Rewterz Threat Advisory – CVE-2019-1034 – Microsoft SharePoint Server 2010 / 2013 Arbitrary Code Execution Vulnerability
June 12, 2019Rewterz Threat Advisory – Microsoft Edge Multiple Vulnerabilities
June 12, 2019Rewterz Threat Advisory – CVE-2019-1034 – Microsoft SharePoint Server 2010 / 2013 Arbitrary Code Execution Vulnerability
June 12, 2019Rewterz Threat Advisory – Microsoft Edge Multiple Vulnerabilities
June 12, 2019Severity
Medium
Analysis Summary
An error in Microsoft Word software when handling objects in memory can be exploited to execute arbitrary code via a specially crafted file.
Impact
System access
Affected Vendors
Microsoft
Affected Products
- Microsoft Office 2010
- Microsoft Word 2010
- Microsoft Office Web Apps
- Microsoft Word 2013
- Microsoft Word 2013 RT
- Microsoft Office Web Apps 2010
- Microsoft Office 2016 for Mac
- Microsoft Word 2016 / O365
- Microsoft Office Online Server
- Office 365 ProPlus (formerly Microsoft Office 2016 Click-to-Run)
- Microsoft Office 2019 / O365
- Microsoft Office 2019 for Mac
Remediation
Apply update.
Microsoft Office 2016 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049
Microsoft Office 2019 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049
Microsoft Word 2010 Service Pack 2 (64-bit editions) (KB4461619):
https://www.microsoft.com/downloads/details.aspx?familyid=e5d47aa9-47cd-4ac0-9f22-2e28fb70b26b
Microsoft Word 2010 Service Pack 2 (32-bit editions) (KB4461619):
https://www.microsoft.com/downloads/details.aspx?familyid=0e8131be-b2a3-4a4b-ba78-0385f3bf1186
Microsoft Office Web Apps 2010 Service Pack 2 (KB4461621):
https://www.microsoft.com/downloads/details.aspx?familyid=dfe669b0-1229-471e-bbbb-14055ae57bfd
Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4462178):
https://www.microsoft.com/downloads/details.aspx?familyid=4aaf564e-d5c4-456a-9bde-ebf0ee8f3755
Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4462178):
https://www.microsoft.com/downloads/details.aspx?familyid=1791deec-13c4-43b1-83f2-f374c74abfc0
Microsoft Word 2013 Service Pack 1 (64-bit editions) (KB4464590):
https://www.microsoft.com/downloads/details.aspx?familyid=82799eb6-ec1d-4177-a595-6899ca546fcb
Microsoft Word 2013 Service Pack 1 (32-bit editions) (KB4464590):
https://www.microsoft.com/downloads/details.aspx?familyid=8a40e385-1d51-4983-8b7e-730295964c7e
Microsoft Word 2016 (64-bit edition) (KB4464596):
https://www.microsoft.com/downloads/details.aspx?familyid=9d079df4-bb75-4546-b1b2-420fbcc05066
Microsoft Word 2016 (32-bit edition) (KB4464596):
https://www.microsoft.com/downloads/details.aspx?familyid=fbfb29f2-b9a1-4044-9bdb-8b37be8db0e0
Microsoft Office Online Server (KB4475511):
https://www.microsoft.com/downloads/details.aspx?familyid=fe7e422e-9d87-49c7-b167-1351a6ec6346
Microsoft Office 2019 for 64-bit editions:
Apply update (please see the vendor’s service database for details).
Microsoft Office 2019 for 32-bit editions:
Apply update (please see the vendor’s service database for details).
Microsoft Word 2013 RT Service Pack 1 (KB4464590):
Apply update (please see the vendor’s service database for details).
Office 365 ProPlus for 32-bit Systems:
Apply update (please see the vendor’s service database for details).
Office 365 ProPlus for 64-bit Systems:
Apply update (please see the vendor’s service database for details).
Microsoft Office 2016 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049
Microsoft Office 2019 for Mac:
https://go.microsoft.com/fwlink/p/?linkid=831049
Microsoft Office 2019 for 64-bit editions:
Apply update (please see the vendor’s service database for details).
Microsoft Office 2019 for 32-bit editions:
Apply update (please see the vendor’s service database for details).
Office 365 ProPlus for 32-bit Systems:
Apply update (please see the vendor’s service database for details).
Office 365 ProPlus for 64-bit Systems:
Apply update (please see the vendor’s service database for details).