Описание
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-1259.
- An elevation of privilege vulnerability exists in Microsoft SharePoint, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’.
- A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.
- A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’.
- A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren’t properly protected from unsafe data input, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
- A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka ‘Microsoft Office Security Feature Bypass Vulnerability’.
- A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren’t properly protected from unsafe data input, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.
- An information disclosure vulnerability exists in Lync 2013, aka ‘Lync 2013 Information Disclosure Vulnerability’.
- An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka ‘Microsoft Excel Information Disclosure Vulnerability’.
- A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka ‘Microsoft SharePoint Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-1261.
- A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’.
- A remote code execution vulnerability in Jet Database Engine can be exploited remotely to execute arbitrary code.
Первичный источник обнаружения
- CVE-2019-1261
CVE-2019-1260
CVE-2019-1257
CVE-2019-1262
CVE-2019-1295
CVE-2019-1264
CVE-2019-1296
CVE-2019-1209
CVE-2019-1263
CVE-2019-1259
CVE-2019-1297
CVE-2019-1246
Эксплуатация
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
Список CVE
- CVE-2019-1261 critical
- CVE-2019-1260 high
- CVE-2019-1257 critical
- CVE-2019-1262 high
- CVE-2019-1246 critical
- CVE-2019-1295 critical
- CVE-2019-1264 critical
- CVE-2019-1296 critical
- CVE-2019-1209 high
- CVE-2019-1263 high
- CVE-2019-1259 critical
- CVE-2019-1297 critical
Список KB
- 4484098
- 4475590
- 4475596
- 4475594
- 4464557
- 4484099
- 4475605
- 4475599
- 4475591
- 4475611
- 4461631
- 4464548
- 4464566
- 4475583
- 4475589
- 4475607
- 4515509
- 4475566
- 4475579
- 4475574
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!