KLA11069
Multiple vulnerabilities in Microsoft Office
Updated: 06/26/2019
Detect date
?
07/11/2017
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface.

Below is a complete list of vulnerabilities:

  1. Multiple vulnerabilities related to improper handling of objects in memory in Microsoft Office can be exploited via a specially designed file to execute arbitrary code;
  2. Multiple vulnerabilities related to incorrect handling of web requests in Microsoft Exchange Outlook Web Access can be exploited by sending a specially designed email message containing a malicious link to a user to execute arbitrary code;
  3. An improper sanitization of web requests in Microsoft SharePoint Server can be exploited via a specially designed web request to gain privileges;
  4. An open redirect vulnerability in Microsoft Exchange can be exploited by sending a link that has a specially designed URL and convincing a user to open it to spoof user interface.
Affected products

Microsoft Exchange Server 2016 Cumulative Update 5
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Microsoft Office Online Server 2016
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft SharePoint Enterprise Server 2013
Microsoft SharePoint Enterprise Server 2016
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013 Cumulative Update 16
Microsoft Exchange Server 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8569
CVE-2017-8570
CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8570

Impacts
?
ACE 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Office
Microsoft Excel
Microsoft Sharepoint Server
Microsoft Exchange Server
CVE-IDS
?
CVE-2017-02439.3Critical
CVE-2017-85019.3Critical
CVE-2017-85029.3Critical
CVE-2017-85709.3Critical
CVE-2017-85696.5High
Microsoft official advisories
Microsoft Security Update Guide
KB list

3213537
2880514
3191833
3191894
3191897
3191902
3191907
3203459
3203468
3203469
3203477
3212224
3213544
3213545
3213555
3213559
3213624
3213640
3213657