Multiple vulnerabilities in Microsoft Office

Описание

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to execute arbitrary code.
2. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web request to spoof user interface.
3. An information disclosure vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
4. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to execute arbitrary code.
5. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
6. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web request to spoof user interface.
7. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
8. An elevation of privilege vulnerability in OneDrive for Windows can be exploited remotely via specially crafted application to gain privileges.
9. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
10. An information disclosure vulnerability in Microsoft Office can be exploited remotely via specially crafted file to obtain sensitive information.
11. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
12. A tampering vulnerability in Microsoft SharePoint Server can be exploited remotely to spoof user interface.
13. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely via specially crafted page to execute arbitrary code.

Первичный источник обнаружения

• CVE-2020-1452
  CVE-2020-1345
  CVE-2020-1224
  CVE-2020-1227
  CVE-2020-1200
  CVE-2020-1595
  CVE-2020-1205
  CVE-2020-1453
  CVE-2020-1575
  CVE-2020-1576
  CVE-2020-16851
  CVE-2020-1193
  CVE-2020-16852
  CVE-2020-1514
  CVE-2020-1594
  CVE-2020-16855
  CVE-2020-1198
  CVE-2020-1482
  CVE-2020-16853
  CVE-2020-1210
  CVE-2020-1338
  CVE-2020-1440
  CVE-2020-1218
  CVE-2020-1335
  CVE-2020-1332
  CVE-2020-1460
  CVE-2020-1523
  

Связанные продукты

• Microsoft-Office
• Microsoft-Excel
• Microsoft-Word
• Microsoft-Windows

Список CVE

• CVE-2020-1452
  critical
• CVE-2020-1345
  high
• CVE-2020-1224
  high
• CVE-2020-1227
  high
• CVE-2020-1200
  critical
• CVE-2020-1595
  critical
• CVE-2020-1205
  warning
• CVE-2020-1453
  critical
• CVE-2020-1575
  high
• CVE-2020-1576
  critical
• CVE-2020-16851
  high
• CVE-2020-1193
  critical
• CVE-2020-16852
  high
• CVE-2020-1514
  high
• CVE-2020-1594
  critical
• CVE-2020-16855
  high
• CVE-2020-1198
  high
• CVE-2020-1482
  high
• CVE-2020-16853
  high
• CVE-2020-1210
  critical
• CVE-2020-1338
  critical
• CVE-2020-1440
  high
• CVE-2020-1218
  critical
• CVE-2020-1335
  critical
• CVE-2020-1332
  critical
• CVE-2020-1460
  critical
• CVE-2020-1523
  critical

Список KB

• 4484533
• 4484503
• 4486660
• 4486667
• 4484515
• 4484530
• 4484512
• 4484506
• 4484469
• 4486665
• 4484504
• 4486661
• 4484522
• 4484526
• 4484510
• 4484518
• 4484528
• 4484480
• 3101523
• 4484513
• 4484517
• 4486664
• 4484525
• 4484514
• 4484505
• 4484516
• 4484507
• 4484488
• 4484466
• 4484532

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com