Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA49155
HistoryMay 09, 2023 - 12:00 a.m.

KLA49155 Multiple vulnerabilities in Microsoft Office

2023-05-0900:00:00
Kaspersky Lab
threats.kaspersky.com
38

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.42 Medium

EPSS

Percentile

97.2%

JSON

Detect date:

05/09/2023

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface, bypass security restrictions.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office Online Server
Microsoft Teams
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 64-bit editions
Microsoft Word 2016 (64-bit edition)
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Word 2013 RT Service Pack 1
Microsoft Excel 2013 RT Service Pack 1
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft Word 2016 (32-bit edition)
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Word 2013 Service Pack 1 (32-bit editions)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update component usually can be accessed from the Control Panel) and updates from the Update Options section, that are listed in your Office Account (Office Account tab usually can be accessed from the File menu)
Install Office updates

Original advisories:

CVE-2023-29344
CVE-2023-24955
CVE-2023-29333
CVE-2023-24881
CVE-2023-24953
CVE-2023-24950
CVE-2023-24954
CVE-2023-29335

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2023-293447.8Critical
CVE-2023-249557.2High
CVE-2023-293333.3Warning
CVE-2023-248816.5High
CVE-2023-249537.8Critical
CVE-2023-249506.5High
CVE-2023-249546.5High
CVE-2023-293357.5Critical

KB list:

5002372
5002369
5002397
5002386
5002365
5002389
5002390
5002384

Microsoft official advisories:

References

Related

openvas 6
nessus 11
mskb 8
zdi 3
cve 8
prion 8
cvelist 8
mscve 8
cnvd 2
attackerkb 1
talosblog 1
hackread 1
cisa_kev 1
githubexploit 1
packetstorm 1
metasploit 1
thn 3
zdt 1
hivepro 1
qualysblog 1
rapid7blog 2
avleonov 1
openvas
openvas
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (May 2023)
2023-05-10 00:00:00
Microsoft Office 2019 Multiple RCE Vulnerabilities (May 2023) - Mac OS X
2023-05-15 00:00:00
Microsoft Word 2016 Security Feature Bypass Vulnerability (KB5002369)
2023-05-10 00:00:00
nessus
nessus
Security Updates for Microsoft SharePoint Server Subscription Edition (May 2023)
2023-05-10 00:00:00
Security Updates for Microsoft SharePoint Server 2016 (May 2023)
2023-05-10 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (May 2023)
2023-05-10 00:00:00
mskb
mskb
Description of the security update for SharePoint Enterprise Server 2016: May 9, 2023 (KB5002397)
2023-05-09 07:00:00
Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 (KB5002390)
2023-05-09 07:00:00
Description of the security update for SharePoint Server 2019: May 9, 2023 (KB5002389)
2023-05-09 07:00:00
zdi
zdi
(Pwn2Own) Microsoft SharePoint GenerateProxyAssembly Code Injection Remote Code Execution Vulnerability
2023-06-16 00:00:00
(Pwn2Own) Microsoft SharePoint userphoto Information Disclosure Vulnerability
2023-06-16 00:00:00
Microsoft SharePoint AdRotator Improper Input Validation NTLM Relay Vulnerability
2023-05-10 00:00:00
cve
cve
CVE-2023-29335
2023-05-09 18:15:13
CVE-2023-29344
2023-06-05 19:15:10
CVE-2023-29333
2023-05-09 18:15:13
prion
prion
Denial of service
2023-05-09 18:15:00
Remote code execution
2023-06-05 19:15:00
Security feature bypass
2023-05-09 18:15:00
cvelist
cvelist
CVE-2023-29344 Microsoft Office Remote Code Execution Vulnerability
2023-06-05 18:26:41
CVE-2023-29335 Microsoft Word Security Feature Bypass Vulnerability
2023-05-09 17:03:03
CVE-2023-29333 Microsoft Access Denial of Service Vulnerability
2023-05-09 17:03:09
mscve
mscve
Microsoft Office Remote Code Execution Vulnerability
2023-05-09 07:00:00
Microsoft Word Security Feature Bypass Vulnerability
2023-05-09 07:00:00
Microsoft Excel Remote Code Execution Vulnerability
2023-05-09 07:00:00
cnvd
cnvd
Microsoft Excel Code Execution Vulnerability (CNVD-2023-80165)
2023-05-12 00:00:00
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-53466)
2023-05-12 00:00:00
attackerkb
attackerkb
CVE-2023-24955
2023-05-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years
2023-05-09 17:47:29
hackread
hackread
CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)
2024-03-28 17:24:22
cisa_kev
cisa_kev
Microsoft SharePoint Server Code Injection Vulnerability
2024-03-26 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2023-12-28 09:08:47
packetstorm
packetstorm
Sharepoint Dynamic Proxy Generator Remote Command Execution
2024-03-27 00:00:00
metasploit
metasploit
Sharepoint Dynamic Proxy Generator Unauth RCE
2024-01-19 20:22:22
thn
thn
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
2024-01-12 06:35:00
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability
2024-03-27 13:15:00
OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
2023-10-02 08:02:00
zdt
zdt
Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit
2024-03-27 00:00:00
hivepro
hivepro
Active Exploitation of Two Critical Flaws in Microsoft SharePoint
2024-01-15 12:56:34
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, May 2023 Security Update Review
2023-05-09 21:24:08
rapid7blog
rapid7blog
Patch Tuesday - May 2023
2023-05-09 20:02:02
Metasploit Weekly Wrap-Up 03/29/2024
2024-03-29 18:14:02
avleonov
avleonov
Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE
2023-05-27 22:39:14

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.42 Medium

EPSS

Percentile

97.2%

JSON
Related for KLA49155
openvas6nessus11mskb8zdi3cve8prion8cvelist8mscve8cnvd2attackerkb1talosblog1hackread1cisa_kev1githubexploit1packetstorm1metasploit1thn3zdt1hivepro1qualysblog1rapid7blog2avleonov1