Lucene search

Kaspersky LabKLA11069

HistoryJul 11, 2017 - 12:00 a.m.

KLA11069 Multiple vulnerabilities in Microsoft Office

2017-07-1100:00:00

Kaspersky Lab

threats.kaspersky.com

237

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface.

Below is a complete list of vulnerabilities:

Multiple vulnerabilities related to improper handling of objects in memory in Microsoft Office can be exploited via a specially designed file to execute arbitrary code;
Multiple vulnerabilities related to incorrect handling of web requests in Microsoft Exchange Outlook Web Access can be exploited by sending a specially designed email message containing a malicious link to a user to execute arbitrary code;
An improper sanitization of web requests in Microsoft SharePoint Server can be exploited via a specially designed web request to gain privileges;
An open redirect vulnerability in Microsoft Exchange can be exploited by sending a link that has a specially designed URL and convincing a user to open it to spoof user interface.

Original advisories

Exploitation

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2017-8570/

Public exploits exist for this vulnerability.

Related products

Microsoft-Office

Microsoft-Excel

Microsoft-Sharepoint-Server

Microsoft-Exchange-Server

CVE list

CVE-2017-0243 critical

CVE-2017-8501 critical

CVE-2017-8502 critical

CVE-2017-8570 critical

CVE-2017-8569 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

Microsoft Exchange Server 2016 Cumulative Update 5Microsoft Business Productivity Servers 2010 Service Pack 2Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Office 2013 RT Service Pack 1Microsoft Office 2013 Service Pack 1Microsoft Office 2016Microsoft Office Web Apps 2010 Service Pack 2Microsoft Office 2016 for MacMicrosoft Office Compatibility Pack Service Pack 3Microsoft Office for Mac 2011Microsoft Office Online Server 2016Microsoft Excel 2007 Service Pack 3Microsoft Excel 2010 Service Pack 2Microsoft Excel 2013 Service Pack 1Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2016Microsoft Excel Viewer 2007 Service Pack 3Microsoft SharePoint Enterprise Server 2013Microsoft SharePoint Enterprise Server 2016Microsoft Exchange Server 2010 Service Pack 3Microsoft Exchange Server 2013 Cumulative Update 16Microsoft Exchange Server 2013 Service Pack 1