Kaspersky ID:
KLA11069
Дата обнаружения:
11/07/2017
Обновлено:
04/08/2024

Описание

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface.

Below is a complete list of vulnerabilities:

  1. Multiple vulnerabilities related to improper handling of objects in memory in Microsoft Office can be exploited via a specially designed file to execute arbitrary code;
  2. Multiple vulnerabilities related to incorrect handling of web requests in Microsoft Exchange Outlook Web Access can be exploited by sending a specially designed email message containing a malicious link to a user to execute arbitrary code;
  3. An improper sanitization of web requests in Microsoft SharePoint Server can be exploited via a specially designed web request to gain privileges;
  4. An open redirect vulnerability in Microsoft Exchange can be exploited by sending a link that has a specially designed URL and convincing a user to open it to spoof user interface.

Первичный источник обнаружения

Эксплуатация

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-8570/

Public exploits exist for this vulnerability.

Связанные продукты

Список CVE

  • CVE-2017-0243
    critical
  • CVE-2017-8501
    critical
  • CVE-2017-8502
    critical
  • CVE-2017-8570
    critical
  • CVE-2017-8569
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.