Kaspersky Threats

Detect date

?

08/14/2018

Severity

?

High

Description

Multiple serious vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

Multiple improper object handling vulnerabilities in Microsoft Excel can be exploited remotely to execute arbitrary code;
An out-of-bound memory read vulnerability can be exploited remotely to obtain sensitive information;
An improper object handling vulnerability in Microsoft PowerPoint can be exploited remotely to execute arbitrary code;
An improper object handling vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.

Affected products

Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8379
CVE-2018-8375
CVE-2018-8412
CVE-2018-8378
CVE-2018-8376
CVE-2018-8382
ADV180021
CVE-2018-8379
CVE-2018-8375
CVE-2018-8412
CVE-2018-8378
CVE-2018-8376

Impacts

?

ACE

[?]

OSI

[?]

PE

[?]

Detect date ?	08/14/2018
Severity ?	High
Description	Multiple serious vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: Multiple improper object handling vulnerabilities in Microsoft Excel can be exploited remotely to execute arbitrary code; An out-of-bound memory read vulnerability can be exploited remotely to obtain sensitive information; An improper object handling vulnerability in Microsoft PowerPoint can be exploited remotely to execute arbitrary code; An improper object handling vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
Affected products	Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack Service Pack 3
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2018-8379 CVE-2018-8375 CVE-2018-8412 CVE-2018-8378 CVE-2018-8376 CVE-2018-8382 ADV180021 CVE-2018-8379 CVE-2018-8375 CVE-2018-8412 CVE-2018-8378 CVE-2018-8376
Impacts ?	ACE [?] OSI [?] PE [?]
Related products	Microsoft Office
CVE-IDS ?	CVE-2018-83797.8Critical CVE-2018-83757.8Critical CVE-2018-84127.8Critical CVE-2018-83785.5High CVE-2018-83768.8Critical CVE-2018-83825.5High
KB list	4018310 4018392 4032213 4032222 4032240 3213636 4022238 4022236 4032220 4032212 4032233 4032239 4022234 4032256 4022195 4032229 4032223 4092434 4022198 4032241 4032215 4092433 4032235
Microsoft official advisories	Microsoft Security Update Guide