KLA11745 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Microsoft (MAU) Office can be exploited remotely to gain privileges.
2. A remote code execution vulnerability in Microsoft Word can be exploited remotely via specially crafted file to execute arbitrary code.
3. A remote code execution vulnerability in Microsoft Office Access Connectivity Engine can be exploited remotely via specially crafted file to execute arbitrary code.
4. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
5. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
6. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.
7. A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted to execute arbitrary code.
8. A remote code execution vulnerability in Microsoft Office can be exploited remotely via specially crafted file to execute arbitrary code.
9. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted web to spoof user interface.
10. An elevation of privilege vulnerability in OneDrive for Windows can be exploited remotely via specially crafted application to gain privileges.

Original advisories

CVE-2020-0984

CVE-2020-0980

CVE-2020-0961

CVE-2020-0924

CVE-2020-0925

CVE-2020-0926

CVE-2020-0927

CVE-2020-0920

CVE-2020-0923

CVE-2020-0906

CVE-2020-0929

CVE-2020-0760

CVE-2020-0991

CVE-2020-0979

CVE-2020-0978

CVE-2020-0977

CVE-2020-0976

CVE-2020-0975

CVE-2020-0974

CVE-2020-0973

CVE-2020-0972

CVE-2020-0971

CVE-2020-0954

CVE-2020-0933

CVE-2020-0932

CVE-2020-0931

CVE-2020-0930

CVE-2020-0935

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Access

Microsoft-Visio-2010

Microsoft-Office

Microsoft-Outlook

Microsoft-Excel

Microsoft-Word

Microsoft-Windows

CVE list

CVE-2020-0984 warning

CVE-2020-0980 critical

CVE-2020-0961 critical

CVE-2020-0924 warning

CVE-2020-0925 warning

CVE-2020-0926 warning

CVE-2020-0927 warning

CVE-2020-0920 high

CVE-2020-0923 warning

CVE-2020-0906 critical

CVE-2020-0929 high

CVE-2020-0760 high

CVE-2020-0991 critical

CVE-2020-0979 critical

CVE-2020-0978 warning

CVE-2020-0977 warning

CVE-2020-0976 warning

CVE-2020-0975 warning

CVE-2020-0974 high

CVE-2020-0973 warning

CVE-2020-0972 warning

CVE-2020-0971 high

CVE-2020-0954 warning

CVE-2020-0933 warning

CVE-2020-0932 high

CVE-2020-0931 high

CVE-2020-0930 warning

CVE-2020-0935 warning

KB list

3203462

4484258

4475609

3162033

4011584

4484293

4484285

4484214

4484281

4484260

2553306

4484244

4484300

4484269

4484319

4484283

4484126

4032216

4484292

4484273

4484307

4484274

3128012

4484226

4464544

4462153

4484322

4484295

4484125

4484238

4484291

4484296

4484301

4484308

4484294

4484298

4484246

4484287

4484229

4011104

4462210

4484297

4484117

4484235

4484167

4484266

4462225

4484132

4011097

4484299

4464527

4484290

4011581

4484284

4484321

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft PowerPoint 2013 RT Service Pack 1Microsoft Publisher 2010 Service Pack 2 (64-bit editions)Microsoft Office 2019 for MacMicrosoft PowerPoint 2010 Service Pack 2 (32-bit editions)Microsoft Publisher 2013 Service Pack 1 (64-bit editions)Microsoft Office 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Word 2010 Service Pack 2 (64-bit editions)Microsoft Access 2016 (32-bit edition)Office 365 ProPlus for 64-bit SystemsMicrosoft SharePoint Foundation 2013 Service Pack 1Microsoft Word 2016 (32-bit edition)Microsoft Office 2016 (64-bit edition)Microsoft Business Productivity Servers 2010 Service Pack 2Microsoft Office 2013 RT Service Pack 1Microsoft Outlook 2016 (32-bit edition)Microsoft Outlook 2013 RT Service Pack 1Microsoft Access 2010 Service Pack 2 (64-bit editions)Microsoft Access 2013 Service Pack 1 (32-bit editions)Microsoft Office Web Apps 2010 Service Pack 2Microsoft Word 2010 Service Pack 2 (32-bit editions)Microsoft Project 2013 Service Pack 1 (32-bit editions)Microsoft Publisher 2013 Service Pack 1 (32-bit editions)Office 365 ProPlus for 32-bit SystemsMicrosoft Office 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2016 (32-bit edition)Microsoft Office Web Apps 2013 Service Pack 1Microsoft Excel 2013 Service Pack 1 (64-bit editions)Microsoft PowerPoint 2016 (64-bit edition)Microsoft PowerPoint 2016 (32-bit edition)Microsoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft Visio 2010 Service Pack 2 (64-bit editions)Microsoft Office 2019 for 32-bit editionsMicrosoft Outlook 2013 Service Pack 1 (64-bit editions)Microsoft Project 2010 Service Pack 2 (64-bit editions)Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)Microsoft Publisher 2010 Service Pack 2 (32-bit editions)Microsoft Word 2013 RT Service Pack 1Microsoft Office 2016 for MacMicrosoft Excel 2013 RT Service Pack 1Microsoft Office 2016 (32-bit edition)Microsoft SharePoint Server 2010 Service Pack 2Microsoft Publisher 2016 (64-bit edition)Microsoft Outlook 2010 Service Pack 2 (64-bit editions)Microsoft Office 2013 Service Pack 1 (64-bit editions)Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)Microsoft Office 2013 Service Pack 1 (32-bit editions)Microsoft Project 2013 Service Pack 1 (64-bit editions)Microsoft AutoUpdate for MacMicrosoft SharePoint Enterprise Server 2016Microsoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Visio 2016 (32-bit edition)Microsoft Access 2013 Service Pack 1 (64-bit editions)Microsoft SharePoint Server 2019OneDrive for WindowsMicrosoft Outlook 2010 Service Pack 2 (32-bit editions)Microsoft Word 2013 Service Pack 1 (32-bit editions)Microsoft Word 2013 Service Pack 1 (64-bit editions)Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)Microsoft Project 2010 Service Pack 2 (32-bit editions)Microsoft Excel 2016 (64-bit edition)Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft Project Server 2013 Service Pack 1 (64-bit edition)Microsoft Access 2016 (64-bit edition)Microsoft Outlook 2016 (64-bit edition)Microsoft Outlook 2013 Service Pack 1 (32-bit editions)Microsoft Word 2016 (64-bit edition)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Publisher 2016 (32-bit edition)Microsoft Project 2016 (32-bit edition)Microsoft Access 2010 Service Pack 2 (32-bit editions)Microsoft Office 2019 for 64-bit editionsMicrosoft Visio 2016 (64-bit edition)Microsoft Visio 2013 Service Pack 1 (32-bit editions)Microsoft Visio 2010 Service Pack 2 (32-bit editions)Microsoft Visio 2013 Service Pack 1 (64-bit editions)Microsoft Project 2016 (64-bit edition)Microsoft Office Online Server