Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10616
HistoryDec 09, 2014 - 12:00 a.m.

KLA10616 Multiple vulnerabilities in Microsoft Office

2014-12-0900:00:00
Kaspersky Lab
threats.kaspersky.com
2185

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.8%

JSON

Detect date:

12/09/2014

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Office products. Malicious users can exploit these vulnerabilities to run arbitrary code, cause denial of service, loss of integrity, security bypass, privilege escalation and obtain sensitive information.

Affected products:

Microsoft Office 2003,
Microsoft Office 2007,
Microsoft Office 2010,
Microsoft Office 2013,
Microsoft Office 2013 RT,
Microsoft Office for Mac,
Microsoft Word Viewer,
Microsoft Office Web Apps,
Microsoft SharePoint Server,
Microsoft Office Compatibility Pack,
Microsoft OneNote.

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2014-1818
CVE-2014-1817
CVE-2014-2778
CVE-2014-4077
CVE-2014-0260
CVE-2014-0259
CVE-2014-2815
CVE-2014-6333
CVE-2014-6361
CVE-2014-6360
CVE-2014-6364
CVE-2014-6357
CVE-2014-1761
CVE-2014-0258
CVE-2014-1808
CVE-2014-1756
CVE-2014-1757
CVE-2014-1758
CVE-2014-6334
CVE-2014-6335
CVE-2014-4117
CVE-2014-1809

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2014-18189.3Critical
CVE-2014-18179.3Critical
CVE-2014-27789.3Critical
CVE-2014-40779.3Critical
CVE-2014-02609.3Critical
CVE-2014-02599.3Critical
CVE-2014-28159.3Critical
CVE-2014-63339.3Critical
CVE-2014-63619.3Critical
CVE-2014-63609.3Critical
CVE-2014-63649.3Critical
CVE-2014-63579.3Critical
CVE-2014-17619.3Critical
CVE-2014-02589.3Critical
CVE-2014-18084.3Warning
CVE-2014-17569.3Critical
CVE-2014-17579.3Critical
CVE-2014-17589.3Critical
CVE-2014-63349.3Critical
CVE-2014-63359.3Critical
CVE-2014-41179.3Critical
CVE-2014-18096.8High

Microsoft official advisories:

KB list:

2967487
2969261
2992719
3017301
3017349
3017347
3009710
3000434
2961033
2961037
2950145
2949660
2916605
2977201

