Описание
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information perform cross-site scripting and privilege escalations Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Office can be exploited locally via a specially designed file to execute arbitrary code;
- Multiple vulnerabilities in Microsoft SharePoint can be exploited remotely via specially designed web request to perform cross-site scripting;
- A vulnerability in Microsoft Outlook can be exploited via specially crafted document file to execute arbitrary code;
- A vulnerability in Microsoft Outlook can be exploited remotely to obtain sensitive information;
- A vulnerability in Skype for Business can be exploited remotely via specially designed authentication request to cause privilage escalation.
Technical details
NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative. NB: At this moment VENDOR has just reserved CVE numbers for these vulnerabilities. Information can be changed soon.
Первичный источник обнаружения
- ADV170017
CVE-2017-11776
CVE-2017-11777
CVE-2017-11774
CVE-2017-11775
CVE-2017-11786
CVE-2017-11820
CVE-2017-11826
CVE-2017-11825
CVE-2017-11775
CVE-2017-11776
CVE-2017-11777
CVE-2017-11786
CVE-2017-11820
CVE-2017-11825
CVE-2017-11826
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Access
- Microsoft-Lync
- Microsoft-Office-Access
- Microsoft-Office-PowerPoint
- Microsoft-Office-Visio
- Microsoft-Office
- Microsoft-Outlook
- Microsoft-Excel
- Microsoft-Word
- Microsoft-Sharepoint-Server
Список CVE
- CVE-2017-11774 critical
- CVE-2017-11775 high
- CVE-2017-11776 critical
- CVE-2017-11777 high
- CVE-2017-11786 critical
- CVE-2017-11820 high
- CVE-2017-11825 critical
- CVE-2017-11826 critical
Список KB
- 3213623
- 3213630
- 3213647
- 3213648
- 3213659
- 4011068
- 4011159
- 4011162
- 4011170
- 4011178
- 4011179
- 4011180
- 4011194
- 4011196
- 4011217
- 4011222
- 4011231
- 4011232
- 4011236
- 3213627
- 4022208
- 4022206
- 4022172
- 4022176
- 4022188
- 4022189
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com