A logging library running on the remote host has multiple vulnerabilities.

According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including :

- Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not. This can provide an attack vector that can be exploited. (CVE-2019-17571)

- Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. (CVE-2020-9488)

- JMSSink uses JNDI in an unprotected manner allowing any application using the JMSSink to be vulnerable if it is configured to reference an untrusted site or if the site referenced can be accesseed by the attacker.
(CVE-2022-23302)

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.

Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.1 (CVSS:3.0/E:F/RL:O/RC:C)

6.7

0.4904

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

7.4 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2022/01/19, Modified: 2024/06/13

Path : C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Installed version : 1.2.17

An unsupported version of Apache Log4j is installed on the remote host.

According to its version, Apache Log4j is less than or equal to 1.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.

Upgrade to a version of Apache Log4j that is currently supported.

Critical

10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published: 2023/09/29, Modified: 2023/11/02

Path : C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Installed version : 1.2.17
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5066586. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5066586

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.2

0.0824

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

6.2 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/10/14, Modified: 2025/11/18

The remote host is missing one of the following rollup KBs :
- 5066586

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7671
Should be : 10.0.17763.7919

An application installed on the remote host is affected by multiple vulnerabilities.

The Microsoft Office application or Microsoft Office Services and Web Apps installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass of security restrictions and the execution of arbitrary commands. (CVE-2016-7262)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to a failure to properly handle objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7263, CVE-2016-7277, CVE-2016-7289, CVE-2016-7298)

- Multiple information disclosure vulnerabilities exist in Microsoft Office software due to an out-of-bounds memory read error. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7264, CVE-2016-7265, CVE-2016-7268, CVE-2016-7276, CVE-2016-7290, CVE-2016-7291)

- An arbitrary command execution vulnerability exists in Microsoft Office due to improper validation of registry settings when running embedded content. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted document file multiple times, resulting in a bypass of security restrictions and the execution of arbitrary commands.
(CVE-2016-7266)

- A security bypass vulnerability exists in Microsoft Office due to improper parsing of file formats. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in a bypass security restrictions.
(CVE-2016-7267)

- An elevation of privilege vulnerability exists in Microsoft Office due to improper validation before loading libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2016-7275)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010; Microsoft Publisher 2010 Office Compatibility Pack; Excel Viewer; Word Viewer; Microsoft SharePoint Server 2007 and 2010; and Office Web Apps 2010.

High

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

9.2 (CVSS:3.0/E:H/RL:O/RC:C)

9.8

0.8709

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/12/14, Modified: 2023/04/25

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4471.1000

The remote Windows host is affected by a security feature bypass vulnerability.

The version of ASP.NET Core installed on the remote Windows host is 8.0.x prior to 8.0.21, 9.0.x prior to 9.0.10, or 10.0.0-rc.1.25451.107. It is, therefore, affected by a security feature bypass vulnerability.
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later.

High

9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)

10.0

0.0004

8.7 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P)

I

Published: 2025/10/17, Modified: 2025/10/17

Path : C:\Program Files (x86)\dotnet\shared\Microsoft.AspNetCore.App\8.0.11
Installed version : 8.0.11
Fixed version : 8.0.21

Path : C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App\8.0.11
Installed version : 8.0.11
Fixed version : 8.0.21

The Microsoft Excel Products are missing a security update.

The Microsoft Excel Products are missing a security update.
It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0901)

Microsoft has released the following security updates to address this issue:
-KB4484365
-KB4484384
-KB4484338

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

High

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.4586

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

5.5 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2020/05/12, Modified: 2022/06/10

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5005.1000

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4993.1001

The Microsoft Office Products are affected by multiple vulnerabilities.

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities:

- An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. (CVE-2019-1084)

- A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents. An attacker who successfully exploited this vulnerability could read or write information in Office documents. (CVE-2019-1109)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.(CVE-2019-1111)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory.
An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.
To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it.
An attacker must know the memory address location where the object was created. (CVE-2019-1112) The update addresses the vulnerability by changing the way certain Excel functions handle objects in memory.

