Multiple vulnerabilities in Microsoft Office

Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface.

Below is a complete list of vulnerabilities:

1. An improper validating of input before loading DLL (dynamic link library) files can be exploited remotely by convincing a user to open a specially designed office document to execute arbitrary code;
2. An improper parsing of email messages can be exploited remotely by sending a specially designed email message and convincing a user to open it to execute arbitrary code;
3. An incorrect handling of parsing of file formats can be exploited remotely by convincing a user to open a specially designed file to bypass security restrictions;
4. Multiple vulnerabities related to an improper handling of objects in memory can be exploited remotely by sending a specially designed file via email and convincing a user to open it or by hosting a website which contains a malicious file and convince a user to open website to execute arbitrary code;
5. An incorrect validation and sanitizing of html input in Microsoft Outlook for Mac can be exploited remotely via a specially designed email with specific HTML tags to spoof user interface and show a malicious authentication prompt.

Первичный источник обнаружения

• ADV170008
  CVE-2017-8513
  CVE-2017-8512
  CVE-2017-8511
  CVE-2017-8510
  CVE-2017-8506
  CVE-2017-8507
  CVE-2017-8508
  CVE-2017-8545
  CVE-2017-8509
  CVE-2017-0284
  CVE-2017-8528
  CVE-2017-0292
  CVE-2017-0285
  CVE-2017-8534
  CVE-2017-0283
  CVE-2017-8550
  CVE-2017-0282
  CVE-2017-0260
  CVE-2017-8509
  CVE-2017-0286
  CVE-2017-0287
  CVE-2017-0288
  CVE-2017-0289
  CVE-2017-8527
  CVE-2017-8531
  CVE-2017-8532
  CVE-2017-8533
  CVE-2017-8506
  CVE-2017-8507
  CVE-2017-8508
  CVE-2017-8510
  CVE-2017-8511
  CVE-2017-8512
  CVE-2017-8513
  CVE-2017-8545
  CVE-2017-8551
  CVE-2017-8514
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats
• Microsoft-Office-PowerPoint
• Microsoft-Office
• Microsoft-Outlook
• Microsoft-Word
• Microsoft-Sharepoint-Server

Список CVE

• CVE-2017-0284
  warning
• CVE-2017-8528
  critical
• CVE-2017-0292
  critical
• CVE-2017-0285
  warning
• CVE-2017-8534
  warning
• CVE-2017-0283
  critical
• CVE-2017-8550
  warning
• CVE-2017-0282
  warning
• CVE-2017-0260
  critical
• CVE-2017-8509
  critical
• CVE-2017-0286
  warning
• CVE-2017-0287
  warning
• CVE-2017-0288
  warning
• CVE-2017-0289
  warning
• CVE-2017-8527
  critical
• CVE-2017-8531
  warning
• CVE-2017-8532
  warning
• CVE-2017-8533
  warning
• CVE-2017-8506
  critical
• CVE-2017-8507
  critical
• CVE-2017-8508
  warning
• CVE-2017-8510
  critical
• CVE-2017-8511
  critical
• CVE-2017-8512
  critical
• CVE-2017-8513
  critical
• CVE-2017-8545
  warning
• CVE-2017-8551
  warning
• CVE-2017-8514
  warning

Список KB

• 3203391
• 3203393
• 3191882
• 3203427
• 4020732
• 4020733
• 4020735
• 4020736
• 3178667
• 3203432
• 3203484
• 3203485
• 4020734
• 3191837
• 3162051
• 3203438
• 3191939
• 3203430
• 3203436
• 3203386
• 3203382
• 3212223
• 3203458
• 3118389
• 3191848
• 3191943
• 3191945
• 3191944
• 3191828
• 3203441
• 3191844
• 3203466
• 3203464
• 3203463
• 3203460
• 3191908
• 3203390
• 3203392
• 3172445
• 3191932
• 3191938
• 3127888
• 3203384
• 3203383
• 3191898
• 3127894
• 3118304
• 3203467
• 3203461
• 3203387
• 3213537
• 3203399

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com