Kaspersky Threats

Detect date

?

10/08/2019

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to gain privileges.
A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface.
A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted request to gain privileges.

Affected products

Excel Services
Microsoft Excel 2016 (32-bit edition)
Office Online Server
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2019 for Mac
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 for Mac
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Office 365 ProPlus for 32-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Office 365 ProPlus for 64-bit Systems
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Server 2019
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2016 (64-bit edition)
Microsoft SharePoint Enterprise Server 2016

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1070
CVE-2019-1329
CVE-2019-1328
CVE-2019-1331
CVE-2019-1327
CVE-2019-1330

Impacts

?

ACE

[?]

PE

[?]

SUI

[?]

Detect date ?	10/08/2019
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface. An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to gain privileges. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code. An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted request to gain privileges.
Affected products	Excel Services Microsoft Excel 2016 (32-bit edition) Office Online Server Microsoft Office 2016 (32-bit edition) Microsoft Office 2019 for Mac Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Office 2016 for Mac Microsoft Office 2016 (64-bit edition) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Excel 2013 RT Service Pack 1 Office 365 ProPlus for 32-bit Systems Microsoft Office 2019 for 32-bit editions Microsoft SharePoint Foundation 2010 Service Pack 2 Microsoft SharePoint Foundation 2013 Service Pack 1 Office 365 ProPlus for 64-bit Systems Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft SharePoint Server 2019 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Office 2019 for 64-bit editions Microsoft Excel 2016 (64-bit edition) Microsoft SharePoint Enterprise Server 2016
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-1070 CVE-2019-1329 CVE-2019-1328 CVE-2019-1331 CVE-2019-1327 CVE-2019-1330
Impacts ?	ACE [?] PE [?] SUI [?]
Related products	Microsoft Office Microsoft Excel
CVE-IDS ?	CVE-2019-10703.5Warning CVE-2019-13293.5Warning CVE-2019-13283.5Warning CVE-2019-13319.3Critical CVE-2019-13279.3Critical CVE-2019-13304.0Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	4484122 4484111 4475554 4484110 4475569 4484131 4475558 4484130 4462176 4484112 4484123 4462215 4475595 4475608
	Find out the statistics of the vulnerabilities spreading in your region

KLA11577Multiple vulnerability in Microsoft Office

KLA11577
Multiple vulnerability in Microsoft Office