Kaspersky Threats

Detect date

?

06/13/2017

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface.

Below is a complete list of vulnerabilities:

An improper validating of input before loading DLL (dynamic link library) files can be exploited remotely by convincing a user to open a specially designed office document to execute arbitrary code;
An improper parsing of email messages can be exploited remotely by sending a specially designed email message and convincing a user to open it to execute arbitrary code;
An incorrect handling of parsing of file formats can be exploited remotely by convincing a user to open a specially designed file to bypass security restrictions;
Multiple vulnerabities related to an improper handling of objects in memory can be exploited remotely by sending a specially designed file via email and convincing a user to open it or by hosting a website which contains a malicious file and convince a user to open website to execute arbitrary code;
An incorrect validation and sanitizing of html input in Microsoft Outlook for Mac can be exploited remotely via a specially designed email with specific HTML tags to spoof user interface and show a malicious authentication prompt.

Affected products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint 2007 Service Pack 3
Microsoft OneNote 2010 Service Pack 2
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1
Microsoft Outlook 2016
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1
Microsoft Word 2016
Microsoft Word for Mac 2011
Microsoft Word 2016 for Mac

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

ADV170008
CVE-2017-8513
CVE-2017-8512
CVE-2017-8511
CVE-2017-8510
CVE-2017-8506
CVE-2017-8507
CVE-2017-8508
CVE-2017-8545
CVE-2017-8509
CVE-2017-0284
CVE-2017-8528
CVE-2017-0292
CVE-2017-0285
CVE-2017-8534
CVE-2017-0283
CVE-2017-8550
CVE-2017-0282
CVE-2017-0260
CVE-2017-8509
CVE-2017-0286
CVE-2017-0287
CVE-2017-0288
CVE-2017-0289
CVE-2017-8527
CVE-2017-8531
CVE-2017-8532
CVE-2017-8533
CVE-2017-8506
CVE-2017-8507
CVE-2017-8508
CVE-2017-8510
CVE-2017-8511
CVE-2017-8512
CVE-2017-8513
CVE-2017-8545
CVE-2017-8551
CVE-2017-8514

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

SUI

[?]

Related products

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office PowerPoint
Microsoft Office
Microsoft Outlook
Microsoft Word
Microsoft Sharepoint Server

CVE-IDS

?

CVE-2017-02840.0Unknown
CVE-2017-85280.0Unknown
CVE-2017-02920.0Unknown
CVE-2017-02850.0Unknown
CVE-2017-85340.0Unknown
CVE-2017-02830.0Unknown
CVE-2017-85508.5Critical
CVE-2017-02820.0Unknown
CVE-2017-02600.0Unknown
CVE-2017-85099.3Critical
CVE-2017-02861.9Warning
CVE-2017-02871.9Warning
CVE-2017-02881.9Warning
CVE-2017-02891.9Warning
CVE-2017-85278.8Critical
CVE-2017-85314.3Warning
CVE-2017-85324.3Warning
CVE-2017-85334.3Warning
CVE-2017-85069.3Critical
CVE-2017-85079.3Critical
CVE-2017-85084.3Warning
CVE-2017-85109.3Critical
CVE-2017-85119.3Critical
CVE-2017-85129.3Critical
CVE-2017-85139.3Critical
CVE-2017-85454.3Warning
CVE-2017-85514.3Warning
CVE-2017-85143.5Warning

Microsoft official advisories

Microsoft Security Update Guide

KB list

3203391
3203393
3191882
3203427
4020732
4020733
4020735
4020736
3178667
3203432
3203484
3203485
4020734
3191837
3162051
3203438
3191939
3203430
3203436
3203386
3203382
3212223
3203458
3118389
3191848
3191943
3191945
3191944
3191828
3203441
3191844
3203466
3203464
3203463
3203460
3191908
3203390
3203392
3172445
3191932
3191938
3127888
3203384
3203383
3191898
3127894
3118304
3203467
3203461
3203387
3213537
3203399

