Multiple vulnerabilities in Microsoft Office

説明

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to execute arbitrary code.
2. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web request to spoof user interface.
3. An information disclosure vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
4. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to execute arbitrary code.
5. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
6. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to spoof user interface.
7. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
8. An elevation of privilege vulnerability in OneDrive for Windows can be exploited remotely via specially crafted application to gain privileges.
9. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
10. An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
11. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
12. A tampering vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
13. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely via specially crafted page to execute arbitrary code.

オリジナルアドバイザリー

• CVE-2020-1452

• CVE-2020-1345
• CVE-2020-1224
• CVE-2020-1227
• CVE-2020-1200
• CVE-2020-1595
• CVE-2020-1205
• CVE-2020-1453
• CVE-2020-1575
• CVE-2020-1576
• CVE-2020-16851
• CVE-2020-1193
• CVE-2020-16852
• CVE-2020-1514
• CVE-2020-1594
• CVE-2020-16855
• CVE-2020-1198
• CVE-2020-1482
• CVE-2020-16853
• CVE-2020-1210
• CVE-2020-1338
• CVE-2020-1440
• CVE-2020-1218
• CVE-2020-1335
• CVE-2020-1332
• CVE-2020-1460
• CVE-2020-1523

エクスプロイテーション

Public exploits exist for this vulnerability.

関連製品

• Microsoft-Office
• Microsoft-Excel
• Microsoft-Word
• Microsoft-Windows

CVEリスト

• CVE-2020-1452
  critical
• CVE-2020-1345
  high
• CVE-2020-1224
  high
• CVE-2020-1227
  high
• CVE-2020-1200
  critical
• CVE-2020-1595
  critical
• CVE-2020-1205
  warning
• CVE-2020-1453
  critical
• CVE-2020-1575
  high
• CVE-2020-1576
  critical
• CVE-2020-16851
  high
• CVE-2020-1193
  critical
• CVE-2020-16852
  high
• CVE-2020-1514
  high
• CVE-2020-1594
  critical
• CVE-2020-16855
  high
• CVE-2020-1198
  high
• CVE-2020-1482
  high
• CVE-2020-16853
  high
• CVE-2020-1210
  critical
• CVE-2020-1338
  critical
• CVE-2020-1440
  high
• CVE-2020-1218
  critical
• CVE-2020-1335
  critical
• CVE-2020-1332
  critical
• CVE-2020-1460
  critical
• CVE-2020-1523
  critical

KBリスト

• 4484533
• 4484503
• 4486660
• 4486667
• 4484515
• 4484530
• 4484512
• 4484506
• 4484469
• 4486665
• 4484504
• 4486661
• 4484522
• 4484526
• 4484510
• 4484518
• 4484528
• 4484480
• 3101523
• 4484513
• 4484517
• 4486664
• 4484525
• 4484514
• 4484505
• 4484516
• 4484507
• 4484488
• 4484466
• 4484532

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com