Kaspersky ID:
KLA11864
Дата обнаружения:
14/07/2020
Обновлено:
22/01/2024

Описание

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, perform cross-site scripting attack, gain privileges.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Word can be exploited remotely via special crafted file to execute arbitrary code.
  2. A remote code execution vulnerability in Microsoft Project can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in .NET Framework, SharePoint Server, and Visual Studio can be exploited remotely via specially crafted document to execute arbitrary code.
  4. A cross-site-scripting (XSS) vulnerability Microsoft SharePoint Reflective can be exploited remotely via specially crafted request to spoof user interface.
  5. A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted to execute arbitrary code.
  6. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
  7. A cross-site-scripting (XSS) vulnerability in Office Web Apps can be exploited remotely via specially crafted request to spoof user interface.
  8. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface.
  9. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted email to execute arbitrary code.
  10. An information disclosure vulnerability in Microsoft Office can be exploited to obtain sensitive information.
  11. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
  12. A remote code execution vulnerability in PerformancePoint Services can be exploited remotely via specially crafted document to execute arbitrary code.
  13. A cross-site-scripting (XSS) vulnerability in Microsoft SharePoint Server can be exploited remotely via special crafted web to spoof user interface.
  14. A remote code execution vulnerability in Microsoft Outlook can be exploited to execute arbitrary code.
  15. An elevation of privilege vulnerability in Microsoft OneDrive can be exploited remotely via specially crafted application to gain privileges.
  16. A cross-site-scripting (XSS) vulnerability in Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
  17. An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
  18. A remote code execution vulnerability in DirectWrite can be exploited remotely via specially crafted document to execute arbitrary code.
  19. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
  20. An elevation of privilege vulnerability in Microsoft Office can be exploited remotely to gain privileges.

Первичный источник обнаружения

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2020-1147
    high
  • CVE-2020-1409
    critical
  • CVE-2020-1448
    high
  • CVE-2020-1449
    critical
  • CVE-2020-1454
    warning
  • CVE-2020-1458
    critical
  • CVE-2020-1456
    warning
  • CVE-2020-1442
    warning
  • CVE-2020-1443
    warning
  • CVE-2020-1444
    warning
  • CVE-2020-1445
    warning
  • CVE-2020-1446
    high
  • CVE-2020-1447
    high
  • CVE-2020-1439
    high
  • CVE-2020-1451
    warning
  • CVE-2020-1349
    high
  • CVE-2020-1465
    high
  • CVE-2020-1450
    warning
  • CVE-2020-1342
    warning
  • CVE-2020-1240
    critical
  • CVE-2020-1025
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.