SB2017041209 - Multiple vulnerabilities in Microsoft Office
Published: April 12, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2017-0106)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when parsing specially crafted email messages by Microsoft Outlook. A remote unauthenticated attacker can create a specially crafted email message, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
2) Memory corruption (CVE-ID: CVE-2017-0194)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when parsing malicious .xls files. A remote unauthenticated attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in compromise vulnerable system.
3) Improper input validation (CVE-ID: CVE-2017-0204)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to improper input validation when parsing malicious files in Microsoft Outlook. A remote unauthenticated attacker can create a specially crafted Word or RTF file, trick the victim into opening it and bypass certain security restrictions.
4) Cross-site scripting (CVE-ID: CVE-2017-0195)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability is caused by incorrect filtration of input data in Microsoft Office Web Apps. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
5) Untrusted search path (CVE-ID: CVE-2017-0197)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the way the application loads .dll libraries. A remote attacker can place a specially crafted .dll file along with WORD document on a remote SMB or WebDav share, trick the victim into opening that document and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Information disclosure (CVE-ID: CVE-2017-0207)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper HTML tag input validation when parsing malicious files in Microsoft Outlook for Mac. A remote unauthenticated attacker can create a specially crafted email with specific HTML tags, trick the victim into opening it, perform spoofing attack and access authentication information or login credentials.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0106
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0194
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0204
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0195
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0197
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207