KLA11633
Multiple vulnerabilities in Microsoft Office
Updated: 05/22/2020
Detect date
?
01/14/2020
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Microsoft OneDrive for Android can be exploited remotely.
  2. A memory corruption vulnerability in Microsoft Office can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
  4. A spoofing vulnerability in Microsoft Office Online can be exploited remotely via specially crafted request to spoof user interface.
Affected products

Microsoft Office 2019 for Mac
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016 for Mac
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Office Online Server
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (32-bit edition)
One Drive for Android
Microsoft Office 2019 for 64-bit editions
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 Service Pack 1 (64-bit editions)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-0654
CVE-2020-0652
CVE-2020-0653
CVE-2020-0650
CVE-2020-0651
CVE-2020-0647

Impacts
?
ACE 
[?]

SB 
[?]

SUI 
[?]
Related products
Microsoft Office
Microsoft Excel
CVE-IDS
?
CVE-2020-06540.0Unknown
CVE-2020-06520.0Unknown
CVE-2020-06530.0Unknown
CVE-2020-06500.0Unknown
CVE-2020-06510.0Unknown
CVE-2020-06470.0Unknown
KB list

4484221
4484236
4484234
4484243
4484217
4484227
4484223

Microsoft official advisories
Microsoft Security Update Guide