KLA11633
Multiple vulnerabilities in Microsoft Office

Updated: 06/03/2020
Detect date
?
01/14/2020
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Microsoft OneDrive for Android can be exploited remotely.
  2. A memory corruption vulnerability in Microsoft Office can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
  4. A spoofing vulnerability in Microsoft Office Online can be exploited remotely via specially crafted request to spoof user interface.
Affected products

Microsoft Office 2019 for Mac
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2016 for Mac
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Office Online Server
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (32-bit edition)
One Drive for Android
Microsoft Office 2019 for 64-bit editions
Office 365 ProPlus for 32-bit Systems
Office 365 ProPlus for 64-bit Systems
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 Service Pack 1 (64-bit editions)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-0654
CVE-2020-0652
CVE-2020-0653
CVE-2020-0650
CVE-2020-0651
CVE-2020-0647

Impacts
?
ACE 
[?]

SB 
[?]

SUI 
[?]
Related products
Microsoft Office
Microsoft Excel
CVE-IDS
?
CVE-2020-06546.4High
CVE-2020-06526.8High
CVE-2020-06539.3Critical
CVE-2020-06509.3Critical
CVE-2020-06519.3Critical
CVE-2020-06475.8High
KB list

4484221
4484236
4484234
4484243
4484217
4484227
4484223

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region