Kaspersky Threats

Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain privileges.

Below is a complete list of vulnerabilities:

An improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed Microsoft Office file sent by an email or hosted on a website to execute arbitrary code;
An improper sanitizing of requests in Microsoft Sharepoint Server can be exploited remotely via a specially designed request to gain privileges;
Multiple unknown vulnerabilities can be exploited remotely via a file containing a malformed graphics image, by inserting a specially designed graphics image into document, by sending a malformed file via email or by posting a specially designed file on the website to execute arbitrary code;
Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed file sent by an email or hosted on a website to execute arbitrary code;

Technical details

To exploit all vulnerabilities, an attacker should convince a user to open a malicious file.

Первичный источник обнаружения

CVE-2017-0261
CVE-2017-0262
CVE-2017-0265
CVE-2017-0264
CVE-2017-0281
CVE-2017-0254
CVE-2017-0255
CVE-2017-0281
CVE-2017-0265
CVE-2017-0264
CVE-2017-0262
CVE-2017-0261
CVE-2017-0255
CVE-2017-0254

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

CVE-2017-0281
critical
CVE-2017-0265
critical
CVE-2017-0264
critical
CVE-2017-0262
critical
CVE-2017-0261
critical
CVE-2017-0255
warning
CVE-2017-0254
critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!