Description
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Skype for Business and Lync can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Skype for Business and Lync can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Office can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Jet Red Database Engine and Access Connectivity Engine can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Microsoft SharePoint can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Office Graphics can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in Microsoft SharePoint Server can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Microsoft SharePoint can be exploited remotely to obtain sensitive information.
Original advisories
- CVE-2021-26421
- CVE-2021-26422
- CVE-2021-31178
- CVE-2021-28455
- CVE-2021-26418
- CVE-2021-31179
- CVE-2021-31180
- CVE-2021-28478
- CVE-2021-28474
- CVE-2021-31172
- CVE-2021-31177
- CVE-2021-31173
- CVE-2021-31176
- CVE-2021-31174
- CVE-2021-31175
- CVE-2021-31171
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Lync
- Microsoft-Office
- Microsoft-Excel
- Microsoft-Word
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Lync-Server
- Microsoft-Windows-10
CVE list
- CVE-2021-28455 critical
- CVE-2021-31181 critical
- CVE-2021-26421 high
- CVE-2021-26422 high
- CVE-2021-31178 high
- CVE-2021-26418 warning
- CVE-2021-31179 critical
- CVE-2021-31180 critical
- CVE-2021-28478 critical
- CVE-2021-28474 critical
- CVE-2021-31172 high
- CVE-2021-31177 critical
- CVE-2021-31173 high
- CVE-2021-31176 critical
- CVE-2021-31174 high
- CVE-2021-31175 critical
- CVE-2021-31171 warning
KB list
- 5001914
- 5001931
- 5001919
- 5001917
- 4493197
- 5003729
- 4464542
- 5001920
- 5001927
- 5001923
- 4493206
- 5001918
- 5001916
- 5001928
- 5001936
- 5001925
- 5001935
- 4504711
- 4484527
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!