Search criteria
297 vulnerabilities found for office by microsoft
CERTFR-2026-AVI-0089
Vulnerability from certfr_avis - Published: 2026-01-27 - Updated: 2026-01-27
Une vulnérabilité a été découverte dans Microsoft Office. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Microsoft indique que la vulnérabilité CVE-2026-21509 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-21509",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21509"
}
],
"initial_release_date": "2026-01-27T00:00:00",
"last_revision_date": "2026-01-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0089",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Office. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2026-21509 est activement exploit\u00e9e.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-21509",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509"
}
]
}
CERTFR-2026-AVI-0043
Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20083 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5535.1000 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office Deployment Tool versions antérieures à 16.0.19426.20170 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.105.26011018 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5535.1000 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5535.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5535.1000 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.105.26011018 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5535.1000 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5535.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20083",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5535.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Deployment Tool versions ant\u00e9rieures \u00e0 16.0.19426.20170",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.105.26011018",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5535.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5535.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5535.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.105.26011018",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5535.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5535.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20957",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20957"
},
{
"name": "CVE-2026-20943",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20943"
},
{
"name": "CVE-2026-20948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20948"
},
{
"name": "CVE-2026-20956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20956"
},
{
"name": "CVE-2026-20955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20955"
},
{
"name": "CVE-2026-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20952"
},
{
"name": "CVE-2026-20950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20950"
},
{
"name": "CVE-2026-20949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20949"
},
{
"name": "CVE-2026-20946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20946"
},
{
"name": "CVE-2026-20953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20953"
},
{
"name": "CVE-2026-20944",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20944"
}
],
"initial_release_date": "2026-01-14T00:00:00",
"last_revision_date": "2026-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0043",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20953",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20953"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20949",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20949"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20956",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20956"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20946",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20946"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20955",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20955"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20950",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20950"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20957",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20957"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20944",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20944"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20952",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20952"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20943",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20943"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2026-20948",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20948"
}
]
}
CERTFR-2025-AVI-1091
Vulnerability from certfr_avis - Published: 2025-12-10 - Updated: 2025-12-10
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur informe que les correctifs de sécurité de Microsoft Office LTSC pour Mac 2021 et 2024 ne sont pas publiés pour le moment. Leur disponibilité sera annoncée par la mise à jour des avis éditeurs associés.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5530.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5530.1001 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20075 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5530.1000 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Access 2016 (édition 32 bits) versions antérieures à 16.0.5530.1000 | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Access 2016 (édition 64 bits) versions antérieures à 16.0.5530.1000 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5530.1000 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5530.1000 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5530.1001 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.19530.20000 | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20075",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5530.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.19530.20000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur informe que les correctifs de s\u00e9curit\u00e9 de Microsoft Office LTSC pour Mac 2021 et 2024 ne sont pas publi\u00e9s pour le moment. Leur disponibilit\u00e9 sera annonc\u00e9e par la mise \u00e0 jour des avis \u00e9diteurs associ\u00e9s.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62554"
},
{
"name": "CVE-2025-62562",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62562"
},
{
"name": "CVE-2025-62555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62555"
},
{
"name": "CVE-2025-62558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62558"
},
{
"name": "CVE-2025-62552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62552"
},
{
"name": "CVE-2025-62561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62561"
},
{
"name": "CVE-2025-62556",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62556"
},
{
"name": "CVE-2025-62560",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62560"
},
{
"name": "CVE-2025-62553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62553"
},
{
"name": "CVE-2025-62563",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62563"
},
{
"name": "CVE-2025-62564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62564"
},
{
"name": "CVE-2025-62557",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62557"
},
{
"name": "CVE-2025-62559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62559"
}
],
"initial_release_date": "2025-12-10T00:00:00",
"last_revision_date": "2025-12-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1091",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62558",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62558"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62554",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62554"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62557",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62557"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62559",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62559"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62564",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62564"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62553",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62553"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62555",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62555"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62563",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62563"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62556",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62556"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62552",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62552"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62562",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62562"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62560",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62560"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62561",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62561"
}
]
}
CERTFR-2025-AVI-0995
Vulnerability from certfr_avis - Published: 2025-11-12 - Updated: 2025-11-12
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.103.25110922 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5526.1000 | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.19426.20044 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5526.1003 | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20068 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.103.25110922 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5526.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5526.1003 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.103.25110922",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5526.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.19426.20044",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5526.1003",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20068",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.103.25110922",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5526.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5526.1003",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-60728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60728"
},
{
"name": "CVE-2025-59240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59240"
},
{
"name": "CVE-2025-60724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60724"
},
{
"name": "CVE-2025-62216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62216"
},
{
"name": "CVE-2025-60727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60727"
},
{
"name": "CVE-2025-62205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62205"
},
{
