Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11976
HistoryOct 13, 2020 - 12:00 a.m.

KLA11976 Multiple vulnerabilites in Microsoft Office

2020-10-1300:00:00
Kaspersky Lab
threats.kaspersky.com
155

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.901 High

EPSS

Percentile

98.7%

JSON

Detect date:

10/13/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Server 2019
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2013 RT Service Pack 1
3D Viewer
Microsoft Office 2016 (64-bit edition)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 Click-to-Run (C2R) for 32-bit editions
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Word 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Office Online Server
Microsoft Word 2016 (32-bit edition)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Outlook 2016 (32-bit edition)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel Web App 2010 Service Pack 2
Microsoft Excel 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Enterprise Server 2016
Microsoft Excel 2016 (64-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office Web Apps 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office 2016 for Mac
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 Click-to-Run (C2R) for 64-bit editions

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-16928
CVE-2020-16929
CVE-2020-16941
CVE-2020-16946
CVE-2020-16947
CVE-2020-16944
CVE-2020-16945
CVE-2020-16948
CVE-2020-16949
CVE-2020-16942
CVE-2020-16932
CVE-2020-16952
CVE-2020-16955
CVE-2020-16954
CVE-2020-16951
CVE-2020-16950
CVE-2020-16953
CVE-2020-16934
CVE-2020-16933
CVE-2020-16918
CVE-2020-16957
CVE-2020-16930
CVE-2020-16931

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2020-169187.8Critical
CVE-2020-169287.8Critical
CVE-2020-169297.8Critical
CVE-2020-169414.1Warning
CVE-2020-169468.7Critical
CVE-2020-169477.5Critical
CVE-2020-169448.7Critical
CVE-2020-169458.7Critical
CVE-2020-169486.5High
CVE-2020-169494.7Warning
CVE-2020-169424.1Warning
CVE-2020-169327.8Critical
CVE-2020-169528.6Critical
CVE-2020-169557.8Critical
CVE-2020-169547.8Critical
CVE-2020-169518.6Critical
CVE-2020-169505.0Warning
CVE-2020-169536.5High
CVE-2020-169347.0High
CVE-2020-169337.0High
CVE-2020-169577.8Critical
CVE-2020-169307.8Critical
CVE-2020-169317.8Critical

KB list:

4486682
4486678
4484417
4486676
4486694
4486707
4486701
4486687
4486708
4486677
4486674
4486688
4484524
4486663
4486689
4484531
4486700
4486679
4486695
4486703
4484435
4486692
4462175
4486671

Microsoft official advisories:

References

Related

openvas 16
mskb 24
nessus 14
rapid7blog 2
attackerkb 1
prion 23
qualysblog 1
mscve 23
cve 23
metasploit 1
zdi 7
checkpoint_advisories 2
cisa 1
packetstorm 1
srcincite 2
githubexploit 2
zdt 1
nuclei 1
kaspersky 1
krebs 1
threatpost 1
thn 1
avleonov 1
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Oct 2020)
2020-10-14 00:00:00
Microsoft Excel 2010 Remote Code Execution Vulnerabilities (KB4486707)
2020-10-14 00:00:00
Microsoft Excel 2016 Remote Code Execution Vulnerabilities (KB4486678)
2020-10-14 00:00:00
mskb
mskb
Description of the security update for SharePoint Enterprise Server 2016: October 13, 2020
2020-10-13 07:00:00
Description of the security update for SharePoint Server 2019: October 13, 2020
2020-10-13 07:00:00
Description of the security update for SharePoint Foundation 2013: October 13, 2020
2020-10-13 07:00:00
nessus
nessus
Security Updates for Microsoft SharePoint Server 2013 (October 2020)
2020-10-13 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (October 2020)
2020-10-13 00:00:00
Security Updates for Microsoft SharePoint Server 2016 (October 2020)
2020-10-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - October 2020
2020-10-13 23:25:39
Metasploit Wrap-Up
2020-10-23 18:56:55
attackerkb
attackerkb
CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities
2020-10-16 00:00:00
prion
prion
Information disclosure
2020-10-16 23:15:00
Remote code execution
2020-10-16 23:15:00
Remote code execution
2020-10-16 23:15:00
qualysblog
qualysblog
October 2020 Patch Tuesday – 87 Vulnerabilities, 11 Critical, SharePoint, TCP/IP Stack, Graphics, Adobe Vulns
2020-10-13 18:52:03
mscve
mscve
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
2020-10-13 07:00:00
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
2020-10-13 07:00:00
Microsoft SharePoint Information Disclosure Vulnerability
2020-10-13 07:00:00
cve
cve
CVE-2020-16955
2020-10-16 23:15:00
CVE-2020-16918
2020-10-16 23:15:00
CVE-2020-16934
2020-10-16 23:15:00
metasploit
metasploit
Microsoft SharePoint Server-Side Include and ViewState RCE
2020-10-14 22:45:15
zdi
zdi
Microsoft Excel XLS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-10-19 00:00:00
Microsoft Outlook HTML Email Heap-based Buffer Overflow Remote Code Execution Vulnerability
2020-10-19 00:00:00
Microsoft Excel XLS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
2020-10-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Remote Code Execution (CVE-2020-16952)
2020-10-20 00:00:00
Microsoft SharePoint Server Remote Code Execution (CVE-2020-16951)
2020-12-29 00:00:00
cisa
cisa
NCSC Releases Alert on Microsoft SharePoint Vulnerability
2020-10-16 00:00:00
packetstorm
packetstorm
Microsoft SharePoint SSI / ViewState Remote Code Execution
2020-10-19 00:00:00
srcincite
srcincite
SRC-2020-0022 : Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include Remote Code Execution Vulnerability
2020-07-06 00:00:00
SRC-2020-0024 : Microsoft SharePoint Server TOCTOU ControlParameter Binding Remote Code Execution Vulnerability
2020-08-13 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Microsoft
2020-11-21 08:58:32
Exploit for Out-of-bounds Write in Microsoft
2020-10-15 14:32:25
zdt
zdt
Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit
2020-10-19 00:00:00
nuclei
nuclei
Microsoft SharePoint - Remote Code Execution
2020-10-14 08:49:48
kaspersky
kaspersky
KLA11974 ACE vulnerabilities in Microsoft Apps
2020-10-13 00:00:00
krebs
krebs
Microsoft Patch Tuesday, October 2020 Edition
2020-10-13 20:10:36
threatpost
threatpost
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
2020-10-13 20:44:01
thn
thn
Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs
2020-10-14 10:10:00
avleonov
avleonov
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
2021-01-11 01:50:44

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

8.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.901 High

EPSS

Percentile

98.7%

JSON
Related for KLA11976
openvas16mskb24nessus14rapid7blog2attackerkb1prion23qualysblog1mscve23cve23metasploit1zdi7checkpoint_advisories2cisa1packetstorm1srcincite2githubexploit2zdt1nuclei1kaspersky1krebs1threatpost1thn1avleonov1