Microsoft has released the following security updates to address this issue:
-KB4462224
-KB4464558
-KB4464543
-KB4018375
-KB4475514
-KB4464534
-KB4461539

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

High

9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

7.9 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.2706

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

Published: 2019/07/09, Modified: 2022/06/10

Product : Microsoft Office 2016
KB : 4464534
- C:\Program Files\Microsoft Office\Office16\osf.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4873.1000

Product : Microsoft Office 2016
KB : 4475514
- C:\Program Files\Common Files\Microsoft Shared\Office16\mso99lwin32client.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4873.1000

Product : Microsoft Office 2016
KB : 4461539
- C:\Program Files\Microsoft Office\Office16\graph.exe has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4873.1000

The Microsoft Office Products are affected by multiple vulnerabilities.

The Microsoft Office Products are missing security updates.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.
(CVE-2019-1402)

- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1448)

- A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.
(CVE-2019-1449)

- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. (CVE-2019-1446)

Microsoft has released the following security updates to address this issue:
-KB4484152
-KB4484160
-KB4484148
-KB4484127
-KB4484113
-KB4484119

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.3802

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

Published: 2019/11/12, Modified: 2022/06/10

Product : Microsoft Office 2016
KB : 4484148
- C:\Program Files\Microsoft Office\Office16\graph.exe has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4927.1000

Product : Microsoft Office 2016
KB : 4484113
- C:\Program Files\Common Files\Microsoft Shared\Office16\acecore.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4927.1000

The Microsoft SQL Server installation on the remote host is missing a security update.

The Microsoft SQL Server installation on the remote host is missing a security update. It is affected by the following vulnerabilities:

- An elevation of privilege vulnerability. An authenticated, remote attacker can exploit this issue, to gain elevated privileges. (CVE-2024-37341, CVE-2024-37965, CVE-2024-37980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Microsoft has released security updates for Microsoft SQL Server.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

8.5 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.076

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/09/12, Modified: 2025/01/08

KB : 5042214
- C:\Program Files\Microsoft SQL Server\MSSQL15.SAFETICA\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.2000.5
Should be : 2019.150.2120.1

SQL Server Version : 15.0.2000.5 Standard Edition
SQL Server Instance : SAFETICA

The Microsoft Word Products are missing a security update.

The Microsoft Word Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.

Microsoft has released the following security updates to address this issue:
-KB5002316
-KB5002323

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.6

0.9115

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2023/02/14, Modified: 2023/05/11

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5383.1000

The Microsoft Word Products are missing a security update.

The Microsoft Word Products are missing a security update. It is, therefore, affected by a security feature bypass vulnerability. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Microsoft has released the following security updates to address this issue:
-KB5002406
-KB5002411

Critical

9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

8.3 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0105

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2023/07/11, Modified: 2023/08/11

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5404.1000

The Microsoft Outlook application installed on the remote host is missing a security update.

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.

Microsoft has released the following security updates to address this issue:
-KB5002265
-KB5002254

For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

Critical

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

9.4 (CVSS:3.0/E:H/RL:O/RC:C)

9.8

0.9364

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.7 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2023/03/14, Modified: 2023/06/16

Product : Outlook 2016
- C:\Program Files\Microsoft Office\Office16\Outlook.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.5387.1000

A package installed on the remote host is affected by a remote code execution vulnerability.

The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.

