Multiple vulnerabilities in Microsoft Office

Описание

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. A security feature bypass vulnerability in Microsoft Office can be exploited remotely via specially crafted file to bypass security restrictions.
2. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted website to spoof user interface.
3. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
4. An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to gain privileges.
5. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
6. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
7. An information disclosure vulnerability in Microsoft Excel can be exploited remotely via specially designed document to bypass security restrictions.
8. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
9. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
10. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
11. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.

Первичный источник обнаружения

• CVE-2019-0540
  CVE-2019-0670
  CVE-2019-0675
  CVE-2019-0668
  CVE-2019-0673
  CVE-2019-0604
  CVE-2019-0669
  CVE-2019-0672
  CVE-2019-0674
  CVE-2019-0594
  CVE-2019-0671
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Office-Professional-Plus-2010
• Microsoft-Office
• Microsoft-Excel
• Microsoft-Sharepoint-Server

Список CVE

• CVE-2019-0540
  high
• CVE-2019-0670
  high
• CVE-2019-0675
  critical
• CVE-2019-0668
  critical
• CVE-2019-0673
  critical
• CVE-2019-0604
  critical
• CVE-2019-0669
  high
• CVE-2019-0672
  critical
• CVE-2019-0674
  critical
• CVE-2019-0594
  critical
• CVE-2019-0671
  critical

Список KB

• 4018313
• 4018300
• 4018294
• 4462174
• 4092465
• 4462138
• 4462146
• 4462154
• 4462143
• 4462139
• 4462155
• 4462171
• 4461630
• 4462115
• 4462177
• 4461597
• 4461608
• 4462186
• 4461607
• 4462199
• 4462184
• 4462202
• 4462211

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com