Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
511 Views 2 Replies Latest reply: May 29, 2013 11:55 AM by John M Sopp RSS
ed87 Newcomer 13 posts since
Nov 29, 2012
Currently Being Moderated

May 1, 2013 3:35 PM

MS Office Vulnerabilities Detected on Servers without Office

We have numerous servers that have Word, Excel, and other Office vulnerabilities detected by MVM, but they do not have Office installed.  All they have is the 2007 Office Compatibility Pack.

  • Community Leader 479 posts since
    Nov 3, 2009

    Hi Ed,


    It all comes down to the specific vulnerability MVM Is reporting.  Most of the time you can check the Microsoft KB article, and it may list the Compatibility Pack as vulnerable.  Regardless, if the Vulnerable versions of the various files are distributed in the Compatibility Pack, they are exploitable regardless if you're running the actual applications - which is why MVM flags the system as Vulnerable.

     

    I hope that helps!
    Cathy

  • John M Sopp The Place at McAfee Member 88 posts since
    Nov 17, 2009

    To further add to what Cathy said-this is normal. Often times office/software vulnerabilities are vulnerable because a shared library file is vulnerable, such as a DLL. If your system has the vulnerable version of the shared file it comes back as vulnerable until you remove that component or somehow update it.

     

    Don't be fooled by the vulnerability titles/names-they are just extracted from the original way the vulnerability was reported-it all ties in with the cve database/OVAL in some form.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points