KLA11287
Multiple vulnerabilities in Microsoft Office
Обновлено: 16/07/2019
Дата обнаружения
10/07/2018
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities were found in Microsoft Office Products. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, perform cross-site scripting.

Below is a complete list of vulnerabilities:

  1. A tampering vulnerability in MS Outlook can be exploited remotely via specially crafted email and attachment to embed untrusted TrueType fonts in the body of an email;
  2. A vulnerability in Microsoft Office products can be exploited remotely via specially crafted document to execute arbitrary code;
  3. A vulnerability in Skype for Business and Microsoft Lync can be exploited remotely via specially crafted content to gain privileges and execute arbitrary code;
  4. A vulnerability in Microsoft Access can be exploited remotely via specially crafted document to execute arbitrary code;
  5. A vulnerability in Microsoft Share Point Server can be exploited remotely via specially crafted request to gain privileges;
  6. A vulnerability in Skype for Business and Lync can be exploited remotely via specially crafted file to bypass security restrictions;
  7. A vulnerability in Microsoft SharePoint can be exploited remotely via a specially crafted SharePoint application package to execute arbitrary code;
  8. A vulnerability in Microsoft SharePoint Server can be exploited remotely via specially crafted request to gain privileges and to perform cross-site scripting;
Пораженные продукты

Skype for Business 2016 (32-bit)
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Skype for Business 2016 (64-bit)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft PowerPoint Viewer
Microsoft Office Word Viewer
Microsoft Office 2016 for Mac
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Excel Viewer
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2016 (64-bit edition)
Microsoft Access 2016 (32-bit edition)
Microsoft Access 2016 (64-bit edition)
Microsoft Access 2013 Service Pack 1 (32-bit editions)
Microsoft Access 2013 Service Pack 1 (64-bit editions)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8310
CVE-2018-8281
CVE-2018-8311
CVE-2018-8312
CVE-2018-8323
CVE-2018-8238
CVE-2018-8300
CVE-2018-8299
Оказываемое влияние
?
ACE 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft Office
CVE-IDS
CVE-2018-83107.5Critical
CVE-2018-82817.8Critical
CVE-2018-83118.8Critical
CVE-2018-83127.8Critical
CVE-2018-83235.4High
CVE-2018-82387.8Critical
CVE-2018-83007.8Critical
CVE-2018-82995.4High
Microsoft official advisories
Microsoft Security Update Guide
KB list

4022224
4022200
4022225
4032214
4022202
4011202
4018351
4022221
4022228
4022218
4022243
4018338
4022235