KLA11197
Multiple vulnerabilities in Microsoft Office
Updated: 07/16/2019
Detect date
?
02/13/2018
Severity
?
High
Description

Multiple vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain priveleges and obtain sensitive information. Below is a complete list of vulnerabilities:

  1. Remote code execution vulnerability in Microsoft Office software can be exploited via specially crafted file to execute arbitrary code;
  2. An elevation of privilege vulnerability in Microsoft Outlook software can be exploited via specially crafted file to gain priveleges;
  3. An elevation of privilege vulnerability in Microsoft SharePoint Server software can be exploited via specially crafted request to gain priveleges;
  4. An information disclosure vulnerability in Microsoft Office software can be exploited via specially crafted file to obtain sensitive information.
Affected products

Microsoft SharePoint Enterprise Server 2016
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2010 Service Pack 2 
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office Word Viewer
Microsoft Project Server 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-0850
CVE-2018-0851
CVE-2018-0852
CVE-2018-0853
CVE-2018-0864
CVE-2018-0869
CVE-2018-0841

Impacts
?
ACE 
[?]

OSI 
[?]

PE 
[?]
Related products
Microsoft Office
Microsoft Outlook
Microsoft Sharepoint Server
CVE-IDS
?
CVE-2018-08504.3Warning
CVE-2018-08519.3Critical
CVE-2018-08529.3Critical
CVE-2018-08534.3Warning
CVE-2018-08643.5Warning
CVE-2018-08693.5Warning
CVE-2018-08419.3Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

4011200
4011682
4011711
4011697
4011690
4011686
4011707
4011703
4011715
3172459
4011143
3114874
4011680
4011701