Medium

7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:F/RL:O/RC:C)

6.7

0.722

6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

5.0 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2021/12/15, Modified: 2024/06/13

Path : C:\Program Files\Microsoft SQL Server\150\DTS\Extensions\Common\Jars\log4j-1.2.17.jar
Installed version : 1.2.17
Fixed version : 2.16.0

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5065428. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5065428

Critical

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.7 (CVSS:3.0/E:U/RL:O/RC:C)

8.1

0.0073

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

7.4 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2025/09/09, Modified: 2025/10/29

The remote host is missing one of the following rollup KBs :
- 5065428

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7671
Should be : 10.0.17763.7786

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5068791. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5068791

Critical

7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

6.5 (CVSS:3.0/E:F/RL:O/RC:C)

8.4

0.0009

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/11/11, Modified: 2025/11/14

The remote host is missing one of the following rollup KBs :
- 5068791

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7671
Should be : 10.0.17763.8024

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Apply Security Update 5071544

Critical

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

8.1

0.0821

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

I

Published: 2025/12/09, Modified: 2025/12/17

The remote host is missing one of the following rollup KBs :
- 5071544

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7671
Should be : 10.0.17763.8146

The remote Windows host is affected by multiple remote code execution vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, PowerPoint, Visio, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Word Web Apps, or Microsoft Office Web Apps installed that is affected by multiple remote code execution vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-1642, CVE-2015-2467, CVE-2015-2468, CVE-2015-2469, CVE-2015-2477)

- An information disclosure vulnerability exists when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.
(CVE-2015-2423)

- A remote code execution vulnerability exists due a failure to properly validate templates. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted template file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2466)

- A remote code execution vulnerability exists when Office decreases an integer value beyond its intended minimum value. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2470)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, SharePoint Server 2010, SharePoint Server 2013, Microsoft Office Compatibility Pack, Microsoft Word Web Apps 2010, and Microsoft Office Web Apps 2013.

High

8.9

0.7288

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2015/08/12, Modified: 2023/02/16

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4288.1000

The remote Windows host is affected by multiple remote code execution vulnerabilities.

The remote Windows host has a version of Microsoft Office, Excel, Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack, Microsoft Office Web Apps, and/or Microsoft SharePoint Foundation installed that is affected by one or more of the following vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2520, CVE-2015-2521, CVE-2015-2523)

- A cross-site scripting vulnerability exists in SharePoint due to improper sanitization of user-supplied web requests. A remote attacker can exploit this vulnerability, via a specially crafted web request, to execute arbitrary script code in the context of the current user. (CVE-2015-2522)

- A remote code execution vulnerability exists in Microsoft Office due to improper handling of malformed graphics images. A remote attacker can exploit this vulnerability by convincing a user to open a file or visit a website containing a specially crafted EPS image binary, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2545)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, SharePoint Server 2013, Microsoft Office Compatibility Pack, and Microsoft Office Web Apps 2013.

High

9.6

0.9345

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Core Impact (true)

Published: 2015/09/09, Modified: 2022/03/08

Product : Microsoft Office 2016
KB : 3085635
- C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\epsimp32.flt has not been patched.
Remote version : 2012.1600.4266.1001
Should be : 2012.1600.4300.1002

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4288.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Excel, Excel Viewer, SharePoint Server, Microsoft Office Compatibility Pack, or Microsoft Office Web Apps installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-2555, CVE-2015-2557, CVE-2015-2558)

- An information disclosure vulnerability exists in the SharePoint InfoPath Forms Services due to improper parsing of document type definitions (DTD) in XML files.
A remote attacker can exploit this, via a crafted XML file, to browse the contents of arbitrary files on a SharePoint server. (CVE-2015-2556)

- A cross-site scripting vulnerability exists in Office Web Apps Server due to improper sanitization of crafted requests before returning it to the user. A remote attacker can exploit this to run arbitrary script code in the user's browser session. (CVE-2015-6037)

- A security feature bypass vulnerability exists in SharePoint due to improper enforcement of permission levels for applications or users. This allows Office Marketplace to inject JavaScript code that will persist in a SharePoint page. A remote attacker can exploit this to conduct a cross-site scripting attack, resulting in execution of arbitrary code in the user's browser session. (CVE-2015-6039)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016; SharePoint Server 2007, 2010, 2013; Microsoft Office Compatibility Pack SP3; Microsoft Excel Viewer; and Microsoft Office Web Apps 2010, 2013.

