Описание
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and gain privileges.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Office can be exploited locally via a specially designed file to execute arbitrary code;
- An incorrect handling of objects in memory in Microsoft Graphics Component can be exploited remotely via a specially designed website to execute arbitrary code;
- An improper handling of embedded fonts in Win32k Graphics can be exploited remotely via a specially designed website to execute arbitrary code;
- Multiple vulnerabilities related to an incorrect handling of web requests in Microsoft SharePoint can be exploited remotely by sending a specially designed request to an affected server to gain privileges;
- An improper handing of objects in memory in Windows Graphics Device Interface (GDI) can be exploited locally by running a specially designed application on affected system to obtain sensitive information;
- An improper disclosure of content in memory in Windows Uniscribe can be exploited to obtain sensitive information.
Technical details
NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.
Первичный источник обнаружения
- ADV170015
CVE-2017-8567
CVE-2017-8632
CVE-2017-8630
CVE-2017-8631
CVE-2017-8682
CVE-2017-8744
CVE-2017-8745
CVE-2017-8742
CVE-2017-8695
CVE-2017-8696
CVE-2017-8629
CVE-2017-8725
CVE-2017-8676
CVE-2017-8743
CVE-2017-8676
CVE-2017-8682
CVE-2017-8695
CVE-2017-8696
CVE-2017-8745
CVE-2017-8744
CVE-2017-8743
CVE-2017-8742
CVE-2017-8725
CVE-2017-8632
CVE-2017-8631
CVE-2017-8630
CVE-2017-8629
CVE-2017-8567
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Office-Live-Meeting-2007
- Microsoft-Lync
- Microsoft-Office-PowerPoint
- Microsoft-Office
- Microsoft-Outlook
- Microsoft-Excel
- Microsoft-Word
- Microsoft-Sharepoint-Server
Список CVE
- CVE-2017-8676 warning
- CVE-2017-8682 critical
- CVE-2017-8695 warning
- CVE-2017-8696 critical
- CVE-2017-8745 warning
- CVE-2017-8744 critical
- CVE-2017-8743 critical
- CVE-2017-8742 critical
- CVE-2017-8725 critical
- CVE-2017-8632 critical
- CVE-2017-8631 critical
- CVE-2017-8630 critical
- CVE-2017-8629 warning
- CVE-2017-8567 critical
Список KB
- 3213649
- 3213644
- 3213646
- 3213641
- 3213642
- 3213560
- 4025867
- 3213562
- 3213564
- 3191831
- 4011117
- 3128030
- 4025868
- 3213631
- 4025865
- 4025866
- 4011113
- 3213638
- 4011069
- 3141537
- 4011041
- 4011040
- 4011065
- 4011064
- 4011089
- 4011062
- 4011061
- 4011134
- 3213658
- 3213626
- 3203474
- 3213551
- 3212225
- 4011056
- 4011055
- 4011050
- 4011038
- 4011063
- 4011107
- 3128027
- 4025869
- 4011090
- 4011091
- 3114428
- 4011103
- 4011126
- 4011127
- 3213632
- 4011108
- 4011125
- 4011110
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!