Description
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to improper handling of objects in memory in Microsoft Office can be exploited via a specially designed file to execute arbitrary code;
- Multiple vulnerabilities related to incorrect handling of web requests in Microsoft Exchange Outlook Web Access can be exploited by sending a specially designed email message containing a malicious link to a user to execute arbitrary code;
- An improper sanitization of web requests in Microsoft SharePoint Server can be exploited via a specially designed web request to gain privileges;
- An open redirect vulnerability in Microsoft Exchange can be exploited by sending a link that has a specially designed URL and convincing a user to open it to spoof user interface.
Original advisories
- CVE-2017-8501
- CVE-2017-8502
- CVE-2017-8569
- CVE-2017-8570
- CVE-2017-0243
- CVE-2017-8501
- CVE-2017-8502
- CVE-2017-8570
Exploitation
This vulnerability can be exploited by the following malware:
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-8570/
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2017-0243 critical
- CVE-2017-8501 critical
- CVE-2017-8502 critical
- CVE-2017-8570 critical
- CVE-2017-8569 critical
KB list
- 3213537
- 2880514
- 3191833
- 3191894
- 3191897
- 3191902
- 3191907
- 3203459
- 3203468
- 3203469
- 3203477
- 3212224
- 3213544
- 3213545
- 3213555
- 3213559
- 3213624
- 3213640
- 3213657
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!