High

6.7

0.4303

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

Published: 2015/10/13, Modified: 2018/07/30

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4288.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Access, Excel, InfoPath, OneNote, PowerPoint, Project, Publisher, Visio, Word, Excel Viewer, Word Viewer, SharePoint Server, Office Compatibility Pack, Office Web Apps, Skype for Business, or Lync installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in execution of arbitrary code in the context of the current user. (CVE-2015-6038, CVE-2015-6091, CVE-2015-6092, CVE-2015-6093, CVE-2015-6094)

- An elevation of privilege vulnerability exists when an attacker instantiates an affected Office application via a COM control. An attacker who successfully exploits this vulnerability can gain elevated privileges and break out of the Internet Explorer sandbox.
(CVE-2015-2503)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016; SharePoint Server 2007, 2010, 2013; Office Compatibility Pack, Excel Viewer, Word Viewer, Office Web Apps 2010 and 2013, and Lync 2013 and 2016.

High

8.9

0.4348

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2015/11/10, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

Product : OneNote 2016
- C:\Program Files\Microsoft Office\Office16\OneNote.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

Product : PowerPoint 2016
- C:\Program Files\Microsoft Office\Office16\ppcore.dll has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

Product : Publisher 2016
- C:\Program Files\Microsoft Office\Office16\Mspub.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1000

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4300.1001

The remote Windows host is affected by multiple remote code execution vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, or Microsoft Office Compatibility Pack installed that is affected by multiple remote code execution vulnerabilities :

- Multiple memory corruption issues exist due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in an affected version of Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6040, CVE-2015-6118, CVE-2015-6122, CVE-2015-6124, CVE-2015-6177)

- A remote code execution vulnerability exists due to improper parsing of email messages. A remote attacker can exploit this vulnerability by convincing a user to open or preview a specially crafted email message, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-6172)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, and Microsoft Office Compatibility Pack.

High

8.9

0.3755

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

I

Published: 2015/12/08, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4312.1001

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint, Visual Basic, or Microsoft Office Compatibility Pack installed that is affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities exist in Microsoft SharePoint due to improper enforcement of Access Control Policy (ACP) configuration settings. A remote attacker can exploit these vulnerabilities, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2015-6117, CVE-2016-0011)

- Multiple remote code execution vulnerabilities exist in Microsoft Office due to improper handling of objects in memory. An attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in execution of arbitrary code in the context of the current user. (CVE-2016-0010, CVE-2016-0035)

- An information disclosure vulnerability exists in Microsoft Office due to a failure to use the Address Space Layout Randomization (ASLR) security feature. An attacker can exploit this to predict memory offsets of specific instructions in a call stack. (CVE-2016-0012)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, 2016, Word, Word Viewer, Excel, Excel Viewer, PowerPoint, Visio, SharePoint Server 2013, SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Visual Basic 6.0 Runtime.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.5962

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2016/01/12, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4324.1001

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4324.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Word, Word Viewer, Excel, Excel Viewer, SharePoint, Microsoft Office Compatibility Pack, or Office Web Apps installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0022, CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2015-0056)

- A cross-site scripting vulnerability exists in SharePoint due to improper sanitization of specially crafted web requests. An authenticated, remote attacker can exploit this, via a specially crafted web request, to execute arbitrary script code in a user's browser session. (CVE-2016-0039)

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Word, Word Viewer, Excel, Excel Viewer; SharePoint Server 2007, 2010, and 2013; SharePoint Foundation 2013, Microsoft Office Compatibility Pack, and Office Web Apps.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.3152

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/02/09, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4339.1000

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4339.1000

The remote Windows host is affected by multiple vulnerabilities.

The remote Windows host has a version of Microsoft Office, Office Compatibility Pack, Office Web Apps, Microsoft SharePoint, Microsoft Word, or Word Viewer installed that is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. An attacker can exploit these, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-0021, CVE-2016-0134)

- A security feature bypass vulnerability exists in Microsoft Office software due to an improperly signed binary file. An attacker with write access to the target host can exploit this, by overwriting the file with a malicious binary with a similar configuration, to execute arbitrary code. (CVE-2016-0057).

