Lucene search

K
kasperskyKaspersky LabKLA11551
HistorySep 10, 2019 - 12:00 a.m.

KLA11551 Multiple vulnerability in Microsoft Office

2019-09-1000:00:00
Kaspersky Lab
threats.kaspersky.com
58

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.042

Percentile

92.2%

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely via IMPORTANTTHING to spoof user interface.
  2. An elevation of privilege vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted request to gain privileges.
  3. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely via specially crafted to execute arbitrary code.
  4. A cross-site-scripting (XSS) vulnerability Microsoft Office SharePoint can be exploited remotely via specially crafted web to spoof user interface.
  5. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  6. A remote code execution vulnerability in Microsoft SharePoint can be exploited remotely to execute arbitrary code.
  7. A security feature bypass vulnerability in Microsoft Office can be exploited remotely via specially crafted document to bypass security restrictions.
  8. An information disclosure vulnerability in Lync 2013 can be exploited remotely to obtain sensitive information.
  9. An information disclosure vulnerability in Microsoft Excel can be exploited remotely to obtain sensitive information.
  10. A spoofing vulnerability in Microsoft SharePoint can be exploited remotely to spoof user interface.
  11. A remote code execution vulnerability in Microsoft Excel can be exploited remotely via specially crafted file to execute arbitrary code.

Original advisories

CVE-2019-1261

CVE-2019-1260

CVE-2019-1257

CVE-2019-1262

CVE-2019-1246

CVE-2019-1295

CVE-2019-1264

CVE-2019-1296

CVE-2019-1209

CVE-2019-1263

CVE-2019-1259

CVE-2019-1297

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Lync

Microsoft-Office

Microsoft-Excel

Microsoft-Lync-Server

CVE list

CVE-2019-1261 high

CVE-2019-1260 warning

CVE-2019-1257 high

CVE-2019-1262 warning

CVE-2019-1246 critical

CVE-2019-1295 high

CVE-2019-1264 high

CVE-2019-1296 high

CVE-2019-1209 warning

CVE-2019-1263 warning

CVE-2019-1259 high

CVE-2019-1297 critical

KB list

4484098

4475590

4475596

4475594

4464557

4484099

4475605

4475599

4475591

4475611

4461631

4464548

4464566

4475583

4475589

4475607

4515509

4475566

4475579

4475574

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2010 Service Pack 2Microsoft Office 2010 Service Pack 2 (32-bit editions)Microsoft Office 2019 for 64-bit editionsWindows 10 Version 1809 for ARM64-based SystemsMicrosoft Office 2013 Service Pack 1 (32-bit editions)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2019 (Server Core installation)Windows 10 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 8.1 for 32-bit systemsWindows Server 2016 (Server Core installation)Windows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows Server 2012Windows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 8.1 for x64-based systemsWindows 10 Version 1703 for x64-based SystemsOffice 365 ProPlus for 64-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1803 for x64-based SystemsWindows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsMicrosoft Office 2013 RT Service Pack 1Windows Server 2008 for Itanium-Based Systems Service Pack 2Microsoft Office 2019 for 32-bit editionsWindows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2019Microsoft Office 2010 Service Pack 2 (64-bit editions)Windows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1709 for 64-based SystemsOffice 365 ProPlus for 32-bit SystemsMicrosoft Office 2016 (32-bit edition)Windows RT 8.1Windows Server 2016Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Microsoft Office 2013 Service Pack 1 (64-bit editions)Windows Server 2012 R2Windows 10 Version 1903 for ARM64-based SystemsMicrosoft Office 2016 (64-bit edition)Microsoft Project 2013 Service Pack 1 (32-bit editions)Microsoft Project 2013 Service Pack 1 (64-bit editions)Microsoft Project 2016 (32-bit edition)Microsoft Project 2010 Service Pack 2 (32-bit editions)Microsoft Project 2016 (64-bit edition)Microsoft Project 2010 Service Pack 2 (64-bit editions)Microsoft Lync Server 2013Microsoft Excel 2016 (32-bit edition)Microsoft Excel 2010 Service Pack 2 (32-bit editions)Microsoft Office 2016 for MacMicrosoft Excel 2016 (64-bit edition)Microsoft Excel 2010 Service Pack 2 (64-bit editions)Microsoft Excel 2013 RT Service Pack 1Microsoft Office 2019 for MacMicrosoft Excel 2013 Service Pack 1 (32-bit editions)Microsoft Excel 2013 Service Pack 1 (64-bit editions)

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.042

Percentile

92.2%