Kaspersky Threats

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain privileges.

Below is a complete list of vulnerabilities:

An improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed Microsoft Office file sent by an email or hosted on a website to execute arbitrary code;
An improper sanitizing of requests in Microsoft Sharepoint Server can be exploited remotely via a specially designed request to gain privileges;
Multiple unknown vulnerabilities can be exploited remotely via a file containing a malformed graphics image, by inserting a specially designed graphics image into document, by sending a malformed file via email or by posting a specially designed file on the website to execute arbitrary code;
Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed file sent by an email or hosted on a website to execute arbitrary code;

Technical details

To exploit all vulnerabilities, an attacker should convince a user to open a malicious file.

Ursprüngliche Informationshinweise

CVE Liste

CVE-2017-0281
critical
CVE-2017-0265
critical
CVE-2017-0264
critical
CVE-2017-0262
critical
CVE-2017-0261
critical
CVE-2017-0255
critical
CVE-2017-0254
critical

KB Liste

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!