KLA11180Multiple vulnerabilities in Microsoft Office Online

2018-01-09T00:00:00
ID KLA11180
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

01/09/2018

Severity:

Warning

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Affected products:

Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Microsoft Office Online Server 2016
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office Word Viewer
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-0792
CVE-2018-0797

Related products:

Microsoft Word

CVE-IDS:

CVE-2018-07928.8Warning
CVE-2018-07977.8Warning

Microsoft official advisories:

KB list:

4011022