CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.7%
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface and obtain sensitive information.
Below is a complete list of vulnerabilities:
This vulnerability can be exploited by the following malware:
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2018-0802/
Public exploits exist for this vulnerability.
CVE-2018-0789 critical
CVE-2018-0790 critical
CVE-2018-0793 critical
CVE-2018-0791 critical
CVE-2018-0792 critical
CVE-2018-0794 critical
CVE-2018-0795 critical
CVE-2018-0796 critical
CVE-2018-0797 critical
CVE-2018-0798 critical
CVE-2018-0799 high
CVE-2018-0801 critical
CVE-2018-0802 critical
CVE-2018-0804 critical
CVE-2018-0805 critical
CVE-2018-0806 critical
CVE-2018-0807 critical
CVE-2018-0812 critical
CVE-2018-0819 high
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/3114998
support.microsoft.com/kb/3141547
support.microsoft.com/kb/4011201
support.microsoft.com/kb/4011213
support.microsoft.com/kb/4011273
support.microsoft.com/kb/4011574
support.microsoft.com/kb/4011579
support.microsoft.com/kb/4011580
support.microsoft.com/kb/4011599
support.microsoft.com/kb/4011602
support.microsoft.com/kb/4011605
support.microsoft.com/kb/4011606
support.microsoft.com/kb/4011607
support.microsoft.com/kb/4011609
support.microsoft.com/kb/4011610
support.microsoft.com/kb/4011611
support.microsoft.com/kb/4011615
support.microsoft.com/kb/4011622
support.microsoft.com/kb/4011626
support.microsoft.com/kb/4011627
support.microsoft.com/kb/4011632
support.microsoft.com/kb/4011636
support.microsoft.com/kb/4011637
support.microsoft.com/kb/4011639
support.microsoft.com/kb/4011641
support.microsoft.com/kb/4011642
support.microsoft.com/kb/4011643
support.microsoft.com/kb/4011648
support.microsoft.com/kb/4011651
support.microsoft.com/kb/4011653
support.microsoft.com/kb/4011656
support.microsoft.com/kb/4011657
support.microsoft.com/kb/4011658
support.microsoft.com/kb/4011659
support.microsoft.com/kb/4011660
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180003
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0789
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0792
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0819
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Outlook/
threats.kaspersky.com/en/product/Microsoft-Word/
threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2018-0802/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.7%