Advisory overview Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 46 vulnerabilities that were fixed in 16 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a, or by trying. Vulnerability details Microsoft has released 16 security bulletins to fix newly discovered flaws in their software.
Qualys has released the following checks for these new vulnerabilities:. Microsoft OLE Automation Remote Code Execution Vulnerability (MS11-038) Severity Urgent 5 Qualys ID 90709 Vendor Reference CVE Reference CVSS Scores Base 9.3 / Temporal 6.9 Description Microsoft Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data with or to control another application. A remote code execution vulnerability exists in OLE Automation. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. These new vulnerability checks are included in Qualys vulnerability signature 1.28.137-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available.
To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab. Selective Scan Instructions Using Qualys To perform a selective vulnerability scan, configure a scan profile to use the following options:.
Ensure access to TCP ports 135 and 139 are available. Enable Windows Authentication (specify Authentication Records). Enable the following Qualys IDs:. 90709. 90712. 90705.
90708. 90706. 90707.
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2;. Microsoft Excel 2002 SP3 Microsoft Excel 2003 SP3 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Open XML File Format Converter for Mac: Vulnerability Description: A remote code execution vulnerability has been identified in Microsoft Excel. Microsoft Excel is a popular spreadsheet application. Office 2004 install I've used every version of Office MS has produced and before that Word, Excel etc in whatever form MS had available. I have Office 2004 (and many of its predecessors) installed on my eMac. I just bought a MacBook Pro which comes with a test version of Office 2004.
90710. 100103. 100102.
90713. 118896. 90717. 90714.
90711. 90715. 119076. If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available. If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab. Access for Qualys Customers. Technical Support For more information, customers may contact. About Qualys The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.
Cve-2011-1278 : Microsoft Excel 2002 Sp3 And Office 2004 For Mac Free
Vuln ID Summary CVSS Severity Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka 'Microsoft Office Control Vulnerability.' Published: September 19, 2014; 06:55:03 AM -04:00 V2: Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka 'Record Memory Corruption Vulnerability.'