KLA10980Multiple vulnerabilities in Microsoft Office

2017-03-14T00:00:00
ID KLA10980
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-09-10T00:00:00

Description

Detect date:

03/14/2017

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Affected products:

Microsoft Lync 2010 Attendee (admin level install)
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit)
Microsoft Lync 2010 Attendee (user level install)
Microsoft Lync Basic 2013 Service Pack 1 (32-bit)
Skype for Business 2016 Basic (64-bit)
Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based)
Microsoft Lync Basic 2013 Service Pack 1 (64-bit)
Skype for Business 2016 (32-bit)
Microsoft Office Word Viewer
Microsoft Lync 2013 Service Pack 1 (32-bit)
Microsoft Live Meeting 2007 Console
Microsoft Live Meeting 2007 Add-in
Skype for Business 2016 (64-bit)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Microsoft Silverlight 5 when installed on Microsoft Windows (32-bit)
Skype for Business 2016 Basic (32-bit)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Silverlight 5 when installed on Microsoft Windows (x64-based)
Microsoft Lync 2010 (64-bit)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Lync 2010 (32-bit)
Microsoft Office 2007 Service Pack 3

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-0073
CVE-2017-0014
CVE-2017-0108
CVE-2017-0060

Impacts:

ACE

Related products:

Microsoft Silverlight

CVE-IDS:

CVE-2017-00147.6Critical
CVE-2017-00601.9Warning
CVE-2017-00734.3Warning
CVE-2017-01089.3Critical

Microsoft official advisories:

KB list:

3127945
3127958
3141535
3172539
3178653
3178656
3178688
3178693
4010299
4010300
4010301
4010303
4010304

Exploitation:

The following public exploits exists for this vulnerability: