Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12023
HistoryDec 08, 2020 - 12:00 a.m.

KLA12023 Multiple vulnerabilities in Microsoft Office

2020-12-0800:00:00
Kaspersky Lab
threats.kaspersky.com
26

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.674 Medium

EPSS

Percentile

97.9%

JSON

Detect date:

12/08/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information, bypass security restrictions, gain privileges.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft SharePoint Server 2019
Microsoft PowerPoint 2016 (32-bit edition)
Microsoft Excel 2010 Service Pack 2 (32-bit editions)
Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2016 (64-bit edition)
Office Online Server
Microsoft Office 2019 for Mac
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2019 for 64-bit editions
Microsoft Excel 2013 RT Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft PowerPoint 2016 (64-bit edition)
Microsoft Excel 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 (64-bit edition)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions)
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2016 (32-bit edition)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions)
Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions)
Microsoft Office Online Server
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2016 (32-bit edition)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-17129
CVE-2020-17128
CVE-2020-17115
CVE-2020-17123
CVE-2020-17122
CVE-2020-17121
CVE-2020-17120
CVE-2020-17130
CVE-2020-17126
CVE-2020-17125
CVE-2020-17124
CVE-2020-17127
CVE-2020-17089
CVE-2020-17118
CVE-2020-17119

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2020-171297.8Critical
CVE-2020-171287.8Critical
CVE-2020-171158.0Critical
CVE-2020-171237.8Critical
CVE-2020-171227.8Critical
CVE-2020-171218.8Critical
CVE-2020-171205.3High
CVE-2020-171306.5High
CVE-2020-171265.5High
CVE-2020-171257.8Critical
CVE-2020-171247.8Critical
CVE-2020-171277.8Critical
CVE-2020-170897.1High
CVE-2020-171188.1Critical
CVE-2020-171196.5High

KB list:

4493139
4493138
4486732
4484468
4484372
4484393
4486750
4486753
4486752
4486754
4486757
4486698
4493140
4486748
4493148
4493149
4486696
4486697
4486721
4486742
4486704
4486760
4486751

Microsoft official advisories:

References

Related

openvas 14
nessus 14
mskb 23
thn 1
prion 15
srcincite 2
mscve 15
cve 15
rapid7blog 1
seebug 1
zdi 5
avleonov 1
talos 1
checkpoint_advisories 1
qualysblog 1
threatpost 1
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2020)
2020-12-09 00:00:00
Microsoft Excel 2016 Security Feature Bypass And RCE Vulnerabilities (KB4486754)
2020-12-09 00:00:00
Microsoft Office Multiple Vulnerabilities (Dec 2020) - Mac OS X
2020-12-09 00:00:00
nessus
nessus
Security Updates for Microsoft Excel Products (December 2020)
2020-12-08 00:00:00
Security Updates for Microsoft Excel Products C2R (December 2020)
2022-06-10 00:00:00
Security Updates for Microsoft SharePoint Server 2010 (December 2020)
2020-12-10 00:00:00
mskb
mskb
Description of the security update for Excel 2010: December 8, 2020
2020-12-08 08:00:00
Description of the security update for Excel 2016: December 8, 2020
2020-12-08 08:00:00
Description of the security update for Office Web Apps Server 2013: December 8, 2020
2020-12-08 08:00:00
thn
thn
Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws
2020-12-09 04:57:00
prion
prion
Spoofing
2020-12-10 00:15:00
Information disclosure
2020-12-10 00:15:00
Remote code execution
2020-12-10 00:15:00
srcincite
srcincite
SRC-2020-0029 : Microsoft SharePoint Server DataFormParameter ParameterBinding Elevation of Privilege Vulnerability
2020-07-14 00:00:00
SRC-2020-0034 : Microsoft SharePoint Server SPSqlDataSource Information Disclosure Vulnerability
2020-08-13 00:00:00
mscve
mscve
Microsoft Excel Remote Code Execution Vulnerability
2020-12-08 08:00:00
Microsoft SharePoint Server Spoofing Vulnerability
2020-12-08 08:00:00
Microsoft SharePoint Information Disclosure Vulnerability
2020-12-08 08:00:00
cve
cve
CVE-2020-17119
2020-12-10 00:15:00
CVE-2020-17118
2020-12-10 00:15:00
CVE-2020-17129
2020-12-10 00:15:00
rapid7blog
rapid7blog
Patch Tuesday - December 2020
2020-12-08 21:36:27
seebug
seebug
Microsoft SharePointδΏ‘ζ―ζ³„ιœ²ζΌζ΄žοΌˆCVE-2020-17120οΌ‰
2021-04-21 00:00:00
zdi
zdi
Microsoft Outlook MSG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2020-12-11 00:00:00
Microsoft PowerPoint PPTX File Use-After-Free Remote Code Execution Vulnerability
2020-12-09 00:00:00
Microsoft Excel XLS File Parsing Integer Signedness Remote Code Execution Vulnerability
2020-12-11 00:00:00
avleonov
avleonov
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
2021-01-11 01:50:44
talos
talos
Microsoft Office ElementType code execution vulnerability
2020-12-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Remote Code Execution (CVE-2020-17121)
2020-12-08 00:00:00
qualysblog
qualysblog
December 2020 Patch Tuesday – 58 Vulnerabilities, 9 Critical, Windows Exchange, Hyper-V, SharePoint, Adobe
2020-12-08 20:26:44
threatpost
threatpost
Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays
2020-12-08 20:23:30

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.674 Medium

EPSS

Percentile

97.9%

JSON
Related for KLA12023
openvas14nessus14mskb23thn1prion15srcincite2mscve15cve15rapid7blog1seebug1zdi5avleonov1talos1checkpoint_advisories1qualysblog1threatpost1