Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11809
HistoryJun 09, 2020 - 12:00 a.m.

KLA11809 Multiple vulnerabilities in Microsoft Apps

2020-06-0900:00:00
Kaspersky Lab
threats.kaspersky.com
28

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.047

Percentile

92.7%

JSON

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Word for Android can be exploited remotely via specially crafted to execute arbitrary code.
  2. A spoofing vulnerability in Microsoft Bing Search can be exploited remotely via specially crafted website to spoof user interface.

Original advisories

CVE-2020-1223

CVE-2020-1329

Related products

Microsoft-Word

CVE list

CVE-2020-1223 high

CVE-2020-1329 warning

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Microsoft Bing Search for AndroidMicrosoft Word for Android

Related

prion 2
mscve 2
cvelist 2
cve 2
nvd 2
avleonov 1
prion
prion
Spoofing
2020-06-09 20:15:00
Remote code execution
2020-06-09 20:15:00
mscve
mscve
Microsoft Bing Search Spoofing Vulnerability
2020-06-09 07:00:00
Word for Android Remote Code Execution Vulnerability
2020-06-09 07:00:00
cvelist
cvelist
CVE-2020-1329
2020-06-09 19:44:10
CVE-2020-1223
2020-06-09 19:43:30
cve
cve
CVE-2020-1329
2020-06-09 20:15:21
CVE-2020-1223
2020-06-09 20:15:15
nvd
nvd
CVE-2020-1329
2020-06-09 20:15:21
CVE-2020-1223
2020-06-09 20:15:15
avleonov
avleonov
Microsoft Patch Tuesday June 2020: The Bleeding Ghost of SMB
2020-06-23 01:31:46

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.047

Percentile

92.7%

JSON
Related for KLA11809
prion2mscve2cvelist2cve2nvd2avleonov1