Microsoft Office Multiple Vulnerabilities

Reference: CERT.be Advisory #2018-009
Version: 2018-009
Affected software: Microsoft Office
Type: Vulnerabilities

Risks

Excel (CVE-2018-0920): remote execution flaw
VBScript (CVE-2018-1004): remote execution flaw
.RTF files handled by apps (CVE-2018-0950): information disclosure bug
.docx and RTF formats – (CVE-2017-8570): remote execution flaw

Summary

Excel (CVE-2018-0920)

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user opens a specially crafted file with an affected version of Microsoft Excel.

VBScript (CVE-2018-1004)

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine.

RTF files handled by apps (CVE-2018-0950)

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

.docx and RTF formats – (CVE-2017-8570)

Concerns document attacks targeting inboxes which do not require enabling macros to trigger an infection to deliver malware. Anti-virus solutions can be evaded by the attacks because there is no detection of malicious content or rogue links in the document. The attack relies on a remotely hosted malicious object. Design flaws are being exploited in the document formats .docx and RTF, this in combination with the abuse of unpatched instances of a remote code execution vulnerability (CVE-2017-8570).
To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Office software.
An attacker who successfully exploited this vulnerability could use this specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.

Recommend action

Patch your application(s) - system(s) as soon as possible.
More info and patches are available below in the references section.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2...
https://threatpost.com/word-attachment-delivers-formbook-malware-no-macr...