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

References

Related

securityvulns 10
nessus 17
openvas 45
mskb 8
kaspersky 3
cve 22
checkpoint_advisories 16
prion 22
symantec 20
cert 1
zdi 1
seebug 5
saint 4
attackerkb 2
metasploit 1
cisa_kev 2
thn 2
packetstorm 1
zdt 1
exploitdb 1
carbonblack 1
threatpost 2
fireeye 2
cisa 1
myhack58 1
qualysblog 1
securityvulns
securityvulns
Microsoft Office multiple security vulnerabilities
2014-05-14 00:00:00
Microsoft Office multiple security vulnerabilities
2015-01-14 00:00:00
Microsoft Office multiple security vulnerabilities
2014-11-18 00:00:00
nessus
nessus
MS14-069: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)
2014-11-12 00:00:00
MS14-001: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
2014-01-14 00:00:00
MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
2014-04-08 00:00:00
openvas
openvas
MS Office Compatibility Pack Remote Code Execution Vulnerabilities (3009710)
2014-11-12 00:00:00
Microsoft Office Word Viewer Remote Code Execution Vulnerabilities (3009710)
2014-11-12 00:00:00
Microsoft Office Word Remote Code Execution Vulnerabilities (3009710)
2014-11-12 00:00:00
mskb
mskb
MS14-001: Vulnerabilities in Microsoft Word and Office web apps could allow remote code execution: January 14, 2014
2014-01-14 00:00:00
MS14-017: Vulnerabilities in Microsoft Word and Office Web Apps could allow remote code execution: April 8, 2014
2014-04-08 00:00:00
MS14-036: Vulnerabilities in Microsoft graphics component could allow remote code execution: June 10, 2014
2014-06-10 00:00:00
kaspersky
kaspersky
KLA10011 Multiple vulnerabilities in Microsoft Graphics Component
2014-07-03 00:00:00
KLA10012 Vulnerability in Microsoft Word 2007 & Office Compatibility Pack
2014-06-10 00:00:00
KLA10601 Multiple vulnerabilities in Microsoft products
2014-11-11 00:00:00
cve
cve
CVE-2014-6364
2014-12-11 00:59:00
CVE-2014-6357
2014-12-11 00:59:00
CVE-2014-6361
2014-12-11 00:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft Word Use After Free Remote Code Execution (MS14-081; CVE-2014-6357)
2014-12-09 00:00:00
Microsoft Excel Invalid Pointer Remote Code Execution (MS14-083; CVE-2014-6361)
2014-12-09 00:00:00
Microsoft Office Component Use After Free Remote Code Execution (MS14-082; CVE-2014-6364)
2014-12-09 00:00:00
prion
prion
Remote code execution
2014-12-11 00:59:00
Design/Logic Flaw
2014-12-11 00:59:00
Remote code execution
2014-12-11 00:59:00
symantec
symantec
Microsoft Excel CVE-2014-6361 Memory Corruption Vulnerability
2014-12-09 00:00:00
Microsoft Office CVE-2014-6364 Use After Free Remote Code Execution Vulnerability
2014-12-09 00:00:00
Microsoft Excel CVE-2014-6360 Memory Corruption Vulnerability
2014-12-09 00:00:00
cert
cert
Microsoft Office file format converter memory corruption vulnerability
2014-04-10 00:00:00
zdi
zdi
Microsoft Word Style Tag Use-After-Free Remote Code Execution Vulnerability
2014-10-14 00:00:00
seebug
seebug
MS14-017 Microsoft Word RTF Object Confusion
2014-07-01 00:00:00
Microsoft Word内存破坏漏洞
2014-01-15 00:00:00
Microsoft Word内存破坏漏洞
2014-01-15 00:00:00
saint
saint
Microsoft Word RTF Object Confusion
2014-07-24 00:00:00
Microsoft Word RTF Object Confusion
2014-07-24 00:00:00
Microsoft Word RTF Object Confusion
2014-07-24 00:00:00
attackerkb
attackerkb
CVE-2014-1761
2014-03-25 00:00:00
CVE-2014-4077
2014-11-11 00:00:00
metasploit
metasploit
MS14-017 Microsoft Word RTF Object Confusion
2014-04-08 18:44:20
cisa_kev
cisa_kev
Microsoft Word Memory Corruption Vulnerability
2022-02-15 00:00:00
Microsoft IME Japanese Privilege Escalation Vulnerability
2022-05-25 00:00:00
thn
thn
Microsoft Word Zero-Day Vulnerability is being exploited in the Wild
2014-03-24 19:37:00
Microsoft Critical Vulnerabilities that You Must Patch Coming Tuesday
2014-04-05 00:04:00
packetstorm
packetstorm
MS14-017 Microsoft Word RTF Object Confusion
2014-04-09 00:00:00
zdt
zdt
MS14-017 Microsoft Word RTF Object Confusion Exploit
2014-04-09 00:00:00
exploitdb
exploitdb
Microsoft Word - RTF Object Confusion (MS14-017) (Metasploit)
2014-04-10 00:00:00
carbonblack
carbonblack
Threat Analysis: Pylot (Travle) Malware Family
2018-01-26 17:46:11
threatpost
threatpost
Researchers: PlugX More Prominent Than Ever
2015-02-10 09:00:34
Cybercrooks Frame Targets by Planting Fabricated Digital Evidence
2022-02-11 19:57:34
fireeye
fireeye
How RTF malware evades static signature-based detection
2016-05-20 14:59:00
How RTF malware evades static signature-based detection
2016-05-20 14:59:00
cisa
cisa
CISA Adds Nine Known Exploited Vulnerabilities to Catalog
2022-02-15 00:00:00
myhack58
myhack58
The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net
2019-06-13 00:00:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.8%

JSON
Related for KLA10616
securityvulns10nessus17openvas45mskb8kaspersky3cve22checkpoint_advisories16prion22symantec20cert1zdi1seebug5saint4attackerkb2metasploit1cisa_kev2thn2packetstorm1zdt1exploitdb1carbonblack1threatpost2fireeye2cisa1myhack581qualysblog1