Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Vulnerabilities

Multiple vulnerabilities in Microsoft Office

Kaspersky ID:
KLA78976
Detect Date:
01/14/2025
Updated:
02/13/2025

Description

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Microsoft Office Visio can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
  4. A security feature bypass vulnerability in Microsoft Excel can be exploited remotely to bypass security restrictions.
  5. A remote code execution vulnerability in Microsoft Office OneNote can be exploited remotely to execute arbitrary code.
  6. A spoofing vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
  7. A security feature bypass vulnerability in Microsoft Office can be exploited remotely to bypass security restrictions.
  8. A remote code execution vulnerability in Microsoft Access can be exploited remotely to execute arbitrary code.
  9. An elevation of privilege vulnerability in Microsoft AutoUpdate (MAU) can be exploited remotely to gain privileges.
  10. A remote code execution vulnerability in Microsoft Outlook can be exploited remotely to execute arbitrary code.
  11. A remote code execution vulnerability in GDI+ can be exploited remotely to execute arbitrary code.
  12. A remote code execution vulnerability in Microsoft Office can be exploited remotely to execute arbitrary code.
  13. A remote code execution vulnerability in Microsoft Word can be exploited remotely to execute arbitrary code.

Original advisories

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2025-21338
    critical
  • CVE-2025-21354
    critical
  • CVE-2025-21356
    critical
  • CVE-2025-21345
    critical
  • CVE-2025-21344
    critical
  • CVE-2025-21364
    critical
  • CVE-2025-21402
    critical
  • CVE-2025-21393
    high
  • CVE-2025-21348
    high
  • CVE-2025-21346
    critical
  • CVE-2025-21362
    critical
  • CVE-2025-21395
    critical
  • CVE-2025-21360
    critical
  • CVE-2025-21361
    critical
  • CVE-2025-21357
    high
  • CVE-2025-21366
    critical
  • CVE-2025-21365
    critical
  • CVE-2025-21363
    critical
  • CVE-2025-21186
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
21 February 2025
Securelist
Angry Likho: Old beasts in a new forest
20 February 2025
Securelist
Managed detection and response in 2024
19 February 2025
Securelist
Spam and phishing in 2024
18 February 2025
Securelist
StaryDobry ruins New Year’s Eve, delivering miner instead of presents
05 February 2025
Securelist
Investors, Trump and the Illuminati: What the “Nigerian prince” scams became in 2024
05 February 2025
Securelist
Take my money: OCR crypto stealers in Google Play and App Store
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Kaspersky ID
Vulnerability
Detect date
Severity
Confirm changes?
Your message has been sent successfully.