KLA11049
Multiple vulnerabilities in Microsoft Office

Обновлено: 18/06/2020
Дата обнаружения
13/06/2017
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface.

Below is a complete list of vulnerabilities:

  1. An improper validating of input before loading DLL (dynamic link library) files can be exploited remotely by convincing a user to open a specially designed office document to execute arbitrary code;
  2. An improper parsing of email messages can be exploited remotely by sending a specially designed email message and convincing a user to open it to execute arbitrary code;
  3. An incorrect handling of parsing of file formats can be exploited remotely by convincing a user to open a specially designed file to bypass security restrictions;
  4. Multiple vulnerabities related to an improper handling of objects in memory can be exploited remotely by sending a specially designed file via email and convincing a user to open it or by hosting a website which contains a malicious file and convince a user to open website to execute arbitrary code;
  5. An incorrect validation and sanitizing of html input in Microsoft Outlook for Mac can be exploited remotely via a specially designed email with specific HTML tags to spoof user interface and show a malicious authentication prompt.
Пораженные продукты

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint 2007 Service Pack 3
Microsoft OneNote 2010 Service Pack 2 
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1
Microsoft Outlook 2016
Microsoft SharePoint Server 2007 Service Pack 3
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1
Microsoft Word 2016
Microsoft Word for Mac 2011
Microsoft Word 2016 for Mac

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
ADV170008
CVE-2017-8513
CVE-2017-8512
CVE-2017-8511
CVE-2017-8510
CVE-2017-8506
CVE-2017-8507
CVE-2017-8508
CVE-2017-8545
CVE-2017-8509
CVE-2017-0284
CVE-2017-8528
CVE-2017-0292
CVE-2017-0285
CVE-2017-8534
CVE-2017-0283
CVE-2017-8550
CVE-2017-0282
CVE-2017-0260
CVE-2017-8509
CVE-2017-0286
CVE-2017-0287
CVE-2017-0288
CVE-2017-0289
CVE-2017-8527
CVE-2017-8531
CVE-2017-8532
CVE-2017-8533
CVE-2017-8506
CVE-2017-8507
CVE-2017-8508
CVE-2017-8510
CVE-2017-8511
CVE-2017-8512
CVE-2017-8513
CVE-2017-8545
CVE-2017-8551
CVE-2017-8514
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office PowerPoint
Microsoft Office
Microsoft Outlook
Microsoft Word
Microsoft Sharepoint Server
CVE-IDS
CVE-2017-02841.9Warning
CVE-2017-85289.3Critical
CVE-2017-02929.3Critical
CVE-2017-02851.9Warning
CVE-2017-85344.3Warning
CVE-2017-02839.3Critical
CVE-2017-85504.3Warning
CVE-2017-02821.9Warning
CVE-2017-02609.3Critical
CVE-2017-85099.3Critical
CVE-2017-02861.9Warning
CVE-2017-02871.9Warning
CVE-2017-02881.9Warning
CVE-2017-02891.9Warning
CVE-2017-85279.3Critical
CVE-2017-85314.3Warning
CVE-2017-85324.3Warning
CVE-2017-85334.3Warning
CVE-2017-85069.3Critical
CVE-2017-85079.3Critical
CVE-2017-85084.3Warning
CVE-2017-85109.3Critical
CVE-2017-85119.3Critical
CVE-2017-85129.3Critical
CVE-2017-85139.3Critical
CVE-2017-85454.3Warning
CVE-2017-85514.3Warning
CVE-2017-85143.5Warning