Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12175
HistoryMay 11, 2021 - 12:00 a.m.

KLA12175 Multiple vulnerabilities in Microsoft Office

2021-05-1100:00:00
Kaspersky Lab
threats.kaspersky.com
49

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.283 Low

EPSS

Percentile

96.8%

JSON

Detect date:

05/11/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Office Online Server
Microsoft SharePoint Enterprise Server 2016
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft Word 2016 (64-bit edition)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Skype for Business Server 2015 CU11
Microsoft Office 2019 for 32-bit editions
Microsoft Excel 2016 (64-bit edition)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft SharePoint Foundation 2013 Service Pack 1
Skype for Business Server 2019 CU5
Microsoft Office 2019 for Mac
Microsoft Excel 2013 RT Service Pack 1
Microsoft Word 2016 (32-bit edition)
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Lync Server 2013 CU10
Microsoft Excel 2016 (32-bit edition)
Microsoft SharePoint Server 2019
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Word 2013 Service Pack 1 (32-bit editions)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-31181
CVE-2021-26421
CVE-2021-26422
CVE-2021-31178
CVE-2021-28455
CVE-2021-26418
CVE-2021-31179
CVE-2021-31180
CVE-2021-28478
CVE-2021-28474
CVE-2021-31172
CVE-2021-31177
CVE-2021-31173
CVE-2021-31176
CVE-2021-31174
CVE-2021-31175
CVE-2021-31171

Impacts:

ACE

Related products:

Microsoft Lync

CVE-IDS:

CVE-2021-284558.8Critical
CVE-2021-311818.8Critical
CVE-2021-264216.5High
CVE-2021-264227.2High
CVE-2021-311785.5High
CVE-2021-264184.6Warning
CVE-2021-311797.8Critical
CVE-2021-311807.8Critical
CVE-2021-284787.6Critical
CVE-2021-284748.8Critical
CVE-2021-311727.1High
CVE-2021-311777.8Critical
CVE-2021-311735.3High
CVE-2021-311767.8Critical
CVE-2021-311745.5High
CVE-2021-311757.8Critical
CVE-2021-311714.1Warning

Microsoft official advisories:

KB list:

5001914
5001931
5001919
5001917
4493197
5003729
4464542
5001920
5001927
5001923
4493206
5001918
5001916
5001928
5001936
5001925
5001935
4504711
4484527

References

Related

nessus 22
mskb 33
openvas 20
thn 1
rapid7blog 2
prion 17
cve 17
mscve 17
cnvd 3
srcincite 1
seebug 2
zdi 5
attackerkb 1
metasploit 1
checkpoint_advisories 1
packetstorm 1
zdt 1
qualysblog 1
threatpost 2
kaspersky 2
avleonov 1
nessus
nessus
Security Updates for Microsoft Office Products C2R (May 2021)
2022-06-10 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (May 2021)
2021-05-11 00:00:00
Security Updates for Microsoft Office Products (May 2021)
2021-05-11 00:00:00
mskb
mskb
Description of the security update for SharePoint Foundation 2013: May 11, 2021 (KB5001935)
2021-05-11 07:00:00
Description of the security update for SharePoint Server 2019: May 11, 2021 (KB5001916)
2021-05-11 07:00:00
Description of the security update for SharePoint Enterprise Server 2016: May 11, 2021 (KB5001917)
2021-05-11 07:00:00
openvas
openvas
Microsoft Office 2016 Remote Code Execution Vulnerabilities (KB5001923)
2021-05-12 00:00:00
Microsoft Office Remote Code Execution Vulnerabilities (KB5001927)
2021-05-12 00:00:00
Microsoft Excel 2016 Multiple Vulnerabilities (KB5001918)
2021-05-12 00:00:00
thn
thn
New UAF Vulnerability Affecting Microsoft Office to be Patched Today
2021-06-08 10:31:00
rapid7blog
rapid7blog
Patch Tuesday - May 2021
2021-05-11 23:44:00
Metasploit Wrap-Up
2021-06-18 16:46:21
prion
prion
Spoofing
2021-05-11 19:15:00
Information disclosure
2021-05-11 19:15:00
Information disclosure
2021-05-11 19:15:00
cve
cve
CVE-2021-28474
2021-05-11 19:15:00
CVE-2021-31171
2021-05-11 19:15:00
CVE-2021-31172
2021-05-11 19:15:00
mscve
mscve
Microsoft SharePoint Information Disclosure Vulnerability
2021-05-11 07:00:00
Microsoft SharePoint Server Remote Code Execution Vulnerability
2021-05-11 07:00:00
Microsoft Office Remote Code Execution Vulnerability
2021-05-11 07:00:00
cnvd
cnvd
Microsoft SharePoint Spoofing Vulnerability
2021-05-12 00:00:00
Microsoft SharePoint Server Information Disclosure Vulnerability
2021-05-12 00:00:00
Microsoft SharePoint Remote Code Execution Vulnerability
2021-05-12 00:00:00
srcincite
srcincite
SRC-2021-0018 : Microsoft SharePoint Server OAuth Authorization Code Leak Elevation of Privilege Vulnerability
2020-10-29 00:00:00
seebug
seebug
Microsoft SharePoint远程代码执行漏洞(CVE-2021-31181)
2021-06-03 00:00:00
Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-28474)
2021-07-12 00:00:00
zdi
zdi
Microsoft SharePoint Server-Side Control Interpretation Conflict Remote Code Execution Vulnerability
2021-05-13 00:00:00
Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability
2021-05-13 00:00:00
Microsoft SharePoint WebPart Interpretation Conflict Remote Code Execution Vulnerability
2021-05-13 00:00:00
attackerkb
attackerkb
CVE-2021-31181
2021-05-11 00:00:00
metasploit
metasploit
Microsoft SharePoint Unsafe Control and ViewState RCE
2021-06-07 17:37:28
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Remote Code Execution (CVE-2021-31181)
2021-05-11 00:00:00
packetstorm
packetstorm
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
2021-06-17 00:00:00
zdt
zdt
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution Exploit
2021-06-17 00:00:00
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (May 2021) – Qualys covers 85 Vulnerabilities, 26 Critical
2021-05-11 21:53:37
threatpost
threatpost
Wormable Windows Bug Opens Door to DoS, RCE
2021-05-11 20:05:44
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
2021-12-14 22:21:35
kaspersky
kaspersky
KLA12167 Multiple vulnerabilities in Microsoft Products (ESU)
2021-05-11 00:00:00
KLA12174 Multiple vulnerabilities in Microsoft Windows
2021-05-11 00:00:00
avleonov
avleonov
Vulristics: Microsoft Patch Tuesdays Q2 2021
2021-07-10 00:14:59

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.283 Low

EPSS

Percentile

96.8%

JSON
Related for KLA12175
nessus22mskb33openvas20thn1rapid7blog2prion17cve17mscve17cnvd3srcincite1seebug2zdi5attackerkb1metasploit1checkpoint_advisories1packetstorm1zdt1qualysblog1threatpost2kaspersky2avleonov1