Kaspersky Threats

Detect date

?

05/09/2017

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain privileges.

Below is a complete list of vulnerabilities:

An improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed Microsoft Office file sent by an email or hosted on a website to execute arbitrary code;
An improper sanitizing of requests in Microsoft Sharepoint Server can be exploited remotely via a specially designed request to gain privileges;
Multiple unknown vulnerabilities can be exploited remotely via a file containing a malformed graphics image, by inserting a specially designed graphics image into document, by sending a malformed file via email or by posting a specially designed file on the website to execute arbitrary code;
Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed file sent by an email or hosted on a website to execute arbitrary code;

Technical details

To exploit all vulnerabilities, an attacker should convince a user to open a malicious file.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1
Microsoft PowerPoint for Mac 2011
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Word Viewer
Skype for Business 2016

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-0261
CVE-2017-0262
CVE-2017-0265
CVE-2017-0264
CVE-2017-0281
CVE-2017-0254
CVE-2017-0255
CVE-2017-0281
CVE-2017-0265
CVE-2017-0264
CVE-2017-0262
CVE-2017-0261
CVE-2017-0255
CVE-2017-0254

Impacts

?

ACE

[?]

PE

[?]

Detect date ?	05/09/2017
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain privileges. Below is a complete list of vulnerabilities: An improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed Microsoft Office file sent by an email or hosted on a website to execute arbitrary code; An improper sanitizing of requests in Microsoft Sharepoint Server can be exploited remotely via a specially designed request to gain privileges; Multiple unknown vulnerabilities can be exploited remotely via a file containing a malformed graphics image, by inserting a specially designed graphics image into document, by sending a malformed file via email or by posting a specially designed file on the website to execute arbitrary code; Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed file sent by an email or hosted on a website to execute arbitrary code; Technical details To exploit all vulnerabilities, an attacker should convince a user to open a malicious file.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016 Microsoft Office 2016 for Mac Microsoft Office Enterprise Server 2016 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 Microsoft PowerPoint for Mac 2011 Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Word Viewer Skype for Business 2016
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2017-0261 CVE-2017-0262 CVE-2017-0265 CVE-2017-0264 CVE-2017-0281 CVE-2017-0254 CVE-2017-0255 CVE-2017-0281 CVE-2017-0265 CVE-2017-0264 CVE-2017-0262 CVE-2017-0261 CVE-2017-0255 CVE-2017-0254
Impacts ?	ACE [?] PE [?]
Related products	Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office Microsoft Word Microsoft Sharepoint Server
CVE-IDS ?	CVE-2017-02819.3Critical CVE-2017-02659.3Critical CVE-2017-02649.3Critical CVE-2017-02629.3Critical CVE-2017-02619.3Critical CVE-2017-02553.5Warning CVE-2017-02549.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3191841 3191835 3191904 3191888 3191909 3191880 3191836 3191843 3178729 3191865 3162040 3191839 3118310 3172458 3114375 3191895 2596904 3191899 3191885 3191863 3191881 3191890 3191913 3191858 3191914 3191915 3212221
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA11010Remote code execution and elevation of privilege vulnerabilities in Microsoft Office

KLA11010
Remote code execution and elevation of privilege vulnerabilities in Microsoft Office