Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11243
HistoryMay 08, 2018 - 12:00 a.m.

KLA11243 Multiple vulnerabilities in Microsoft Office

2018-05-0800:00:00
Kaspersky Lab
threats.kaspersky.com
46

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.175 Low

EPSS

Percentile

96.0%

JSON

Detect date:

05/08/2018

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions and gain privileges.

Affected products:

Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Infopath 2013 Service Pack 1 (32-bit edition)
Microsoft Infopath 2013 Service Pack 1 (64-bit edition)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Project Server 2010 Service Pack 2
Microsoft Project Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Word Automation Services

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8147
CVE-2018-8148
CVE-2018-8149
CVE-2018-8150
CVE-2018-8155
CVE-2018-8156
CVE-2018-8157
CVE-2018-8158
CVE-2018-8160
CVE-2018-8161
CVE-2018-8162
CVE-2018-8163
CVE-2018-8168
CVE-2018-8173

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2018-81479.3Critical
CVE-2018-81489.3Critical
CVE-2018-81493.5Warning
CVE-2018-81504.3Warning
CVE-2018-81553.5Warning
CVE-2018-81563.5Warning
CVE-2018-81579.3Critical
CVE-2018-81589.3Critical
CVE-2018-81604.3Warning
CVE-2018-81619.3Critical
CVE-2018-81629.3Critical
CVE-2018-81634.3Warning
CVE-2018-81683.5Warning
CVE-2018-81739.3Critical

Microsoft official advisories:

KB list:

2899590
3114889
3162075
3172436
4018308
4018327
4018381
4018382
4018383
4018388
4018390
4018393
4018396
4018398
4018399
4022130
4022135
4022137
4022139
4022141
4022142
4022145
4022146
4022150

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

References

Related

nessus 7
openvas 16
cve 14
prion 14
mskb 24
mscve 14
symantec 14
checkpoint_advisories 6
zdi 3
trendmicroblog 1
talosblog 1
nessus
nessus
Security Updates for Microsoft Office Products (May 2018)
2018-05-08 00:00:00
Security Updates for Microsoft SharePoint Server and Microsoft Project Server (May 2018)
2018-05-08 00:00:00
Security Updates for Microsoft Excel Products (May 2018)
2018-05-08 00:00:00
openvas
openvas
Microsoft Office 2016 Click-to-Run (C2R) Multiple Vulnerabilities (May 2018)
2018-05-09 00:00:00
Microsoft Office 2010 Service Pack 2 Multiple RCE Vulnerabilities (KB2899590)
2018-05-09 00:00:00
Microsoft Office 2013 Service Pack 1 Multiple RCE Vulnerabilities (KB3172436)
2018-05-09 00:00:00
cve
cve
CVE-2018-8156
2018-05-09 19:29:00
CVE-2018-8155
2018-05-09 19:29:00
CVE-2018-8168
2018-05-09 19:29:00
prion
prion
Privilege escalation
2018-05-09 19:29:00
Privilege escalation
2018-05-09 19:29:00
Privilege escalation
2018-05-09 19:29:00
mskb
mskb
Description of the security update for Excel 2016: May 8, 2018
2018-05-08 07:00:00
Description of the security update for SharePoint Server 2016: May 8, 2018
2018-05-08 07:00:00
Description of the security update for Office 2010: May 8, 2018
2018-05-08 07:00:00
mscve
mscve
Microsoft SharePoint Elevation of Privilege Vulnerability
2018-05-08 07:00:00
Microsoft SharePoint Elevation of Privilege Vulnerability
2018-05-08 07:00:00
Microsoft SharePoint Elevation of Privilege Vulnerability
2018-05-08 07:00:00
symantec
symantec
Microsoft SharePoint Server CVE-2018-8155 Remote Privilege Escalation Vulnerability
2018-05-08 00:00:00
Microsoft SharePoint Server CVE-2018-8156 Remote Privilege Escalation Vulnerability
2018-05-08 00:00:00
Microsoft SharePoint Server CVE-2018-8149 Remote Privilege Escalation Vulnerability
2018-05-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Remote Code Execution (CVE-2018-8148)
2018-05-08 00:00:00
Microsoft Excel Remote Code Execution (CVE-2018-8162)
2018-05-08 00:00:00
Microsoft Office Remote Code Execution (CVE-2018-8157)
2018-05-08 00:00:00
zdi
zdi
Microsoft Office Excel Formula Record Type Confusion Information Disclosure Vulnerability
2018-05-14 00:00:00
Microsoft Office Excel PtgName Out-Of-Bounds Access Remote Code Execution Vulnerability
2018-05-14 00:00:00
Microsoft Office Graph Serialized Data Out-Of-Bounds Write Remote Code Execution Vulnerability
2018-05-14 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018
2018-05-11 15:37:20
talosblog
talosblog
Microsoft Patch Tuesday - May 2018
2018-05-08 12:02:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.175 Low

EPSS

Percentile

96.0%

JSON
Related for KLA11243
nessus7openvas16cve14prion14mskb24mscve14symantec14checkpoint_advisories6zdi3trendmicroblog1talosblog1