説明
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Microsoft Office Click-to-Run can be exploited remotely via specially crafted file to gain privileges.
- A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
- An information disclosure vulnerability in Microsoft SharePoint can be exploited remotely to obtain sensitive information.
- A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
- A remote code execution vulnerability in Microsoft Outlook can be exploited remotely via specially crafted file to execute arbitrary code.
- A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
- An information disclosure vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted application to obtain sensitive information.
- A denial of service vulnerability in Microsoft Outlook can be exploited remotely via specially crafted email to cause denial of service.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted file to execute arbitrary code.
- A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
- A security feature bypass vulnerability in Microsoft Word can be exploited remotely via specially crafted file to bypass security restrictions.
- A remote code execution vulnerability in Base3D can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
オリジナルアドバイザリー
- CVE-2020-16929
- CVE-2020-16941
- CVE-2020-16946
- CVE-2020-16947
- CVE-2020-16944
- CVE-2020-16945
- CVE-2020-16948
- CVE-2020-16949
- CVE-2020-16942
- CVE-2020-16932
- CVE-2020-16952
- CVE-2020-16955
- CVE-2020-16954
- CVE-2020-16951
- CVE-2020-16950
- CVE-2020-16953
- CVE-2020-16934
- CVE-2020-16933
- CVE-2020-16918
- CVE-2020-16957
- CVE-2020-16930
- CVE-2020-16931
エクスプロイテーション
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
関連製品
CVEリスト
- CVE-2020-16918 critical
- CVE-2020-16928 critical
- CVE-2020-16929 critical
- CVE-2020-16941 high
- CVE-2020-16946 critical
- CVE-2020-16947 critical
- CVE-2020-16944 critical
- CVE-2020-16945 critical
- CVE-2020-16948 high
- CVE-2020-16949 critical
- CVE-2020-16942 warning
- CVE-2020-16932 critical
- CVE-2020-16952 critical
- CVE-2020-16955 critical
- CVE-2020-16954 critical
- CVE-2020-16951 critical
- CVE-2020-16950 high
- CVE-2020-16953 high
- CVE-2020-16934 critical
- CVE-2020-16933 critical
- CVE-2020-16957 critical
- CVE-2020-16930 critical
- CVE-2020-16931 critical
KBリスト
- 4486682
- 4486678
- 4484417
- 4486676
- 4486694
- 4486707
- 4486701
- 4486687
- 4486708
- 4486677
- 4486674
- 4486688
- 4484524
- 4486663
- 4486689
- 4484531
- 4486700
- 4486679
- 4486695
- 4486703
- 4484435
- 4486692
- 4462175
- 4486671
も参照してください
お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com
この脆弱性についての記述に不正確な点がありますか? お知らせください!