KLA11499
Multiple vulnerabilities in Microsoft Office
Updated: 06/26/2019
Detect date
?
06/11/2019
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code;
  2. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface;
  3. A denial of service vulnerability in Skype for Business and Lync Server can be exploited remotely via IMPORTANTTHING to cause denial of service;
  4. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
Affected products

Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2019 for 32-bit editions
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Word 2016 (32-bit edition)
Microsoft Office 2019 for Mac
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2013 RT Service Pack 1
Microsoft SharePoint Server 2019
Microsoft Office Online Server
Office 365 ProPlus for 32-bit Systems
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 64-bit editions
Office 365 ProPlus for 64-bit Systems
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Lync Server 2013
Microsoft Lync Server 2010
Microsoft Project Server 2010 Service Pack 2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1034
CVE-2019-1031
CVE-2019-1032
CVE-2019-1029
CVE-2019-1035
CVE-2019-1033
CVE-2019-1036

Impacts
?
ACE 
[?]

DoS 
[?]

SUI 
[?]
Related products
Microsoft Lync
Microsoft Word
Microsoft Lync Server
CVE-IDS
?
CVE-2019-10340.0Unknown
CVE-2019-10310.0Unknown
CVE-2019-10320.0Unknown
CVE-2019-10290.0Unknown
CVE-2019-10350.0Unknown
CVE-2019-10330.0Unknown
CVE-2019-10360.0Unknown
Microsoft official advisories
Microsoft Security Update Guide
KB list

4464596
4461619
4461621
4464594
4461611
4464590
4464602
4475511
4475512
4462178
4464597
4464571
4506009
4092442