KLA11155 Multiple vulnerabilities in Microsoft Office

Detect date:

12/12/2017

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and gain privileges.

Affected products:

Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

ADV170021
CVE-2017-11934
CVE-2017-11935
CVE-2017-11936
CVE-2017-11939

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2017-119344.3Warning
CVE-2017-119359.3Critical
CVE-2017-119366.5High
CVE-2017-119394.0Warning

Microsoft official advisories:

KB list:

4011095
4011277
4011575
4011576
4011590
4011608
4011612
4011614
4011602
4011605
4011627
4011660
4011639
4011606

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.