Kaspersky LabKLA11461KLA11461 Multiple vulnerabilities in Microsoft Office
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.025 Low
EPSS
Percentile
89.9%
Microsoft official advisories:
KB list:
4462213
4462204
4464520
4464511
4464528
4464518
4464510
4464525
4462209
4462230
4462236
4462242
4464504
4462223
4464515
Detect date:
04/09/2019
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Office 365 ProPlus for 64-bit Systems
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Office 365 ProPlus for 32-bit Systems
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office 2016 for Mac
Microsoft Office 2019 for Mac
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Foundation 2013 Service Pack 1
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2019-0824
CVE-2019-0825
CVE-2019-0831
CVE-2019-0822
CVE-2019-0823
CVE-2019-0828
CVE-2019-0801
CVE-2019-0826
CVE-2019-0827
CVE-2019-0830
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2019-08246.8High
CVE-2019-08256.8High
CVE-2019-08313.5Warning
CVE-2019-08229.3Critical
CVE-2019-08236.8High
CVE-2019-08289.3Critical
CVE-2019-08016.8High
CVE-2019-08266.8High
CVE-2019-08276.8High
CVE-2019-08303.5Warning
References
support.microsoft.com/kb/4462204
support.microsoft.com/kb/4462209
support.microsoft.com/kb/4462213
support.microsoft.com/kb/4462223
support.microsoft.com/kb/4462230
support.microsoft.com/kb/4462236
support.microsoft.com/kb/4462242
support.microsoft.com/kb/4464504
support.microsoft.com/kb/4464510
support.microsoft.com/kb/4464511
support.microsoft.com/kb/4464515
support.microsoft.com/kb/4464518
support.microsoft.com/kb/4464520
support.microsoft.com/kb/4464525
support.microsoft.com/kb/4464528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0826
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0827
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0828
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0831
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0801
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0822
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0823
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0824
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0825
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0826
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0827
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0828
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Excel/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.025 Low
EPSS
Percentile
89.9%