Description
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions or execute arbitrary code.
Below is a complete list of vulnerabilities:
- An improper handling of objects in memory in Microsoft Access can be exploited locally via a specially designed document to execute arbitrary code;
- An incorrect checking of macro settings in Microsoft Office Excel can be exploited locally via a specially designed document to bypass security restrictions;
- An improper handling of requests in Microsoft SharePoint can be exploited remotely via a specially designed request to gain privileges;
- Out-of-bound vulnerability in Microsoft Office can be exploited locally via a specially designed document to obtain sensitive information;
- Memory corruption vulnerability in Microsoft Office can be exploited locally via a specially crafted document or remotely via a specially designed website to execute arbitrary code;
- An improper tenant permissions verification in Microsoft SharePoint Server can be exploited remotely via a specially designed request to gain privileges.
Original advisories
- CVE-2018-0907
- CVE-2018-0909
- CVE-2018-0910
- CVE-2018-0911
- CVE-2018-0912
- CVE-2018-0913
- CVE-2018-0914
- CVE-2018-0915
- CVE-2018-0916
- CVE-2018-0917
- CVE-2018-0919
- CVE-2018-0921
- CVE-2018-0922
- CVE-2018-0923
- CVE-2018-0944
- CVE-2018-0947
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2018-0903 high
- CVE-2018-0907 high
- CVE-2018-0909 high
- CVE-2018-0910 high
- CVE-2018-0911 high
- CVE-2018-0912 high
- CVE-2018-0913 high
- CVE-2018-0914 high
- CVE-2018-0915 high
- CVE-2018-0916 high
- CVE-2018-0917 high
- CVE-2018-0919 warning
- CVE-2018-0921 high
- CVE-2018-0922 critical
- CVE-2018-0923 high
- CVE-2018-0944 high
- CVE-2018-0947 high
KB list
- 3114416
- 4011023
- 4011234
- 4011665
- 4011673
- 4011674
- 4011675
- 4011688
- 4011692
- 4011695
- 4011705
- 4011709
- 4011714
- 4011720
- 4011721
- 4011727
- 4011730
- 4018291
- 4018293
- 4018298
- 4018304
- 4018305
- 4018309
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!