0.0', 'product_name':'Microsoft SharePoint Enterprise Server 2016' }] } }, '2019': # direct reference lookup of SP... { '0': # direct reference lookup of edition... {'Server': [{ 'kb': '4484110', 'path': install['path'], 'append':'bin', 'file':'microsoft.sharepoint.publishing.dll', 'version':'16.0.10351.20000', 'min_version':'16.0.10000.0', 'product_name':'Microsoft SharePoint Server 2019' }] } } }; # get the specific product / path param_list = kb_checks[install['Product']][install['SP']][install['Edition']]; # audit if not affected if(isnull(param_list)) audit(AUDIT_INST_VER_NOT_VULN, "Microsoft SharePoint Server"); vuln = FALSE; xss = FALSE; # grab the path otherwise foreach check (param_list) { path = hotfix_append_path(path:check['path'], value:check['append']); are_we_vuln = hotfix_check_fversion(file:check['file'], version:check['version'], path:path, kb:check['kb'], product:check['product_name']); if (are_we_vuln == HCF_OLDER) { if (check['kb'] != '4484122' ) xss = TRUE; vuln = TRUE; } } if (vuln == TRUE) { replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); if (xss) replace_kb_item(name:'www/'+port+'/XSS', value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS19_OCT_EXCEL.NASL description The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1327, CVE-2019-1331) last seen 2020-06-01 modified 2020-06-02 plugin id 129727 published 2019-10-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129727 title Security Updates for Microsoft Excel Products (October 2019)