KLA11287
Multiple vulnerabilities in Microsoft Office
Updated: 07/16/2019
Detect date
?
07/10/2018
Severity
?
Warning
Description

Multiple serious vulnerabilities were found in Microsoft Office Products. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, perform cross-site scripting.

Below is a complete list of vulnerabilities:

  1. A tampering vulnerability in MS Outlook can be exploited remotely via specially crafted email and attachment to embed untrusted TrueType fonts in the body of an email;
  2. A vulnerability in Microsoft Office products can be exploited remotely via specially crafted document to execute arbitrary code;
  3. A vulnerability in Skype for Business and Microsoft Lync can be exploited remotely via specially crafted content to gain privileges and execute arbitrary code;
  4. A vulnerability in Microsoft Access can be exploited remotely via specially crafted document to execute arbitrary code;
  5. A vulnerability in Microsoft Share Point Server can be exploited remotely via specially crafted request to gain privileges;
  6. A vulnerability in Skype for Business and Lync can be exploited remotely via specially crafted file to bypass security restrictions;
  7. A vulnerability in Microsoft SharePoint can be exploited remotely via a specially crafted SharePoint application package to execute arbitrary code;
  8. A vulnerability in Microsoft SharePoint Server can be exploited remotely via specially crafted request to gain privileges and to perform cross-site scripting;
Affected products

Skype for Business 2016 (32-bit)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Skype for Business 2016 (64-bit)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint Viewer
Microsoft Office Word Viewer
Microsoft Office 2016 for Mac
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel Viewer
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2016 (64-bit edition)
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Access 2013 Service Pack 1 (32-bit editions)
Microsoft Access 2013 Service Pack 1 (64-bit editions)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8310
CVE-2018-8281
CVE-2018-8311
CVE-2018-8312
CVE-2018-8323
CVE-2018-8238
CVE-2018-8300
CVE-2018-8299

Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Office
CVE-IDS
?
CVE-2018-83107.5Critical
CVE-2018-82817.8Critical
CVE-2018-83118.8Critical
CVE-2018-83127.8Critical
CVE-2018-83235.4High
CVE-2018-82387.8Critical
CVE-2018-83007.8Critical
CVE-2018-82995.4High
Microsoft official advisories
Microsoft Security Update Guide
KB list

4022224
4022200
4022225
4032214
4022202
4011202
4018351
4022221
4022228
4022218
4022243
4018338
4022235