Kaspersky ID:
KLA11864
Detect Date:
07/14/2020
Updated:
01/22/2024

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, perform cross-site scripting attack, gain privileges.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Word can be exploited remotely via special crafted file to execute arbitrary code.
  2. A remote code execution vulnerability in Microsoft Project can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in .NET Framework, SharePoint Server, and Visual Studio can be exploited remotely via specially crafted document to execute arbitrary code.
  4. A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
  5. A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted to execute arbitrary code.
  6. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
  7. A cross-site-scripting (XSS) vulnerability in Office Web Apps can be exploited remotely via specially crafted request to spoof user interface.
  8. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface.
  9. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted email to execute arbitrary code.
  10. An information disclosure vulnerability in Microsoft Office can be exploited to obtain sensitive information.
  11. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
  12. A remote code execution vulnerability in PerformancePoint Services can be exploited remotely via specially crafted document to execute arbitrary code.
  13. A cross-site-scripting (XSS) vulnerability in Microsoft SharePoint Server can be exploited remotely via special crafted web to spoof user interface.
  14. A remote code execution vulnerability in Microsoft Outlook can be exploited to execute arbitrary code.
  15. An elevation of privilege vulnerability in Microsoft OneDrive can be exploited remotely via specially crafted application to gain privileges.
  16. A cross-site-scripting (XSS) vulnerability in Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
  17. An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
  18. A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
  19. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
  20. An elevation of privilege vulnerability in Microsoft Office can be exploited remotely to gain privileges.

Original advisories

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2020-1147
    high
  • CVE-2020-1409
    critical
  • CVE-2020-1448
    high
  • CVE-2020-1449
    critical
  • CVE-2020-1454
    warning
  • CVE-2020-1458
    critical
  • CVE-2020-1456
    warning
  • CVE-2020-1442
    warning
  • CVE-2020-1443
    warning
  • CVE-2020-1444
    warning
  • CVE-2020-1445
    warning
  • CVE-2020-1446
    high
  • CVE-2020-1447
    high
  • CVE-2020-1439
    high
  • CVE-2020-1451
    warning
  • CVE-2020-1349
    high
  • CVE-2020-1465
    high
  • CVE-2020-1450
    warning
  • CVE-2020-1342
    warning
  • CVE-2020-1240
    critical
  • CVE-2020-1025
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.