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42235

https://www.exploit-db.com/exploits/42236

https://www.exploit-db.com/exploits/42234

https://www.exploit-db.com/exploits/42316

https://www.exploit-db.com/exploits/42237

https://www.exploit-db.com/exploits/42238

https://www.exploit-db.com/exploits/42239

https://www.exploit-db.com/exploits/42241

https://www.exploit-db.com/exploits/42240

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Detect date ?	06/13/2017
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: An improper validating of input before loading DLL (dynamic link library) files can be exploited remotely by convincing a user to open a specially designed office document to execute arbitrary code; An improper parsing of email messages can be exploited remotely by sending a specially designed email message and convincing a user to open it to execute arbitrary code; An incorrect handling of parsing of file formats can be exploited remotely by convincing a user to open a specially designed file to bypass security restrictions; Multiple vulnerabities related to an improper handling of objects in memory can be exploited remotely by sending a specially designed file via email and convincing a user to open it or by hosting a website which contains a malicious file and convince a user to open website to execute arbitrary code; An incorrect validation and sanitizing of html input in Microsoft Outlook for Mac can be exploited remotely via a specially designed email with specific HTML tags to spoof user interface and show a malicious authentication prompt.
Affected products	Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2016 Microsoft Office Compatibility Pack Service Pack 3 Microsoft PowerPoint 2007 Service Pack 3 Microsoft OneNote 2010 Service Pack 2 Microsoft Outlook 2007 Service Pack 3 Microsoft Outlook 2010 Service Pack 2 Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 Microsoft Outlook 2016 Microsoft SharePoint Server 2007 Service Pack 3 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 Microsoft Word 2016 Microsoft Word for Mac 2011 Microsoft Word 2016 for Mac
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	ADV170008 CVE-2017-8513 CVE-2017-8512 CVE-2017-8511 CVE-2017-8510 CVE-2017-8506 CVE-2017-8507 CVE-2017-8508 CVE-2017-8545 CVE-2017-8509 CVE-2017-0284 CVE-2017-8528 CVE-2017-0292 CVE-2017-0285 CVE-2017-8534 CVE-2017-0283 CVE-2017-8550 CVE-2017-0282 CVE-2017-0260 CVE-2017-8509 CVE-2017-0286 CVE-2017-0287 CVE-2017-0288 CVE-2017-0289 CVE-2017-8527 CVE-2017-8531 CVE-2017-8532 CVE-2017-8533 CVE-2017-8506 CVE-2017-8507 CVE-2017-8508 CVE-2017-8510 CVE-2017-8511 CVE-2017-8512 CVE-2017-8513 CVE-2017-8545 CVE-2017-8551 CVE-2017-8514
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?] SUI [?]
Related products	Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office PowerPoint Microsoft Office Microsoft Outlook Microsoft Word Microsoft Sharepoint Server
CVE-IDS ?	CVE-2017-02840.0Unknown CVE-2017-85280.0Unknown CVE-2017-02920.0Unknown CVE-2017-02850.0Unknown CVE-2017-85340.0Unknown CVE-2017-02830.0Unknown CVE-2017-85508.5Critical CVE-2017-02820.0Unknown CVE-2017-02600.0Unknown CVE-2017-85099.3Critical CVE-2017-02861.9Warning CVE-2017-02871.9Warning CVE-2017-02881.9Warning CVE-2017-02891.9Warning CVE-2017-85278.8Critical CVE-2017-85314.3Warning CVE-2017-85324.3Warning CVE-2017-85334.3Warning CVE-2017-85069.3Critical CVE-2017-85079.3Critical CVE-2017-85084.3Warning CVE-2017-85109.3Critical CVE-2017-85119.3Critical CVE-2017-85129.3Critical CVE-2017-85139.3Critical CVE-2017-85454.3Warning CVE-2017-85514.3Warning CVE-2017-85143.5Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	3203391 3203393 3191882 3203427 4020732 4020733 4020735 4020736 3178667 3203432 3203484 3203485 4020734 3191837 3162051 3203438 3191939 3203430 3203436 3203386 3203382 3212223 3203458 3118389 3191848 3191943 3191945 3191944 3191828 3203441 3191844 3203466 3203464 3203463 3203460 3191908 3203390 3203392 3172445 3191932 3191938 3127888 3203384 3203383 3191898 3127894 3118304 3203467 3203461 3203387 3213537 3203399
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/42235 https://www.exploit-db.com/exploits/42236 https://www.exploit-db.com/exploits/42234 https://www.exploit-db.com/exploits/42316 https://www.exploit-db.com/exploits/42237 https://www.exploit-db.com/exploits/42238 https://www.exploit-db.com/exploits/42239 https://www.exploit-db.com/exploits/42241 https://www.exploit-db.com/exploits/42240 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.