"name": "CVE-2025-62199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62199"
},
{
"name": "CVE-2025-62200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62200"
},
{
"name": "CVE-2025-62203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62203"
},
{
"name": "CVE-2025-62202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62202"
},
{
"name": "CVE-2025-62201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62201"
},
{
"name": "CVE-2025-60726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60726"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0995",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62216",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62216"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62199",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62199"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-60726",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60726"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62202",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62202"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62205",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62205"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-60727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60727"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62200",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62200"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62203",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62203"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-60724",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60724"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-60728",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60728"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59240",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59240"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-62201",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62201"
}
]
}
CERTFR-2025-AVI-0878
Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.102.25101223 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 32 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20059 | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Access 2016 (édition 32 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Access 2016 (édition 64 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 64 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.19328.20000 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5522.1000 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.102.25101223 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5522.1000 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.102.25101223",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20059",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.19328.20000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.102.25101223",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5522.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59235"
},
{
"name": "CVE-2025-59227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59227"
},
{
"name": "CVE-2025-59224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59224"
},
{
"name": "CVE-2025-59232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59232"
},
{
"name": "CVE-2025-59223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59223"
},
{
"name": "CVE-2025-59226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59226"
},
{
"name": "CVE-2025-59229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59229"
},
{
"name": "CVE-2025-59225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59225"
},
{
"name": "CVE-2025-59233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59233"
},
{
"name": "CVE-2025-59231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59231"
},
{
"name": "CVE-2025-59236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59236"
},
{
"name": "CVE-2025-59238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59238"
},
{
"name": "CVE-2025-59221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59221"
},
{
"name": "CVE-2025-59243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59243"
},
{
"name": "CVE-2025-59234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59234"
},
{
"name": "CVE-2025-59222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59222"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0878",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59232",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59232"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59229",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59229"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59235",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59235"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59234",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59234"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59222",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59222"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59238",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59238"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59223",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59223"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59226"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59227"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59221"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59243",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59243"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59236",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59236"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59233"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59225",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59225"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59224",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59224"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-59231",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59231"
}
]
}
CERTFR-2025-AVI-0686
Vulnerability from certfr_avis - Published: 2025-08-13 - Updated: 2025-08-13
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.100.25081015 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5513.1000 | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.19127.20000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 sans les derniers correctifs de sécurité pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 sans les derniers correctifs de sécurité pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5513.1000 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5513.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 sans les derniers correctifs de sécurité pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.100.25081015 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 sans les derniers correctifs de sécurité pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office pour applications universelles versions antérieures à 16.0.14326.22618 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5513.1000 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5513.1000 | ||
| Microsoft | Office | Microsoft Office 2019 sans les derniers correctifs de sécurité pour éditions 64 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise sans les derniers correctifs de sécurité pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5513.1000 | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20034 | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 32 bits) versions antérieures à 16.0.5513.1000 | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise sans les derniers correctifs de sécurité pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2024 sans les derniers correctifs de sécurité pour éditions 64 bits | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 64 bits) versions antérieures à 16.0.5513.1000 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.100.25081015",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.19127.20000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 sans les derniers correctifs de s\u00e9curit\u00e9 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 sans les derniers correctifs de s\u00e9curit\u00e9 pour \u00e9ditions 32 bits ",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 sans les derniers correctifs de s\u00e9curit\u00e9 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.100.25081015",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 sans les derniers correctifs de s\u00e9curit\u00e9 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour applications universelles versions ant\u00e9rieures \u00e0 16.0.14326.22618",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 sans les derniers correctifs de s\u00e9curit\u00e9 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise sans les derniers correctifs de s\u00e9curit\u00e9 pour syst\u00e8mes 32 bits ",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20034",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise sans les derniers correctifs de s\u00e9curit\u00e9 pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 sans les derniers correctifs de s\u00e9curit\u00e9 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5513.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53740"
},
{
"name": "CVE-2025-53759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53759"
},
{
"name": "CVE-2025-53735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53735"
},
{
"name": "CVE-2025-53736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53736"
},
{
"name": "CVE-2025-53739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53739"
},
{
"name": "CVE-2025-53741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53741"
},
{
"name": "CVE-2025-53731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53731"
},
{
"name": "CVE-2025-53784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53784"
},
{
"name": "CVE-2025-53737",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53737"
},
{
"name": "CVE-2025-53733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53733"
},
{
"name": "CVE-2025-53761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53761"
},
{
"name": "CVE-2025-53738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53738"
},
{
"name": "CVE-2025-53734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53734"
},
{
"name": "CVE-2025-53766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53766"
},
{
"name": "CVE-2025-53732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53732"
},
{
"name": "CVE-2025-53730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53730"
}
],
