KLA11010 Remote code execution and elevation of privilege vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain privileges.

Below is a complete list of vulnerabilities:

1. An improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed Microsoft Office file sent by an email or hosted on a website to execute arbitrary code;
2. An improper sanitizing of requests in Microsoft Sharepoint Server can be exploited remotely via a specially designed request to gain privileges;
3. Multiple unknown vulnerabilities can be exploited remotely via a file containing a malformed graphics image, by inserting a specially designed graphics image into document, by sending a malformed file via email or by posting a specially designed file on the website to execute arbitrary code;
4. Multiple vulnerabilities related to an improper handling of objects in memory in Microsoft Office can be exploited remotely via a specially designed file sent by an email or hosted on a website to execute arbitrary code;

Technical details

To exploit all vulnerabilities, an attacker should convince a user to open a malicious file.

Original advisories

CVE-2017-0261

CVE-2017-0262

CVE-2017-0265

CVE-2017-0264

CVE-2017-0281

CVE-2017-0254

CVE-2017-0255

CVE-2017-0281

CVE-2017-0265

CVE-2017-0264

CVE-2017-0262

CVE-2017-0261

CVE-2017-0255

CVE-2017-0254

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats

Microsoft-Office

Microsoft-Word

Microsoft-Sharepoint-Server

CVE list

CVE-2017-0281 critical

CVE-2017-0265 critical

CVE-2017-0264 critical

CVE-2017-0262 critical

CVE-2017-0261 critical

CVE-2017-0255 warning

CVE-2017-0254 critical

KB list

3191841

3191835

3191904

3191888

3191909

3191880

3191836

3191843

3178729

3191865

3162040

3191839

3118310

3172458

3114375

3191895

2596904

3191899

3191885

3191863

3191881

3191890

3191913

3191858

3191914

3191915

3212221

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Office 2013 Service Pack 1Microsoft Office 2013 RT Service Pack 1Microsoft Office 2016Microsoft Office 2016 for MacMicrosoft Office Enterprise Server 2016Microsoft Word 2007 Service Pack 3Microsoft Word 2010 Service Pack 2Microsoft Word 2013 RT Service Pack 1Microsoft Word 2013 Service Pack 1Microsoft PowerPoint for Mac 2011Microsoft Office Compatibility Pack Service Pack 3Microsoft Office Word ViewerSkype for Business 2016