Description
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, gain privileges.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to execute arbitrary code.
- A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web request to spoof user interface.
- An information disclosure vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to execute arbitrary code.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to spoof user interface.
- A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
- An elevation of privilege vulnerability in OneDrive for Windows can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
- A tampering vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely via specially crafted page to execute arbitrary code.
Original advisories
- CVE-2020-1345
- CVE-2020-1224
- CVE-2020-1227
- CVE-2020-1200
- CVE-2020-1595
- CVE-2020-1205
- CVE-2020-1453
- CVE-2020-1575
- CVE-2020-1576
- CVE-2020-16851
- CVE-2020-1193
- CVE-2020-16852
- CVE-2020-1514
- CVE-2020-1594
- CVE-2020-16855
- CVE-2020-1198
- CVE-2020-1482
- CVE-2020-16853
- CVE-2020-1210
- CVE-2020-1338
- CVE-2020-1440
- CVE-2020-1218
- CVE-2020-1335
- CVE-2020-1332
- CVE-2020-1460
- CVE-2020-1523
Related products
CVE list
- CVE-2020-1452 critical
- CVE-2020-1345 high
- CVE-2020-1224 high
- CVE-2020-1227 high
- CVE-2020-1200 critical
- CVE-2020-1595 critical
- CVE-2020-1205 warning
- CVE-2020-1453 critical
- CVE-2020-1575 high
- CVE-2020-1576 critical
- CVE-2020-16851 high
- CVE-2020-1193 critical
- CVE-2020-16852 high
- CVE-2020-1514 high
- CVE-2020-1594 critical
- CVE-2020-16855 high
- CVE-2020-1198 high
- CVE-2020-1482 high
- CVE-2020-16853 high
- CVE-2020-1210 critical
- CVE-2020-1338 critical
- CVE-2020-1440 high
- CVE-2020-1218 critical
- CVE-2020-1335 critical
- CVE-2020-1332 critical
- CVE-2020-1460 critical
- CVE-2020-1523 critical
KB list
- 4484533
- 4484503
- 4486660
- 4486667
- 4484515
- 4484530
- 4484512
- 4484506
- 4484469
- 4486665
- 4484504
- 4486661
- 4484522
- 4484526
- 4484510
- 4484518
- 4484528
- 4484480
- 3101523
- 4484513
- 4484517
- 4486664
- 4484525
- 4484514
- 4484505
- 4484516
- 4484507
- 4484488
- 4484466
- 4484532
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!