Rewterz Threat Advisory – CVE-2019-1034 & CVE-2019-1035 – Microsoft Multiple Products Multiple Vulnerabilities

Severity

Medium

Analysis Summary

An error in Microsoft Word software when handling objects in memory can be exploited to execute arbitrary code via a specially crafted file.

Impact

System access

Affected Vendors

Microsoft

Affected Products

• Microsoft Office 2010
• Microsoft Word 2010
• Microsoft Office Web Apps
• Microsoft Word 2013
• Microsoft Word 2013 RT
• Microsoft Office Web Apps 2010
• Microsoft Office 2016 for Mac
• Microsoft Word 2016 / O365
• Microsoft Office Online Server
• Office 365 ProPlus (formerly Microsoft Office 2016 Click-to-Run)
• Microsoft Office 2019 / O365
• Microsoft Office 2019 for Mac

Remediation

Apply update.

Microsoft Office 2016 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Word 2010 Service Pack 2 (64-bit editions) (KB4461619):

https://www.microsoft.com/downloads/details.aspx?familyid=e5d47aa9-47cd-4ac0-9f22-2e28fb70b26b

Microsoft Word 2010 Service Pack 2 (32-bit editions) (KB4461619):

https://www.microsoft.com/downloads/details.aspx?familyid=0e8131be-b2a3-4a4b-ba78-0385f3bf1186

Microsoft Office Web Apps 2010 Service Pack 2 (KB4461621):

https://www.microsoft.com/downloads/details.aspx?familyid=dfe669b0-1229-471e-bbbb-14055ae57bfd

Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4462178):

https://www.microsoft.com/downloads/details.aspx?familyid=4aaf564e-d5c4-456a-9bde-ebf0ee8f3755

Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4462178):

https://www.microsoft.com/downloads/details.aspx?familyid=1791deec-13c4-43b1-83f2-f374c74abfc0

Microsoft Word 2013 Service Pack 1 (64-bit editions) (KB4464590):

https://www.microsoft.com/downloads/details.aspx?familyid=82799eb6-ec1d-4177-a595-6899ca546fcb

Microsoft Word 2013 Service Pack 1 (32-bit editions) (KB4464590):

https://www.microsoft.com/downloads/details.aspx?familyid=8a40e385-1d51-4983-8b7e-730295964c7e

Microsoft Word 2016 (64-bit edition) (KB4464596):

https://www.microsoft.com/downloads/details.aspx?familyid=9d079df4-bb75-4546-b1b2-420fbcc05066

Microsoft Word 2016 (32-bit edition) (KB4464596):

https://www.microsoft.com/downloads/details.aspx?familyid=fbfb29f2-b9a1-4044-9bdb-8b37be8db0e0

Microsoft Office Online Server (KB4475511):

https://www.microsoft.com/downloads/details.aspx?familyid=fe7e422e-9d87-49c7-b167-1351a6ec6346

Microsoft Office 2019 for 64-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2019 for 32-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Word 2013 RT Service Pack 1 (KB4464590):

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 32-bit Systems:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 64-bit Systems:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2016 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

Microsoft Office 2019 for 64-bit editions:

Apply update (please see the vendor’s service database for details).

Microsoft Office 2019 for 32-bit editions:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 32-bit Systems:

Apply update (please see the vendor’s service database for details).

Office 365 ProPlus for 64-bit Systems:

Apply update (please see the vendor’s service database for details).