Kaspersky Threats — Hledaná stránka nebyla nalezena.<br>Můžete však vidět naše nejnovější popsané chyby zabezpečení a hrozby.

Popis

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, perform cross-site scripting attack, gain privileges.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Microsoft Word can be exploited remotely via special crafted file to execute arbitrary code.
A remote code execution vulnerability in Microsoft Project can be exploited remotely via specially crafted file to execute arbitrary code.
A remote code execution vulnerability in .NET Framework, SharePoint Server, and Visual Studio can be exploited remotely via specially crafted document to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
A cross-site-scripting (XSS) vulnerability in Office Web Apps can be exploited remotely via specially crafted request to spoof user interface.
A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface.
A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted email to execute arbitrary code.
An information disclosure vulnerability in Microsoft Office can be exploited to obtain sensitive information.
A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
A remote code execution vulnerability in PerformancePoint Services can be exploited remotely via specially crafted document to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability in Microsoft SharePoint Server can be exploited remotely via special crafted web to spoof user interface.
A remote code execution vulnerability in Microsoft Outlook can be exploited to execute arbitrary code.
An elevation of privilege vulnerability in Microsoft OneDrive can be exploited remotely via specially crafted application to gain privileges.
A cross-site-scripting (XSS) vulnerability in Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
An elevation of privilege vulnerability in Microsoft Office can be exploited remotely to gain privileges.

Oficiální doporučení

Vykořisťování

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Související produkty

seznam CVE

CVE-2020-1147
critical
CVE-2020-1409
critical
CVE-2020-1448
critical
CVE-2020-1449
critical
CVE-2020-1454
high
CVE-2020-1458
critical
CVE-2020-1456
high
CVE-2020-1442
high
CVE-2020-1443
high
CVE-2020-1444
warning
CVE-2020-1445
high
CVE-2020-1446
critical
CVE-2020-1447
critical
CVE-2020-1439
critical
CVE-2020-1451
high
CVE-2020-1349
critical
CVE-2020-1465
critical
CVE-2020-1450
high
CVE-2020-1342
high
CVE-2020-1240
critical
CVE-2020-1025
critical

seznam KB

Zobrazit více

Zjistěte statistiky zranitelností šířících se ve vaší oblasti statistics.securelist.com

Našli jste v popisu této chyby zabezpečení nepřesnost? Dej nám vědět!