Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11225
HistoryApr 10, 2018 - 12:00 a.m.

KLA11225 Multiple vulnerabilities in Microsoft Office

2018-04-1000:00:00
Kaspersky Lab
threats.kaspersky.com
264

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.259 Low

EPSS

Percentile

96.6%

JSON

Detect date:

04/10/2018

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information and execute arbitrary code.

Affected products:

Microsoft Excel 2010 Service Pack 2
Microsoft Office 2016
Microsoft Excel 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016 Click-to-Run
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Excel 2016 Click-to-Run
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2016
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office 2016 for Mac
Microsoft Office 2010 Service Pack 2
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2
Microsoft Word 2013 Service Pack 1
Microsoft Word 2016
Word Automation Services

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-1028
CVE-2018-0950
CVE-2018-1014
CVE-2018-1034
CVE-2018-1027
CVE-2018-1029
CVE-2018-1032
CVE-2018-1030
CVE-2018-1026
CVE-2018-1005
CVE-2018-1011
CVE-2018-1007
CVE-2018-0920

Impacts:

ACE

Related products:

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

CVE-IDS:

CVE-2018-10289.3Critical
CVE-2018-09504.3Warning
CVE-2018-10144.9Warning
CVE-2018-10343.5Warning
CVE-2018-10279.3Critical
CVE-2018-10299.3Critical
CVE-2018-10323.5Warning
CVE-2018-10309.3Critical
CVE-2018-10269.3Critical
CVE-2018-10053.5Warning
CVE-2018-10119.3Critical
CVE-2018-10072.6Warning
CVE-2018-09209.3Critical

Microsoft official advisories:

KB list:

4018355
4018311
4018357
4018344
4018341
4018350
4018354
4018360
4018362
4018319
4011628
4018342
4011586
4011717
4018337
4011719
4018339
4018328
4018356
4011712
4018359
4018347
4018353
4018343
4018336
4018288
4018330

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

References

Related

mskb 27
nessus 8
cvelist 13
prion 13
openvas 20
symantec 13
mscve 13
cve 13
thn 1
checkpoint_advisories 9
threatpost 3
cert 1
zdi 1
trendmicroblog 1
talosblog 1
mskb
mskb
Description of the security update for SharePoint Enterprise Server 2016: April 10, 2018
2018-04-10 07:00:00
Description of the security update for Excel 2010: April 10, 2018
2018-04-10 07:00:00
Description of the security update for Excel 2013: April 10, 2018
2018-04-10 07:00:00
nessus
nessus
Security Updates for Microsoft Office Products (April 2018)
2018-04-10 00:00:00
Security Updates for Microsoft SharePoint Server (April 2018)
2018-04-13 00:00:00
Security Updates for Microsoft Excel Products (April 2018)
2018-04-10 00:00:00
cvelist
cvelist
CVE-2018-1005
2018-04-12 01:00:00
CVE-2018-1014
2018-04-12 01:00:00
CVE-2018-1034
2018-04-12 01:00:00
prion
prion
Privilege escalation
2018-04-12 01:29:00
Privilege escalation
2018-04-12 01:29:00
Remote code execution
2018-04-12 01:29:00
openvas
openvas
Microsoft Office 2016 And Excel 2016 Click-to-Run (C2R) Multiple Vulnerabilities (Apr 2018)
2018-04-12 00:00:00
Microsoft Excel 2010 Service Pack 2 Multiple RCE Vulnerabilities (KB4018362)
2018-04-11 00:00:00
Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB4018350)
2018-04-11 00:00:00
symantec
symantec
Microsoft SharePoint Server CVE-2018-1014 Remote Privilege Escalation Vulnerability
2018-04-10 00:00:00
Microsoft Office CVE-2018-1030 Remote Code Execution Vulnerability
2018-04-10 00:00:00
Microsoft SharePoint Server CVE-2018-1034 Remote Privilege Escalation Vulnerability
2018-04-10 00:00:00
mscve
mscve
Microsoft SharePoint Elevation of Privilege Vulnerability
2018-04-10 07:00:00
Microsoft Office Remote Code Execution Vulnerability
2018-04-10 07:00:00
Microsoft SharePoint Elevation of Privilege Vulnerability
2018-04-10 07:00:00
cve
cve
CVE-2018-1014
2018-04-12 01:29:09
CVE-2018-1034
2018-04-12 01:29:10
CVE-2018-1030
2018-04-12 01:29:10
thn
thn
Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password
2018-04-12 07:29:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Graphics Remote Code Execution (CVE-2018-1028)
2018-04-10 00:00:00
Microsoft Office Information Disclosure - Ver 0 (CVE-2018-0950)
2019-02-21 00:00:00
Microsoft Office Information Disclosure (CVE-2018-0950)
2018-04-15 00:00:00
threatpost
threatpost
Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords
2018-04-12 19:12:24
Microsoft Outlook for Android Open to XSS Attacks
2019-06-21 19:50:33
Microsoft Fixes 66 Bugs in April Patch Tuesday Release
2018-04-10 21:16:16
cert
cert
Microsoft Outlook retrieves remote OLE content without prompting
2018-04-10 00:00:00
zdi
zdi
Microsoft Office Excel Slicer Use-After-Free Remote Code Execution Vulnerability
2018-04-11 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 9, 2018
2018-04-13 15:37:14
talosblog
talosblog
Microsoft Patch Tuesday - April 2018
2018-04-10 13:13:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.259 Low

EPSS

Percentile

96.6%

JSON
Related for KLA11225
mskb27nessus8cvelist13prion13openvas20symantec13mscve13cve13thn1checkpoint_advisories9threatpost3cert1zdi1trendmicroblog1talosblog1