Kaspersky Threats

Дата обнаружения

10/03/2020

Уровень угрозы

Critical

Описание

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.

Пораженные продукты

Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Office 365 ProPlus for 32-bit Systems
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft SharePoint Server 2019
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Online Server
Office 365 ProPlus for 64-bit Systems
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office 2019 for 64-bit editions
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Office 2019 for Mac
Microsoft Word 2013 RT Service Pack 1