Microsoft has released a set of patches for Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft InfoPath 2007, 2010 and 2013; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; SharePoint Server 2010 and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

9.4

0.4852

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/03/08, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4351.1001

An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.

The version of Microsoft Office installed on the remote Windows host is affected by multiple remote code execution vulnerabilities due to improper handling of objects in memory. A remote attacker can exploit these issues by convincing a user to open a specially crafted file in Microsoft Office, resulting in the execution of arbitrary code in the context of the current user.

Microsoft has released a set of patches for Microsoft Office 2010;
Microsoft Word 2007, 2010, 2013, and 2013 RT; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Excel Viewer; SharePoint Server 2007, 2010, and 2013; Microsoft Office Compatibility Pack; and Office Web Apps 2010 and 2013.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.4064

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/04/12, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4366.1000

An application installed on the remote Windows host is affected by multiple remote code execution vulnerabilities.

The version of Microsoft Office installed on the remote Windows host is affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0126, CVE-2016-0140, CVE-2016-0198)

- A remote code execution vulnerability exists in the Windows Font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this by convincing a user to visit a specially crafted website or open a specially crafted file, resulting in the execution arbitrary code in the context of the current user. (CVE-2016-0183)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Word Viewer; Microsoft Office Compatibility Pack;
Office Web Apps 2010; and Microsoft SharePoint Server 2010.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

8.9

0.4037

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2016/05/10, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4378.1001

An application installed on the remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in Microsoft Office :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these by convincing a user to open a specially crafted file or visit a website that hosts such a file, resulting in the execution of arbitrary code in the context of the user.
(CVE-2016-0025, CVE-2016-3233)

- A flaw exists due to improper disclosure of memory contents. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, resulting in the disclosure of potentially sensitive information. (CVE-2016-3234)

- A flaw exists due to improper validation of input before loading OLE library files. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2016-3235)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007 and 2010; Microsoft Visio 2007, 2010, 2013, and 2016; Visio Viewer 2007 and 2010; Word Viewer;
Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013;
Microsoft SharePoint Server 2010 and 2013; and Office Online Server.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.8116

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Metasploit (true)

Published: 2016/06/15, Modified: 2023/04/25

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4393.1000

An application installed on the remote Windows host is affected by multiple vulnerabilities.

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-3278, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284)

- A remote code execution vulnerability exists in Microsoft Office software due to improper handling of XLA files. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted XLA file in Office, resulting in the execution of arbitrary code in the context of the current user.
(CVE-2016-3279)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016;
Microsoft Outlook 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2010, 2013, and 2013 RT; Excel Viewer; Word Viewer; Microsoft Office Compatibility Pack; Office Web Apps 2010 and 2013; Microsoft SharePoint Server 2010, 2013 and 2016; Microsoft SharePoint Foundation 2010 and 2013; and Office Online Server.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.5459

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2016/07/12, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4405.1000

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4405.1000

Product : Outlook 2016
- C:\Program Files\Microsoft Office\Office16\Outlook.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4405.1000

An application installed on the remote Windows host is affected by multiple vulnerabilities.

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these issues, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2016-3313, CVE-2016-3316, CVE-2016-3317, CVE-2016-3318)

- An information disclosure vulnerability exists in Microsoft OneNote due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted OneNote file, to disclose sensitive memory contents.
(CVE-2016-3315)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft OneNote 2007, 2010, 2013, 2013 RT, and 2016;
Microsoft Outlook 2007, 2010, 2013, and 2016; and Word Viewer.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.5027

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/08/10, Modified: 2023/02/17

Product : Microsoft Office 2016
KB : 3115415
- C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4417.1000

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4417.1000

Product : OneNote 2016
- C:\Program Files\Microsoft Office\Office16\OneNote.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4405.1000

Product : Outlook 2016
- C:\Program Files\Microsoft Office\Office16\Outlook.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4417.1000

An application installed on the remote host is affected by multiple vulnerabilities.

