Lucene search

Kaspersky LabKLA11172

HistoryJan 09, 2018 - 12:00 a.m.

KLA11172 Multiple vulnerabilities in Microsoft Development Tools

2018-01-0900:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.005

Percentile

76.6%

JSON

Multiple serious vulnerabilities have been found in Microsoft .NET Core, ASP.NET Core, Microsoft Excel and Microsoft Office Compatibility Pack. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions and gain privileges.

A remote code execution vulnerability can be exploited remotely via specially crafted file to execute arbitrary code;
An elevation of privilege vulnerability can be exploited remotely via specially crafted email with malicious link to gain privileges;
A Cross Site Request Forgery vulnerability can be exploited remotely via changing of recovery code for victim’s account to spoof user interface;
A security feature bypass vulnerability can be exploited remotely via using specially marked certificate to bypass security restrictions;

Technical details

Vulnerability (1) is related to Microsoft Excel and Microsoft Office Compatibility Pack. Vulnerabilities (2) and (3) are related to ASP.NET Core. Vulnerability (4) is related to .NET Core and Microsoft .NET Framework.

Original advisories

Related products

Microsoft-.NET-Framework

Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats

Microsoft-Excel

Microsoft-ASP.NET-MVC

CVE list

CVE-2018-0784 high

CVE-2018-0785 warning

CVE-2018-0786 warning

CVE-2018-0764 warning

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.