Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11536
HistoryAug 13, 2019 - 12:00 a.m.

KLA11536 Multiple vulnerabilities in Microsoft Office

2019-08-1300:00:00
Kaspersky Lab
threats.kaspersky.com
48

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.126 Low

EPSS

Percentile

95.4%

JSON

Detect date:

08/13/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, gain privileges, obtain sensitive information.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Server 2019
Outlook for iOS
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Online Server
Office 365 ProPlus for 32-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 for Mac
Office 365 ProPlus for 64-bit Systems
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1
Windows Server 2012
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 10 Version 1803 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 10 Version 1903 for ARM64-based Systems
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows RT 8.1
Windows 10 Version 1809 for 32-bit Systems
Windows Server, version 1803 (Server Core Installation)
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016
Windows 8.1 for x64-based systems
Windows 10 Version 1709 for 64-based Systems
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2019
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2010 Service Pack 2 (64-bit editions)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1203
CVE-2019-1218
CVE-2019-1205
CVE-2019-1204
CVE-2019-1199
CVE-2019-1200
CVE-2019-1202
CVE-2019-1153
CVE-2019-1155
CVE-2019-1201
CVE-2019-1149
CVE-2019-1148
CVE-2019-1151
ADV190014

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2019-11532.1Warning
CVE-2019-11519.3Critical
CVE-2019-11482.1Warning
CVE-2019-11559.3Critical
CVE-2019-11499.3Critical
CVE-2019-12033.5Warning
CVE-2019-12183.5Warning
CVE-2019-12059.3Critical
CVE-2019-12044.3Warning
CVE-2019-11999.3Critical
CVE-2019-12009.3Critical
CVE-2019-12023.6Warning
CVE-2019-12019.3Critical

Microsoft official advisories:

KB list:

4475506
4475538
4464599
4475555
4475549
4475557
4475528
4475563
4475573
4475553
4475565
4475575
4475530
4475540
4475547
4462137
4475531
4462216
4475534
4475533

References

Related

nessus 19
openvas 21
mskb 35
prion 22
cve 22
mscve 13
symantec 13
checkpoint_advisories 3
zdi 3
githubexploit 1
threatpost 2
talosblog 1
kaspersky 2
nessus
nessus
Security Updates for Microsoft Office Products C2R (August 2019)
2022-06-10 00:00:00
Security Updates for Microsoft Office Products (August 2019)
2019-08-13 00:00:00
Security Update for Microsoft Office (August 2019) (macOS)
2019-08-14 00:00:00
openvas
openvas
Microsoft Office Multiple Vulnerabilities (Aug 2019) - Mac OS X
2019-08-14 00:00:00
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Aug 2019)
2019-08-14 00:00:00
Microsoft Outlook 2016 Service Pack 2 Multiple Vulnerabilities (KB4475553)
2019-08-14 00:00:00
mskb
mskb
Description of the security update for SharePoint Server 2019: August 13, 2019
2019-08-13 07:00:00
Description of the security update for SharePoint Enterprise Server 2016: August 13, 2019
2019-08-13 07:00:00
Description of the security update for Outlook 2016: August 13, 2019
2019-08-13 07:00:00
prion
prion
Remote code execution
2019-08-14 21:15:00
Remote code execution
2019-08-14 21:15:00
Information disclosure
2019-08-14 21:15:00
cve
cve
CVE-2019-1205
2019-08-14 21:15:00
CVE-2019-1201
2019-08-14 21:15:00
CVE-2019-1148
2019-08-14 21:15:00
mscve
mscve
Microsoft Office SharePoint XSS Vulnerability
2019-08-13 07:00:00
Microsoft Outlook Remote Code Execution Vulnerability
2019-08-13 07:00:00
Microsoft Word Remote Code Execution Vulnerability
2019-08-13 07:00:00
symantec
symantec
Microsoft Outlook CVE-2019-1204 Remote Privilege Escalation Vulnerability
2019-08-13 00:00:00
Microsoft Outlook CVE-2019-1200 Remote Code Execution Vulnerability
2019-08-13 00:00:00
Microsoft Office SharePoint CVE-2019-1203 Cross Site Scripting Vulnerability
2019-08-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Word Remote Code Execution (CVE-2019-1201)
2019-08-13 00:00:00
Microsoft Office Information Disclosure(CVE-2019-1153)
2020-05-22 00:00:00
Microsoft Outlook Memory Corruption (CVE-2019-1199)
2019-08-13 00:00:00
zdi
zdi
Microsoft Word DOC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
2019-08-13 00:00:00
Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
2019-08-13 00:00:00
Microsoft Windows Font Subsetting Library Out-Of-Bounds Read Information Disclosure Vulnerability
2019-08-13 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Microsoft
2019-10-09 16:12:09
threatpost
threatpost
Microsoft, Adobe Exploits Top List of Crooks' Wish List
2021-05-18 12:32:46
Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
2019-08-13 20:29:10
talosblog
talosblog
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
2019-08-14 09:55:35
kaspersky
kaspersky
KLA11989 Multiple vulnerabilities in Microsoft Products (ESU)
2019-08-13 00:00:00
KLA11534 Multiple vulnerabilities in Microsoft Windows
2019-08-13 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.126 Low

EPSS

Percentile

95.4%

JSON
Related for KLA11536
nessus19openvas21mskb35prion22cve22mscve13symantec13checkpoint_advisories3zdi3githubexploit1threatpost2talosblog1kaspersky2