Multiple vulnerabilities in Microsoft Office

Description

Multiple serious vulnerabilities have been found in Microsoft Office products. Malicious users can exploit these vulnerabilities to run arbitrary code, cause denial of service, loss of integrity, security bypass, privilege escalation and obtain sensitive information.

Below is a complete list of vulnerabilities

1. Microsoft Office improperly handles objects in memory while parsing crafted Office files which can lead to execution of arbitrary code in the context of the current user. If the current user have administrative user rights, malicious users could take complete control of the system. Users who have fewer user rights could be less impacted.
2. Vulnerability in Microsoft IME (Japanese) component can lead to gain access to the affected system with logged-in user rights. If the current user have administrative user rights, malicious users could take complete control of the system. Users who have fewer user rights could be less impacted.
3. MSCOMCTL common controls library does not properly implement ASLR which can lead to bypass the ASLR security feature via crafted web site. This vulnerability also known as “MSCOMCTL ASLR Vulnerability”.
4. Microsoft Office does not properly handle a crafted response while opening an Office document via web site which can lead to obtain sensitive token information. This information can be used to authenticate the current user on a targeted Microsoft online service. This vulnerability also known as “Token Reuse Vulnerability”.
5. Vulnerability in Microsoft Publisher library pubconv.dll can lead to execution arbitrary code as the current user via crafted files with ‘.pub’ extension. This vulnerability also known as “Arbitrary Pointer Dereference Vulnerability”.
6. Microsoft Office incorrect allocated memory while converting specially crafted files to a newer format which can lead to executing arbitrary code. If the current user have administrative user rights, malicious users could take complete control of the system. Users who have fewer user rights could be less impacted.
7. Microsoft Word has stack-buffer overflow vulnerability while opening specially crafted documents. This vulnerability can lead to executing arbitrary code as the current user. If the current user have administrative user rights, malicious users could take complete control of the system. Users who have fewer user rights could be less impacted. This vulnerability also known as “Microsoft Word Stack Overflow Vulnerability”.
8. Microsoft Word has remote code execution vulnerability while parses specially crafted RTF data. This vulnerability can lead to executing arbitrary code as the current user. If the current user have administrative user rights, malicious users could take complete control of the system.
9. Microsoft Office has remote code execution vulnerability while opening crafted Office document. This vulnerability can lead to executing arbitrary code and cause denial of service. Also malicious users can gain access to the affected system with logged-in user rights. If the current user have administrative user rights, malicious users could take complete control of the system. Users who have fewer user rights could be less impacted. This vulnerability also known as “Word Memory Corruption Vulnerability”.
10. Microsoft OneNote has remote code execution vulnerability while opening crafted OneNote file. This vulnerability can lead to executing arbitrary code as the current user. If the current user have administrative user rights, malicious users could take complete control of the system. Users who have fewer user rights could be less impacted. This vulnerability also known as “OneNote Remote Code Execution Vulnerability”.
11. Vulnerability in usp.dll library in the Unicode Script Processor can lead to executing arbitrary code or cause denial of service. Also malicious users can take complete control of the system. This vulnerability also known as “Unicode Scripts Processor Vulnerability”.
12. Vulnerability in GDI+ which can lead to executing arbitrary code via crafted image file. Also malicious users can take complete control of the system. This vulnerability also known as “GDI+ Image Parsing Vulnerability”.

Original advisories

• CVE-2014-1818

• CVE-2014-1817
• CVE-2014-2778
• CVE-2014-4077
• CVE-2014-0260
• CVE-2014-0259
• CVE-2014-2815
• CVE-2014-6333
• CVE-2014-6361
• CVE-2014-6360
• CVE-2014-6364
• CVE-2014-6357
• CVE-2014-1761
• CVE-2014-0258
• CVE-2014-1808
• CVE-2014-1756
• CVE-2014-1757
• CVE-2014-1758
• CVE-2014-6334
• CVE-2014-6335
• CVE-2014-4117
• CVE-2014-1809

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Office

CVE list

• CVE-2014-1818
  critical
• CVE-2014-1817
  critical
• CVE-2014-2778
  critical
• CVE-2014-4077
  critical
• CVE-2014-0260
  critical
• CVE-2014-0259
  critical
• CVE-2014-2815
  critical
• CVE-2014-6333
  critical
• CVE-2014-6361
  critical
• CVE-2014-6360
  critical
• CVE-2014-6364
  critical
• CVE-2014-6357
  critical
• CVE-2014-1761
  critical
• CVE-2014-0258
  critical
• CVE-2014-1808
  warning
• CVE-2014-1756
  critical
• CVE-2014-1757
  critical
• CVE-2014-1758
  critical
• CVE-2014-6334
  critical
• CVE-2014-6335
  critical
• CVE-2014-4117
  critical
• CVE-2014-1809
  high

KB list

• 2967487
• 2969261
• 2992719
• 3017301
• 3017349
• 3017347
• 3009710
• 3000434
• 2961033
• 2961037
• 2950145
• 2949660
• 2916605
• 2977201

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com