Vulnerability

CERT-In Vulnerability Note CIVN-2018-0211
Multiple Vulnerabilities in Microsoft Office

Original Issue Date:December 12, 2018

Severity Rating: HIGH

Software Affected

Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Office 2019 for 32-bit and 64-bit editions
Microsoft Outlook 2010 Service Pack 2 (32-bit and 64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1 (32-bit and 64-bit editions)
Microsoft Outlook 2016 (32-bit and 64-bit editions)
Office 365 ProPlus for 32-bit and 64-bit Systems
Microsoft Excel 2010 Service Pack 2 (32-bit and 64-bit editions)
Microsoft Excel 2013 Service Pack 1 (32-bit and 64-bit editions)
Microsoft Excel 2016 (32-bit and 64-bit editions)
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit and 64-bit editions)
Microsoft Office 2016 for Mac
Microsoft Office 2019 for 32-bit and 64-bit editions
Microsoft Office 2019 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 SP1 and SP2
Microsoft PowerPoint Viewer

Overview

Multiple vulnerabilities have been reported in Microsoft Office which could allow an attacker to gain elevated privileges, obtain sensitive information, remote code execution or cross site search attacks.

Description

1. Microsoft SharePoint Information Disclosure Vulnerability ( CVE-2018-8580   )

This vulnerability exists in Microsoft SharePoint due to insufficient CSRF protections in certain modes of the search function. A remote attacker could exploit this vulnerability by enticing a user to visit the specially crafted HTML page or URL and incite the browser, through standard browser functionality, to invoke the search queries as the logged-in user.
Successful exploitation of this vulnerability could allow the attacker to discover facts about document, by issuing targeted queries as the logged-in user.

2. Microsoft Outlook Remote Code Execution Vulnerability ( CVE-2018-8587   )

A Remote Code Execution vulnerability exists in Microsoft Outlook due to its failure to properly handle objects in memory. A remote attacker could exploit this vulnerability by enticing the user to view a specially crafted link or convincing the user to open a malicious attachment sent via email.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the security context of the currently logged-in user.

3. Microsoft Excel Remote Code Execution Vulnerability ( CVE-2018-8597   )

This vulnerability exists in Microsoft Excel due to its failure to properly handle objects in memory. A remote attacker could exploit this vulnerability by enticing the user to view a specially crafted link or convincing the user to open a malicious attachment sent via email.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the security context of the currently logged-in user.

4. Microsoft Excel Information Disclosure Vulnerability ( CVE-2018-8598   )

This vulnerability exists due to improper memory operations that are performed by the affected software. A remote attacker could exploit the vulnerability by persuading a user to access a file that submits malicious input to the affected software.
Successful exploitation of this vulnerability could allow a remote attacker to access sensitive information.

5. Microsoft Excel Information Disclosure Vulnerability ( CVE-2018-8627   )

An Information Disclosure vulnerability exists due to a boundary error when processing Microsoft Excel files that could expose memory content. An attacker could exploit the vulnerability by enticing a user to access a malicious file to the affected software.
Successful exploit could allow the attacker to access sensitive information, which could be used to conduct additional attacks on a targeted system.

6. Microsoft PowerPoint Remote Code Execution Vulnerability ( CVE-2018-8628   )

A Remote Code Execution vulnerability exists in Microsoft PowerPoint due to improper memory operations performed by the affected software. An attacker could exploit this vulnerability by enticing a user to open a specially crafted malicious file.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.

7. Microsoft SharePoint Server Elevation of Privilege Vulnerability ( CVE-2018-8635   )

This vulnerability exists in Microsoft SharePoint Server due to improper sanitization of a crafted web request to an affected SharePoint server. A remote attacker could exploit this vulnerability by sending a specially crafted request to execute malicious code on a vulnerable server in the context of the SharePoint application pool account.
Successful exploitation of this vulnerability could allow the attacker to gain elevated privileges on the targeted system.

8. Microsoft Office SharePoint XSS Vulnerability ( CVE-2018-8650   )

This vulnerability exists in Microsoft SharePoint Server due to improper handling of specially crafted web requests. An authenticated remote attacker could exploit this vulnerability by sending a specially crafted web request to an affected system.
Successful exploitation of this vulnerability could allow the attacker to perform the cross site scripting attacks and execute arbitrary scripting code by the affected users� browser on the targeted system.

Solution

Apply appropriate software fixes as available on the vendor website.
https://portal.msrc.microsoft.com/en-US/security-guidance

Vendor Information

Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance

References

Cisco
https://tools.cisco.com/security/center/viewAlert.x?alertId=59281
https://tools.cisco.com/security/center/viewAlert.x?alertId=59282

CVE Name
CVE-2018-8580
CVE-2018-8587
CVE-2018-8597
CVE-2018-8636
CVE-2018-8598
CVE-2018-8627
CVE-2018-8628
CVE-2018-8635
CVE-2018-8650

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India