KLA11287
Multiple vulnerabilities in Microsoft Office

Updated: 06/03/2020
Detect date
?
07/10/2018
Severity
?
Warning
Description

Multiple serious vulnerabilities were found in Microsoft Office Products. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, perform cross-site scripting.

Below is a complete list of vulnerabilities:

  1. A tampering vulnerability in MS Outlook can be exploited remotely via specially crafted email and attachment to embed untrusted TrueType fonts in the body of an email;
  2. A vulnerability in Microsoft Office products can be exploited remotely via specially crafted document to execute arbitrary code;
  3. A vulnerability in Skype for Business and Microsoft Lync can be exploited remotely via specially crafted content to gain privileges and execute arbitrary code;
  4. A vulnerability in Microsoft Access can be exploited remotely via specially crafted document to execute arbitrary code;
  5. A vulnerability in Microsoft Share Point Server can be exploited remotely via specially crafted request to gain privileges;
  6. A vulnerability in Skype for Business and Lync can be exploited remotely via specially crafted file to bypass security restrictions;
  7. A vulnerability in Microsoft SharePoint can be exploited remotely via a specially crafted SharePoint application package to execute arbitrary code;
  8. A vulnerability in Microsoft SharePoint Server can be exploited remotely via specially crafted request to gain privileges and to perform cross-site scripting;
Affected products

Skype for Business 2016 (32-bit)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Skype for Business 2016 (64-bit)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint Viewer
Microsoft Office Word Viewer
Microsoft Office 2016 for Mac
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel Viewer
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2016 (64-bit edition)
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Access 2013 Service Pack 1 (32-bit editions)
Microsoft Access 2013 Service Pack 1 (64-bit editions)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8310
CVE-2018-8281
CVE-2018-8311
CVE-2018-8312
CVE-2018-8323
CVE-2018-8238
CVE-2018-8300
CVE-2018-8299

Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Office
CVE-IDS
?
CVE-2018-83105.0Critical
CVE-2018-82819.3Critical
CVE-2018-83116.8High
CVE-2018-83129.3Critical
CVE-2018-83233.5Warning
CVE-2018-82389.3Critical
CVE-2018-83006.5High
CVE-2018-82993.5Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

4022224
4022200
4022225
4032214
4022202
4011202
4018351
4022221
4022228
4022218
4022243
4018338
4022235

Find out the statistics of the vulnerabilities spreading in your region