Kaspersky LabKLA10981KLA10981 Multiple vulnerabilities in Microsoft Office
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.938 High
EPSS
Percentile
99.1%
Detect date:
03/14/2017
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to cause a denial of service, gain privileges, obtain sensitive information, execute arbitrary code.
Affected products:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2013RT
Microsoft Office 2016
Microsoft Office for Mac 2011
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS17-014
CVE-2017-0014
CVE-2017-0060
CVE-2017-0073
CVE-2017-0108
CVE-2017-0052
CVE-2017-0053
CVE-2017-0129
CVE-2017-0020
CVE-2017-0027
CVE-2017-0105
CVE-2017-0107
CVE-2017-0029
CVE-2017-0030
CVE-2017-0019
CVE-2017-0006
CVE-2017-0031
Impacts:
ACE
Related products:
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
CVE-IDS:
CVE-2017-00147.6Critical
CVE-2017-00602.1Warning
CVE-2017-00734.3Warning
CVE-2017-01089.3Critical
CVE-2017-00529.3Critical
CVE-2017-00539.3Critical
CVE-2017-01295.0Warning
CVE-2017-00209.3Critical
CVE-2017-00272.6Warning
CVE-2017-01054.3Warning
CVE-2017-01074.3Warning
CVE-2017-00294.3Warning
CVE-2017-00309.3Critical
CVE-2017-00199.3Critical
CVE-2017-00069.3Critical
CVE-2017-00319.3Critical
Microsoft official advisories:
KB list:
3127945
3127958
3141535
3172539
3178653
3178656
3178688
3178693
4010299
4010300
4010301
4010303
4010304
3178676
3178683
3178686
3178690
3178687
3172542
3172464
3178673
3178674
3198809
3178677
3178682
3178680
3178694
3212218
3178678
3178685
3178684
3172431
3178689
3172457
3172540
4012487
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/3127945
support.microsoft.com/kb/3127958
support.microsoft.com/kb/3141535
support.microsoft.com/kb/3172431
support.microsoft.com/kb/3172457
support.microsoft.com/kb/3172464
support.microsoft.com/kb/3172539
support.microsoft.com/kb/3172540
support.microsoft.com/kb/3172542
support.microsoft.com/kb/3178653
support.microsoft.com/kb/3178656
support.microsoft.com/kb/3178673
support.microsoft.com/kb/3178674
support.microsoft.com/kb/3178676
support.microsoft.com/kb/3178677
support.microsoft.com/kb/3178678
support.microsoft.com/kb/3178680
support.microsoft.com/kb/3178682
support.microsoft.com/kb/3178683
support.microsoft.com/kb/3178684
support.microsoft.com/kb/3178685
support.microsoft.com/kb/3178686
support.microsoft.com/kb/3178687
support.microsoft.com/kb/3178688
support.microsoft.com/kb/3178689
support.microsoft.com/kb/3178690
support.microsoft.com/kb/3178693
support.microsoft.com/kb/3178694
support.microsoft.com/kb/3198809
support.microsoft.com/kb/3212218
support.microsoft.com/kb/4010299
support.microsoft.com/kb/4010300
support.microsoft.com/kb/4010301
support.microsoft.com/kb/4010303
support.microsoft.com/kb/4010304
support.microsoft.com/kb/4012487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0031
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0129
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0006
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0019
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0020
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0027
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0029
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0030
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0031
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0052
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0053
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0105
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/library/security/MS17-014
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office-Compatibility-Pack-for-Word,-Excel,-and-PowerPoint-2007-File-Formats/
threats.kaspersky.com/en/product/Microsoft-Office-PowerPoint/
threats.kaspersky.com/en/product/Microsoft-Office-Professional-Plus-2010/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
threats.kaspersky.com/en/product/Microsoft-Word/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.938 High
EPSS
Percentile
99.1%