Описание
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information or execute arbitrary code.
Below is a complete list of vulnerabilities:
- An incorrect handling of requests in Microsoft SharePoint Server can be exploited remotely via a specially designed request to gain privileges;
- Multiple improper handling of objects in memory vulnerabilities in Microsoft Excel can be exploited locally via a specially designed document file to execute arbitrary code or obtain sensitive information;
- An incorrect handling of requests in Office Web Apps Server 2013 and Office Online Server can be exploited remotely via a specially designed request to gain privileges;
- An incorrect OLE objects instantiation in Microsoft Publisher can be exploited remotely via a specially designed request to gain privileges;
- An improper validation of attachment headers in Microsoft Outlook can be exploited remotely via a specially designed e-main message to gain privileges.
Первичный источник обнаружения
- ADV180015
CVE-2018-8254
CVE-2018-8248
CVE-2018-8246
CVE-2018-8252
CVE-2018-8247
CVE-2018-8245
CVE-2018-8244
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2018-8254 warning
- CVE-2018-8248 critical
- CVE-2018-8246 warning
- CVE-2018-8252 warning
- CVE-2018-8247 high
- CVE-2018-8245 high
- CVE-2018-8244 warning
Список KB
- 4022209
- 4022197
- 3115248
- 4022182
- 4022179
- 4022205
- 4022190
- 4022199
- 3115197
- 4022196
- 4022174
- 4022173
- 4022160
- 4022151
- 4011186
- 4011026
- 4018387
- 4022210
- 4022169
- 4022177
- 4018391
- 4022183
- 4022191
- 4022203
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!