Kaspersky Threats

Detect date

?

04/11/2017

Severity

?

High

Description

An unspecified vulnerability was found in the EPS (Encapsulated PostScript) filter in Microsoft Office. By exploiting this vulnerability malicious users can possibly execute arbitrary code. This vulnerability can be exploited remotely via a specially designed website or file.

NB: This vulnerability does not have any public CVSS rating so rating can be changed by the time.

Affected products

Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

ADV170005
Microsoft Security Advisory
CVE-2017-0197
CVE-2017-0199

Impacts

?

ACE

[?]

Related products

Microsoft Office

CVE-IDS

?

CVE-2017-01979.3Critical
CVE-2017-01999.3Critical

Microsoft official advisories

Microsoft Security Update Guide

KB list

3212218
3191829
2589382
3141529
3141538
3178710
3178703
3178702

Exploitation

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/

https://threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/

https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42995

https://www.exploit-db.com/exploits/41894

https://www.exploit-db.com/exploits/41934

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/

https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/

https://threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/

Detect date ?	04/11/2017
Severity ?	High
Description	An unspecified vulnerability was found in the EPS (Encapsulated PostScript) filter in Microsoft Office. By exploiting this vulnerability malicious users can possibly execute arbitrary code. This vulnerability can be exploited remotely via a specially designed website or file. NB: This vulnerability does not have any public CVSS rating so rating can be changed by the time.
Affected products	Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	ADV170005 Microsoft Security Advisory CVE-2017-0197 CVE-2017-0199
Impacts ?	ACE [?]
Related products	Microsoft Office
CVE-IDS ?	CVE-2017-01979.3Critical CVE-2017-01999.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	3212218 3191829 2589382 3141529 3141538 3178710 3178703 3178702
Exploitation	This vulnerability can be exploited by the following malware: https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/ https://threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/ https://threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/ https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/ The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/42995 https://www.exploit-db.com/exploits/41894 https://www.exploit-db.com/exploits/41934 https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-0199/ https://threats.kaspersky.com/en/threat/Exploit.MSOffice.Oleink/ https://threats.kaspersky.com/en/threat/Trojan-PSW.Win32.Azorult/ https://threats.kaspersky.com/en/threat/Trojan.Win32.FormBook/

KLA11024Defense-in-Depth Update for Microsoft Office

KLA11024
Defense-in-Depth Update for Microsoft Office