KLA11180 Multiple vulnerabilities in Microsoft Office Online

Detect date:

01/09/2018

Severity:

Warning

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Affected products:

Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Microsoft Office Online Server 2016
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office Word Viewer
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-0792
CVE-2018-0797

Impacts:

ACE

Related products:

Microsoft Word

CVE-IDS:

CVE-2018-07929.3Critical
CVE-2018-07979.3Critical

Microsoft official advisories:

KB list:

4011022

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.