Kaspersky Threats

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, perform cross-site scripting attack, gain privileges.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Microsoft Word can be exploited remotely via special crafted file to execute arbitrary code.
A remote code execution vulnerability in Microsoft Project can be exploited remotely via specially crafted file to execute arbitrary code.
A remote code execution vulnerability in .NET Framework, SharePoint Server, and Visual Studio can be exploited remotely via specially crafted document to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
A cross-site-scripting (XSS) vulnerability in Office Web Apps can be exploited remotely via specially crafted request to spoof user interface.
A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface.
A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted email to execute arbitrary code.
An information disclosure vulnerability in Microsoft Office can be exploited to obtain sensitive information.
A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
A remote code execution vulnerability in PerformancePoint Services can be exploited remotely via specially crafted document to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability in Microsoft SharePoint Server can be exploited remotely via special crafted web to spoof user interface.
A remote code execution vulnerability in Microsoft Outlook can be exploited to execute arbitrary code.
An elevation of privilege vulnerability in Microsoft OneDrive can be exploited remotely via specially crafted application to gain privileges.
A cross-site-scripting (XSS) vulnerability in Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
An elevation of privilege vulnerability in Microsoft Office can be exploited remotely to gain privileges.

Original advisories

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

CVE list

CVE-2020-1147
high
CVE-2020-1409
critical
CVE-2020-1448
high
CVE-2020-1449
critical
CVE-2020-1454
warning
CVE-2020-1458
critical
CVE-2020-1456
warning
CVE-2020-1442
warning
CVE-2020-1443
warning
CVE-2020-1444
warning
CVE-2020-1445
warning
CVE-2020-1446
high
CVE-2020-1447
high
CVE-2020-1439
high
CVE-2020-1451
warning
CVE-2020-1349
high
CVE-2020-1465
high
CVE-2020-1450
warning
CVE-2020-1342
warning
CVE-2020-1240
critical
CVE-2020-1025
critical

KB list

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Microsoft Office