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the the Click-to-Run (C2R) components due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to obtain sensitive information and thereby bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2016-0137)

- An information disclosure vulnerability exists due to Visual Basic macros improperly exporting a user's private key from the certificate store while saving a document.
An unauthenticated, remote attacker can exploit this, by convincing a user to provide the saved document, to gain access to the user's private key. (CVE-2016-0141)

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. A remote attacker can exploit these, by convincing a user to open a specially crafted Office file, to execute arbitrary code in the context of the current user. (CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016-3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3381)

- A spoofing vulnerability exists in Microsoft Outlook due to a failure to conform to RFC2046 and properly identify the end of a MIME attachment. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted email attachment, to cause antivirus or antispam security features to fail. (CVE-2016-3366)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2007, 2010, 2013, and 2013 RT;
Microsoft Outlook 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Visio 2016; Office Compatibility Pack; Excel Viewer; PowerPoint Viewer; Word Viewer; Microsoft SharePoint Server 2007, 2010, and 2013; Office Web Apps 2010 and 2013; and Office Online Server.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.3241

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

7.3 (CVSS2#E:POC/RL:OF/RC:C)

II

Published: 2016/09/14, Modified: 2023/02/17

Product : Microsoft Office 2016
KB : 3118292
- C:\Program Files\Common Files\Microsoft Shared\Office16\mso.dll has not been patched.
Remote version : 16.0.4266.1001
Should be : 16.0.4432.1000

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4432.1003

Product : Outlook 2016
- C:\Program Files\Microsoft Office\Office16\Outlook.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4432.1001

An application installed on the remote host is affected by a remote code execution vulnerability.

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to improper handling of RTF files. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user.

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Word 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Office Compatibility Pack; Microsoft Word Viewer; Microsoft SharePoint Server 2010 and 2013; Microsoft Office Web Apps 2010 and 2013; and Office Online Server.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

8.9

0.712

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/10/12, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4444.1003

An application installed on the remote host is affected by multiple vulnerabilities.

The Microsoft Office application installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these by convincing a user to visit a specially crafted website or open a specially crafted Office file, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7245)

- An information disclosure vulnerability exists due to an out-of-bounds read error caused by an uninitialized variable. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted Office file, resulting in the disclosure of memory contents. (CVE-2016-7233)

- A denial of service vulnerability exists due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, resulting in a crash of the application. (CVE-2016-7244)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, 2013 RT, and 2016; Microsoft Excel 2007, 2010, 2013, 2013 RT, and 2016; Microsoft PowerPoint 2010; Microsoft Word 2007, 2010, 2013, and 2013 RT; Office Compatibility Pack; Excel Viewer;
PowerPoint Viewer; Word Viewer; Microsoft SharePoint Server 2010 and 2013; and Office Web Apps 2010 and 2013

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.5 (CVSS:3.0/E:H/RL:O/RC:C)

9.7

0.4835

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

8.1 (CVSS2#E:H/RL:OF/RC:C)

II

Published: 2016/11/08, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4456.1003

An application installed on the remote host is affected by a remote code execution vulnerability.

The version of Microsoft Word or Microsoft SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by a memory corruption issue due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office file, to execute arbitrary code in the context of the current user.

Microsoft has released a set of patches for Microsoft Word 2016 and SharePoint Server 2016

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

5.9

0.3361

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2017/01/10, Modified: 2023/02/17

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4483.1000

An application installed on the remote host is affected by multiple vulnerabilities.

