Kaspersky LabKLA11170KLA11170 Multiple vulnerabilities in Microsoft Office
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.7%
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface and obtain sensitive information.
Below is a complete list of vulnerabilities:
- Elevation of privilege vulnerabilities in Microsoft SharePoint Server can be exploited remotely via specially crafted web request to gain privileges or obtain sensitive information;
- Improper email parsing vulnerabilities in Microsoft Outlook can be exploited remotely via specially crafted email messages to execute arbitrary code;
- Improper memory handling vulnerabilities in Microsoft Word can be exploited remotely to execute arbitrary code;
- Improper memory handling vulnerabilities in Microsoft Office software can be exploited remotely to execute arbitrary code;
- Improper memory handling vulnerabilities in Microsoft Excel can be exploited remotely to execute arbitrary code;
- A memory corruption vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code;
- A XSS vulnerability in Microsoft Access can be exploited remotely via specially crafted file to spoof user interface;
- A memory corruption vulnerability in Microsoft Office software can be exploited remotely via specially crafted file to execute arbitrary code;
- An email encoding handling vulnerability in Microsoft Outlook for MAC can be exploited remotely via specially crafted email attachment to spoof user interface.
Original advisories
Exploitation
This vulnerability can be exploited by the following malware:
https://threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2018-0802/
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2018-0789 critical
CVE-2018-0790 critical
CVE-2018-0793 critical
CVE-2018-0791 critical
CVE-2018-0792 critical
CVE-2018-0794 critical
CVE-2018-0795 critical
CVE-2018-0796 critical
CVE-2018-0797 critical
CVE-2018-0798 critical
CVE-2018-0799 high
CVE-2018-0801 critical
CVE-2018-0802 critical
CVE-2018-0804 critical
CVE-2018-0805 critical
CVE-2018-0806 critical
CVE-2018-0807 critical
CVE-2018-0812 critical
CVE-2018-0819 high
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Microsoft Excel 2007 Service Pack 3Microsoft Excel 2010 Service Pack 2Microsoft Excel 2013 RT Service Pack 1Microsoft Excel 2013 Service Pack 1Microsoft Excel 2016Microsoft Excel 2016 Click-to-Run (C2R)Microsoft Excel Viewer 2007 Service Pack 3Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2Microsoft Office 2013 RT Service Pack 1Microsoft Office 2013 Service Pack 1Microsoft Office 2016Microsoft Office 2016 Click-to-Run (C2R)Microsoft Office 2016 for MacMicrosoft Office Compatibility Pack Service Pack 3Microsoft Office Online Server 2016Microsoft Office Web Apps 2010 Service Pack 2Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office Word ViewerMicrosoft Outlook 2007 Service Pack 3Microsoft Outlook 2010 Service Pack 2Microsoft Outlook 2013 RT Service Pack 1Microsoft Outlook 2013 Service Pack 1Microsoft Outlook 2016Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Server 2010 Service Pack 2Microsoft Word 2007 Service Pack 3Microsoft Word 2010 Service Pack 2Microsoft Word 2013 RT Service Pack 1Microsoft Word 2013 Service Pack 1Microsoft Word 2016
References
support.microsoft.com/kb/3114998
support.microsoft.com/kb/3141547
support.microsoft.com/kb/4011201
support.microsoft.com/kb/4011213
support.microsoft.com/kb/4011273
support.microsoft.com/kb/4011574
support.microsoft.com/kb/4011579
support.microsoft.com/kb/4011580
support.microsoft.com/kb/4011599
support.microsoft.com/kb/4011602
support.microsoft.com/kb/4011605
support.microsoft.com/kb/4011606
support.microsoft.com/kb/4011607
support.microsoft.com/kb/4011609
support.microsoft.com/kb/4011610
support.microsoft.com/kb/4011611
support.microsoft.com/kb/4011615
support.microsoft.com/kb/4011622
support.microsoft.com/kb/4011626
support.microsoft.com/kb/4011627
support.microsoft.com/kb/4011632
support.microsoft.com/kb/4011636
support.microsoft.com/kb/4011637
support.microsoft.com/kb/4011639
support.microsoft.com/kb/4011641
support.microsoft.com/kb/4011642
support.microsoft.com/kb/4011643
support.microsoft.com/kb/4011648
support.microsoft.com/kb/4011651
support.microsoft.com/kb/4011653
support.microsoft.com/kb/4011656
support.microsoft.com/kb/4011657
support.microsoft.com/kb/4011658
support.microsoft.com/kb/4011659
support.microsoft.com/kb/4011660
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180003
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0789
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0792
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0793
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0794
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0795
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0796
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0797
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0798
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0801
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0804
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0806
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0807
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0812
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0819
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Outlook/
threats.kaspersky.com/en/product/Microsoft-Word/
threats.kaspersky.com/en/threat/Exploit.MSOffice.CVE-2018-0802/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.7%