Lucene search

Kaspersky LabKLA10939

HistoryJan 10, 2017 - 12:00 a.m.

KLA10939 Arbitrary code execution vulnerability in Microsoft Office Word 2016 and Microsoft SharePoint Enterprise Server 2016

2017-01-1000:00:00

Kaspersky Lab

threats.kaspersky.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.218 Low

EPSS

Percentile

96.5%

JSON

Memory corruption vulnerability was found in Microsoft Word 2016 and Microsoft SharePoint Enterprise Server 2016. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed document.

Original advisories

MS17-002

CVE-2017-0003

Related products

Microsoft-Word

Microsoft-Sharepoint-Server

CVE list

CVE-2017-0003 critical

KB list

3128057

3141486

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.