The Microsoft Office application, Office Web Apps, or SharePoint Server installed on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple remote code execution vulnerabilities exist in Microsoft Office software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted document file, to execute arbitrary code in the context of the current user. (CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, CVE-2017-0053)

- An information disclosure vulnerability exists in Microsoft Office due to improper disclosure of memory contents. An unauthenticated, remote attacker can exploit this to disclose sensitive system memory information by convincing a user to open a specially crafted document file. (CVE-2017-0027)

- A denial of service vulnerability exists in Microsoft Office that allows an unauthenticated, remote attacker to cause Office to stop responding by convincing a user to open a specially crafted document file.
(CVE-2017-0029)

- An out-of-bounds read error exists in Microsoft Office due to an uninitialized variable. A local attacker can exploit this to disclose memory contents by opening a specially crafted document file. (CVE-2017-0105)

- A cross-site scripting (XSS) vulnerability exists in Microsoft SharePoint Server due to improper validation of input before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-0107)

Microsoft has released a set of patches for Microsoft Office 2007, 2010, 2013, and 2016; Microsoft Excel 2007, 2010, 2013, and 2016;
Microsoft Word 2007, 2010, 2013, and 2016; Microsoft Office Compatibility Pack; Microsoft Excel Viewer; Microsoft Word Viewer;
Microsoft SharePoint Server 2007, 2010, and 2013; Microsoft SharePoint Foundation 2013; and Microsoft Office Web Apps Server 2010 and 2013.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

6.8 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.4318

9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

6.9 (CVSS2#E:U/RL:OF/RC:C)

II

Published: 2017/03/15, Modified: 2023/02/17

Product : Excel 2016
- C:\Program Files\Microsoft Office\Office16\Excel.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4510.1000

Product : Word 2016
- C:\Program Files\Microsoft Office\Office16\WinWord.exe has not been patched.
Remote version : 16.0.4266.1001
Fixed version : 16.0.4510.1000

An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.

The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.

Medium

7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

6.4 (CVSS:3.0/E:U/RL:O/RC:C)

6.7

0.0214

6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)

5.0 (CVSS2#E:U/RL:OF/RC:C)

I

Published: 2024/03/15, Modified: 2024/03/18

Path : C:\Program Files\Azure Data Studio\
Installed version : 1.41.2.0
Fixed version : 1.48.0

A web application deployment tool on the remote Windows host is affected by a remote code execution vulnerability.

The version of Microsoft Web Deploy installed on the remote host is prior to 10.0.2001 It is, therefore, affected by a remote code execution vulnerability:

- Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
(CVE-2025-53772) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to Microsoft Web Deploy version 10.0.2001 or later.

High

8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.4

0.0052

9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

I

Published: 2025/08/12, Modified: 2025/08/15

Path : C:\Program Files\IIS\Microsoft Web Deploy V3\
Installed version : 10.0.1973
Fixed version : 10.0.2001

The remote Windows host has at least one service installed that uses an unquoted service path.

The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service.

Note that this is a generic test that will flag any application affected by the described vulnerability.

Ensure that any services that contain a space in the path enclose the path in quotes.

Medium

7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

7.0 (CVSS:3.0/E:P/RL:O/RC:C)

6.7

0.0078

6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

5.4 (CVSS2#E:POC/RL:OF/RC:C)

Metasploit (true)

Published: 2012/12/05, Modified: 2025/05/29

Nessus found the following service with an untrusted path :
ManageEngine UEMS - Agent Health Checker : C:\Program Files (x86)\ManageEngine\UEMS_Agent\\bin\UEMSAgentHealthChecker.exe

The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:

- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.

High

7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

7.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.4

0.0029

7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

6.0 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/07/14, Modified: 2025/12/09

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.90.0.0
Fixed version : 7.12 Beta 1

The remote Windows host has an application installed which is affected by a directory traversal vulnerability.

The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It is, therefore, affected by a vulnerability:

- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Upgrade to RARLAB WinRAR version 7.13 or later.

Critical

8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

8.2 (CVSS:3.0/E:F/RL:O/RC:C)

9.5

0.0562

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

8.3 (CVSS2#E:F/RL:OF/RC:C)

II

Published: 2025/08/11, Modified: 2025/08/21

Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.90.0.0
Fixed version : 7.13

The remote service supports the use of medium strength SSL ciphers.

The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.

Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.

Reconfigure the affected application if possible to avoid use of medium strength ciphers.

Medium

7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

6.1