Description
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface.
Below is a complete list of vulnerabilities:
- An improper validating of input before loading DLL (dynamic link library) files can be exploited remotely by convincing a user to open a specially designed office document to execute arbitrary code;
- An improper parsing of email messages can be exploited remotely by sending a specially designed email message and convincing a user to open it to execute arbitrary code;
- An incorrect handling of parsing of file formats can be exploited remotely by convincing a user to open a specially designed file to bypass security restrictions;
- Multiple vulnerabities related to an improper handling of objects in memory can be exploited remotely by sending a specially designed file via email and convincing a user to open it or by hosting a website which contains a malicious file and convince a user to open website to execute arbitrary code;
- An incorrect validation and sanitizing of html input in Microsoft Outlook for Mac can be exploited remotely via a specially designed email with specific HTML tags to spoof user interface and show a malicious authentication prompt.
Original advisories
- CVE-2017-8513
- CVE-2017-8512
- CVE-2017-8511
- CVE-2017-8510
- CVE-2017-8506
- CVE-2017-8507
- CVE-2017-8508
- CVE-2017-8545
- CVE-2017-8509
- CVE-2017-0284
- CVE-2017-8528
- CVE-2017-0292
- CVE-2017-0285
- CVE-2017-8534
- CVE-2017-0283
- CVE-2017-8550
- CVE-2017-0282
- CVE-2017-0260
- CVE-2017-8509
- CVE-2017-0286
- CVE-2017-0287
- CVE-2017-0288
- CVE-2017-0289
- CVE-2017-8527
- CVE-2017-8531
- CVE-2017-8532
- CVE-2017-8533
- CVE-2017-8506
- CVE-2017-8507
- CVE-2017-8508
- CVE-2017-8510
- CVE-2017-8511
- CVE-2017-8512
- CVE-2017-8513
- CVE-2017-8545
- CVE-2017-8551
- CVE-2017-8514
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats
- Microsoft-Office-PowerPoint
- Microsoft-Office
- Microsoft-Outlook
- Microsoft-Word
- Microsoft-Sharepoint-Server
CVE list
- CVE-2017-0284 warning
- CVE-2017-8528 critical
- CVE-2017-0292 critical
- CVE-2017-0285 warning
- CVE-2017-8534 warning
- CVE-2017-0283 critical
- CVE-2017-8550 warning
- CVE-2017-0282 warning
- CVE-2017-0260 critical
- CVE-2017-8509 critical
- CVE-2017-0286 warning
- CVE-2017-0287 warning
- CVE-2017-0288 warning
- CVE-2017-0289 warning
- CVE-2017-8527 critical
- CVE-2017-8531 warning
- CVE-2017-8532 warning
- CVE-2017-8533 warning
- CVE-2017-8506 critical
- CVE-2017-8507 critical
- CVE-2017-8508 warning
- CVE-2017-8510 critical
- CVE-2017-8511 critical
- CVE-2017-8512 critical
- CVE-2017-8513 critical
- CVE-2017-8545 warning
- CVE-2017-8551 warning
- CVE-2017-8514 warning
KB list
- 3203391
- 3203393
- 3191882
- 3203427
- 4020732
- 4020733
- 4020735
- 4020736
- 3178667
- 3203432
- 3203484
- 3203485
- 4020734
- 3191837
- 3162051
- 3203438
- 3191939
- 3203430
- 3203436
- 3203386
- 3203382
- 3212223
- 3203458
- 3118389
- 3191848
- 3191943
- 3191945
- 3191944
- 3191828
- 3203441
- 3191844
- 3203466
- 3203464
- 3203463
- 3203460
- 3191908
- 3203390
- 3203392
- 3172445
- 3191932
- 3191938
- 3127888
- 3203384
- 3203383
- 3191898
- 3127894
- 3118304
- 3203467
- 3203461
- 3203387
- 3213537
- 3203399
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!