Описание
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to improper handling of objects in memory in Microsoft Office can be exploited via a specially designed file to execute arbitrary code;
- Multiple vulnerabilities related to incorrect handling of web requests in Microsoft Exchange Outlook Web Access can be exploited by sending a specially designed email message containing a malicious link to a user to execute arbitrary code;
- An improper sanitization of web requests in Microsoft SharePoint Server can be exploited via a specially designed web request to gain privileges;
- An open redirect vulnerability in Microsoft Exchange can be exploited by sending a link that has a specially designed URL and convincing a user to open it to spoof user interface.
Первичный источник обнаружения
- CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8569
CVE-2017-8570
CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8570
Эксплуатация
This vulnerability can be exploited by the following malware:
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-8570/
Public exploits exist for this vulnerability.
Связанные продукты
Список CVE
- CVE-2017-0243 critical
- CVE-2017-8501 critical
- CVE-2017-8502 critical
- CVE-2017-8570 critical
- CVE-2017-8569 critical
Список KB
- 3213537
- 2880514
- 3191833
- 3191894
- 3191897
- 3191902
- 3191907
- 3203459
- 3203468
- 3203469
- 3203477
- 3212224
- 3213544
- 3213545
- 3213555
- 3213559
- 3213624
- 3213640
- 3213657
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!