Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11069
HistoryJul 11, 2017 - 12:00 a.m.

KLA11069 Multiple vulnerabilities in Microsoft Office

2017-07-1100:00:00
Kaspersky Lab
threats.kaspersky.com
225

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Detect date:

07/11/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface.

Affected products:

Microsoft Exchange Server 2016 Cumulative Update 5
Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office for Mac 2011
Microsoft Office Online Server 2016
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2016
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft SharePoint Enterprise Server 2013
Microsoft SharePoint Enterprise Server 2016
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013 Cumulative Update 16
Microsoft Exchange Server 2013 Service Pack 1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8569
CVE-2017-8570
CVE-2017-0243
CVE-2017-8501
CVE-2017-8502
CVE-2017-8570

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2017-02437.8Critical
CVE-2017-85017.8Critical
CVE-2017-85027.8Critical
CVE-2017-85707.8Critical
CVE-2017-85698.8Critical

Microsoft official advisories:

KB list:

3213537
2880514
3191833
3191894
3191897
3191902
3191907
3203459
3203468
3203469
3203477
3212224
3213544
3213545
3213555
3213559
3213624
3213640
3213657

Exploitation:

This vulnerability can be exploited by the following malware:

References

Related

nessus 4
prion 4
openvas 16
cve 5
attackerkb 2
mskb 19
threatpost 4
mscve 5
checkpoint_advisories 2
zdt 1
myhack58 4
cisa_kev 1
symantec 5
malwarebytes 1
exploitpack 1
thn 2
exploitdb 1
canvas 1
talosblog 2
cisa 1
securelist 17
rapid7community 1
trendmicroblog 2
mssecure 1
qualysblog 3
avleonov 1
nessus
nessus
Security Update for Microsoft Office Products (July 2017)
2017-07-11 00:00:00
Security Update for Microsoft SharePoint Server and Project Server (July 2017)
2017-07-11 00:00:00
Security Update for Microsoft Office Online Server and SharePoint Server 2010 Office Web Apps (July 2017)
2017-07-11 00:00:00
prion
prion
Remote code execution
2017-07-11 21:29:00
Remote code execution
2017-07-11 21:29:00
Remote code execution
2017-07-11 21:29:00
openvas
openvas
Microsoft Excel 2013 Service Pack 1 Multiple Vulnerabilities (KB3213537)
2017-07-12 00:00:00
Microsoft Excel 2010 Service Pack 2 Multiple Vulnerabilities (KB3191907)
2017-07-12 00:00:00
Microsoft Excel 2016 Multiple Vulnerabilities (KB3203477)
2017-07-12 00:00:00
cve
cve
CVE-2017-8501
2017-07-11 21:29:00
CVE-2017-8570
2017-07-11 21:29:00
CVE-2017-8502
2017-07-11 21:29:00
attackerkb
attackerkb
CVE-2017-0243
2017-07-11 00:00:00
CVE-2017-8570
2017-07-11 00:00:00
mskb
mskb
Description of the security update for Excel 2016: July 11, 2017
2017-07-11 07:00:00
Description of the security update for Excel 2010: July 11, 2017
2017-07-11 07:00:00
Description of the security update for Excel 2013: July 11, 2017
2017-07-11 07:00:00
threatpost
threatpost
Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways
2019-11-22 13:32:10
Word Attachment Delivers FormBook Malware, No Macros Required
2018-04-09 18:35:39
Despite Ringleader’s Arrest, Cobalt Group Still Active
2018-05-28 12:21:42
mscve
mscve
Microsoft Office Remote Code Execution Vulnerability
2017-07-11 07:00:00
Microsoft Office Memory Corruption Vulnerability
2017-07-11 07:00:00
Microsoft Office Memory Corruption Vulnerability
2017-07-11 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Composite Moniker Code Execution (CVE-2017-8570)
2017-08-29 00:00:00
Microsoft Office Remote Code Execution (CVE-2017-0243)
2017-05-09 00:00:00
zdt
zdt
Microsoft Office - Composite Moniker Remote Code Execution Exploit
2018-03-09 00:00:00
myhack58
myhack58
Sea Lotus APT groups use CVE-2017-8570 vulnerability of the new sample and Association analysis-vulnerability warning-the black bar safety net
2018-04-26 00:00:00
Oolong CVE-2017-8570 samples and behind the idea-vulnerability warning-the black bar safety net
2017-08-11 00:00:00
Office of the senior threat vulnerability in the wild use analysis-vulnerability warning-the black bar safety net
2017-08-08 00:00:00
cisa_kev
cisa_kev
Microsoft Office Remote Code Execution Vulnerability
2022-02-25 00:00:00
symantec
symantec
Microsoft Office CVE-2017-8570 Remote Code Execution Vulnerability
2017-07-11 00:00:00
Microsoft Office CVE-2017-8502 Memory Corruption Vulnerability
2017-07-11 00:00:00
Microsoft SharePoint Server CVE-2017-8569 Remote Privilege Escalation Vulnerability
2017-07-11 00:00:00
malwarebytes
malwarebytes
LemonDuck no longer settles for breadcrumbs
2021-07-30 17:19:31
exploitpack
exploitpack
Microsoft Office - Composite Moniker Remote Code Execution
2018-01-09 00:00:00
thn
thn
Cybercrime Group TA558 Targeting Hospitality, Hotel, and Travel Organizations
2022-08-19 13:35:00
CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog
2022-03-01 04:37:00
exploitdb
exploitdb
Microsoft Office - 'Composite Moniker Remote Code Execution
2018-01-09 00:00:00
canvas
canvas
Immunity Canvas: OFFICE_WSDL
2017-09-13 01:29:00
talosblog
talosblog
Multiple Cobalt Personality Disorder
2018-07-31 09:38:00
Microsoft Patch Tuesday - July 2017
2017-07-11 12:59:00
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-02-25 00:00:00
securelist
securelist
IT threat evolution Q3 2017. Statistics
2017-11-10 10:45:04
The King is dead. Long live the King!
2018-05-09 06:00:56
IT threat evolution Q1 2018. Statistics
2018-05-14 10:00:30
rapid7community
rapid7community
Patch Tuesday - July 2017
2017-07-12 13:39:36
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 10, 2017
2017-07-14 12:00:02
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 8, 2017
2017-05-12 16:47:57
mssecure
mssecure
Office 365 Advanced Threat Protection defense for corporate networks against recent Office exploit attacks
2017-11-21 13:46:01
qualysblog
qualysblog
Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking
2019-12-27 18:01:22
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)
2023-07-18 13:38:53
Qualys Top 20 Most Exploited Vulnerabilities
2023-09-04 14:00:00
avleonov
avleonov
September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM
2023-09-30 19:31:42

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for KLA11069
nessus4prion4openvas16cve5attackerkb2mskb19threatpost4mscve5checkpoint_advisories2zdt1myhack584cisa_kev1symantec5malwarebytes1exploitpack1thn2exploitdb1canvas1talosblog2cisa1securelist17rapid7community1trendmicroblog2mssecure1qualysblog3avleonov1