Description
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, perform cross-site scripting attack, gain privileges.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Microsoft Word can be exploited remotely via special crafted file to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Project can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in .NET Framework, SharePoint Server, and Visual Studio can be exploited remotely via specially crafted document to execute arbitrary code.
- A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
- A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted to execute arbitrary code.
- A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
- A cross-site-scripting (XSS) vulnerability in Office Web Apps can be exploited remotely via specially crafted request to spoof user interface.
- A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted email to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Office can be exploited to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in PerformancePoint Services can be exploited remotely via specially crafted document to execute arbitrary code.
- A cross-site-scripting (XSS) vulnerability in Microsoft SharePoint Server can be exploited remotely via special crafted web to spoof user interface.
- A remote code execution vulnerability in Microsoft Outlook can be exploited to execute arbitrary code.
- An elevation of privilege vulnerability in Microsoft OneDrive can be exploited remotely via specially crafted application to gain privileges.
- A cross-site-scripting (XSS) vulnerability in Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
- An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
- A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
- An elevation of privilege vulnerability in Microsoft Office can be exploited remotely to gain privileges.
Original advisories
- CVE-2020-1449
- CVE-2020-1147
- CVE-2020-1454
- CVE-2020-1458
- CVE-2020-1456
- CVE-2020-1442
- CVE-2020-1443
- CVE-2020-1444
- CVE-2020-1445
- CVE-2020-1446
- CVE-2020-1447
- CVE-2020-1439
- CVE-2020-1451
- CVE-2020-1349
- CVE-2020-1465
- CVE-2020-1450
- CVE-2020-1342
- CVE-2020-1409
- CVE-2020-1240
- CVE-2020-1025
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-.NET-Framework
- Microsoft-Office
- Microsoft-Outlook
- Microsoft-Excel
- Microsoft-Word
- Microsoft-Sharepoint-Server
CVE list
- CVE-2020-1147 high
- CVE-2020-1409 critical
- CVE-2020-1448 high
- CVE-2020-1449 critical
- CVE-2020-1454 warning
- CVE-2020-1458 critical
- CVE-2020-1456 warning
- CVE-2020-1442 warning
- CVE-2020-1443 warning
- CVE-2020-1444 warning
- CVE-2020-1445 warning
- CVE-2020-1446 high
- CVE-2020-1447 high
- CVE-2020-1439 high
- CVE-2020-1451 warning
- CVE-2020-1349 high
- CVE-2020-1465 high
- CVE-2020-1450 warning
- CVE-2020-1342 warning
- CVE-2020-1240 critical
- CVE-2020-1025 critical
KB list
- 4484443
- 4484441
- 4484440
- 4484446
- 4484357
- 4484370
- 4484448
- 4484353
- 4484374
- 4484463
- 4484460
- 4484363
- 4484450
- 4484451
- 4484452
- 4484453
- 4484348
- 4484433
- 4484456
- 4484458
- 4484438
- 4484436
- 4484381
- 4484382
- 4484411
- 4571332
- 4571333
- 4571334
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!