Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11499
HistoryJun 11, 2019 - 12:00 a.m.

KLA11499 Multiple vulnerabilities in Microsoft Office

2019-06-1100:00:00
Kaspersky Lab
threats.kaspersky.com
25

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON

Detect date:

06/11/2019

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Affected products:

Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2019 for 32-bit editions
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Word 2016 (32-bit edition)
Microsoft Office 2019 for Mac
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2013 RT Service Pack 1
Microsoft SharePoint Server 2019
Microsoft Office Online Server
Office 365 ProPlus for 32-bit Systems
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 64-bit editions
Office 365 ProPlus for 64-bit Systems
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Lync Server 2013
Microsoft Lync Server 2010
Microsoft Project Server 2010 Service Pack 2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1034
CVE-2019-1031
CVE-2019-1032
CVE-2019-1029
CVE-2019-1035
CVE-2019-1033
CVE-2019-1036

Impacts:

ACE

Related products:

Microsoft Lync

CVE-IDS:

CVE-2019-10349.3Critical
CVE-2019-10313.5Warning
CVE-2019-10323.5Warning
CVE-2019-10297.1High
CVE-2019-10359.3Critical
CVE-2019-10333.5Warning
CVE-2019-10363.5Warning

Microsoft official advisories:

KB list:

4464596
4461619
4461621
4464594
4461611
4464590
4464602
4475511
4475512
4462178
4464597
4464571
4506009
4092442

References

Related

mskb 14
nessus 8
prion 7
cve 7
openvas 5
threatpost 1
mscve 7
symantec 7
zdi 2
krebs 1
talosblog 1
mskb
mskb
Description of the security update for SharePoint Server 2019: June 11, 2019
2019-06-11 07:00:00
Description of the security update for SharePoint Enterprise Server 2016: June 11, 2019
2019-06-11 07:00:00
Description of the security update for SharePoint Foundation 2013: June 11, 2019
2019-06-11 07:00:00
nessus
nessus
Security Updates for Microsoft SharePoint Server (June 2019)
2019-06-11 00:00:00
Security Updates for Microsoft Office Products C2R (June 2019)
2022-06-10 00:00:00
Security Updates for Microsoft Office Products (June 2019)
2019-06-11 00:00:00
prion
prion
Cross site scripting
2019-06-12 14:29:00
Cross site scripting
2019-06-12 14:29:00
Cross site scripting
2019-06-12 14:29:00
cve
cve
CVE-2019-1031
2019-06-12 14:29:00
CVE-2019-1033
2019-06-12 14:29:00
CVE-2019-1032
2019-06-12 14:29:00
openvas
openvas
Microsoft Office Multiple Remote Code Execution Vulnerabilities (Jun 2019) - Mac OS X
2019-06-12 00:00:00
Microsoft Office 365 (2016 Click-to-Run) Multiple RCE Vulnerabilities (Jun 2019)
2019-06-12 00:00:00
Microsoft Word 2010 Service Pack 2 Remote Code Execution Vulnerability (KB4461619)
2019-06-12 00:00:00
threatpost
threatpost
Microsoft Patches Four Publicly-Known Vulnerabilities
2019-06-11 20:29:45
mscve
mscve
Microsoft Word Remote Code Execution Vulnerability
2019-06-11 07:00:00
Microsoft Office SharePoint XSS Vulnerability
2019-06-11 07:00:00
Microsoft Office SharePoint XSS Vulnerability
2019-06-11 07:00:00
symantec
symantec
Microsoft Word CVE-2019-1034 Remote Code Execution Vulnerability
2019-06-11 00:00:00
Microsoft Word CVE-2019-1035 Remote Code Execution Vulnerability
2019-06-11 00:00:00
Microsoft Office SharePoint CVE-2019-1036 Cross Site Scripting Vulnerability
2019-06-11 00:00:00
zdi
zdi
Microsoft Word Table Out-Of-Bounds Access Remote Code Execution Vulnerability
2019-06-14 00:00:00
Microsoft Word DOCX Parsing Use-After-Free Information Disclosure Vulnerability
2019-06-11 00:00:00
krebs
krebs
Microsoft Patch Tuesday, June 2019 Edition
2019-06-12 13:26:21
talosblog
talosblog
Microsoft Patch Tuesday — June 2019: Vulnerability disclosures and Snort coverage
2019-06-11 11:42:30

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON
Related for KLA11499
mskb14nessus8prion7cve7openvas5threatpost1mscve7symantec7zdi2krebs1talosblog1