Multiple arbitrary code execution vulnerabilities in Microsoft office

Description

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An improper validation of input before loading DLL files can be exploited remotely via a specially designed office document to execute arbitrary code;
2. An incorrect parsing of files can be exploited locally via a specially designed file or remotely via email containg specially designed office document to execute arbitrary code.

---

Technical details

Vulnerability (1) exists in Microsoft OneNote products from the list; vulnerability (2) exists in the rest of the affected products list.

Original advisories

• Microsoft Security Update Guide

• CVE-2017-0197
• CVE-2017-0199

Exploitation

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/

https://threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/

https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/

Public exploits exist for this vulnerability.

Related products

• Microsoft-Office

CVE list

• CVE-2017-0197
  critical
• CVE-2017-0199
  critical

KB list

• 4015549
• 4015551
• 4015548
• 3191829
• 2589382
• 4015546
• 3141529
• 3141538
• 3178710
• 4014793
• 3178703

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com