"initial_release_date": "2025-08-13T00:00:00",
"last_revision_date": "2025-08-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0686",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53736",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53736"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53734",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53734"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53732",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53732"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53759",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53759"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53761",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53761"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53733",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53733"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53739",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53739"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53741",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53741"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53730",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53730"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53784",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53784"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53766",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53766"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53731"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53737",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53737"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53740",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53735",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53735"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-53738",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53738"
}
]
}
CERTFR-2025-AVI-0498
Vulnerability from certfr_avis - Published: 2025-06-11 - Updated: 2025-06-11
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.98.25060824 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.18925.20000 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.98.25060824 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5504.1000 | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20018 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.98.25060824",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.18925.20000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.98.25060824",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5504.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20018",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32717",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32717"
},
{
"name": "CVE-2025-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47169"
},
{
"name": "CVE-2025-47162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47162"
},
{
"name": "CVE-2025-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47175"
},
{
"name": "CVE-2025-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47171"
},
{
"name": "CVE-2025-47165",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47165"
},
{
"name": "CVE-2025-47164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47164"
},
{
"name": "CVE-2025-47174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47174"
},
{
"name": "CVE-2025-47167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47167"
},
{
"name": "CVE-2025-47168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47168"
},
{
"name": "CVE-2025-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47176"
},
{
"name": "CVE-2025-47170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47170"
},
{
"name": "CVE-2025-47173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47173"
},
{
"name": "CVE-2025-47957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47957"
},
{
"name": "CVE-2025-47953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47953"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0498",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47167",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47167"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47162",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47162"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47168",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47168"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47170",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47170"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47957",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47957"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47174",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47174"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47165",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47165"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47953",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47953"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47173",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47173"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47175",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47175"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-32717",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47169",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47169"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47176"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47171",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47171"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-47164",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47164"
}
]
}
CERTFR-2025-AVI-0404
Vulnerability from certfr_avis - Published: 2025-05-14 - Updated: 2025-05-14
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5500.1000 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5500.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5500.1001 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5500.1000 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.97.25042725 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.97.25042725 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5500.1000 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5500.1001 | ||
| Microsoft | Office | Microsoft Office pour Universal versions antérieures à 16.0.14326.22502 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5500.1002 | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20010 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5500.1002 | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.18827.20000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.97.25042725",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.97.25042725",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Universal versions ant\u00e9rieures \u00e0 16.0.14326.22502",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1002",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20010",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5500.1002",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.18827.20000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32704"
},
{
"name": "CVE-2025-30377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30377"
},
{
"name": "CVE-2025-29979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29979"
},
{
"name": "CVE-2025-30381",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30381"
},
{
"name": "CVE-2025-29977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29977"
},
{
"name": "CVE-2025-30386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30386"
},
{
"name": "CVE-2025-29978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29978"
},
{
"name": "CVE-2025-30376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30376"
},
{
"name": "CVE-2025-30379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30379"
},
{
"name": "CVE-2025-32705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32705"
},
{
"name": "CVE-2025-30375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30375"
},
{
"name": "CVE-2025-30393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30393"
},
{
"name": "CVE-2025-30388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30388"
},
{
"name": "CVE-2025-30383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30383"
}
],
"initial_release_date": "2025-05-14T00:00:00",
"last_revision_date": "2025-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30375",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30375"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30377",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30377"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30379",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30379"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30381",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30381"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29979",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29979"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30393",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30393"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29978",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29978"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29977"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30383",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30383"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-32704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32704"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30386",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30386"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-32705",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32705"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30388",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30388"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-30376",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30376"
}
]
}
CERTFR-2025-AVI-0287
Vulnerability from certfr_avis - Published: 2025-04-09 - Updated: 2025-04-09
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft OneNote pour Mac versions antérieures à 16.96.25033028 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft OneNote 2016 (édition 64 bits) versions antérieures à 16.0.5495.1001 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 | ||
| Microsoft | Office | Microsoft Access 2016 (édition 64 bits) versions antérieures à 16.0.5495.1000 | ||
| Microsoft | Office | Microsoft OneNote 2016 (édition 32 bits) versions antérieures à 16.0.5495.1001 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Access 2016 (édition 32 bits) versions antérieures à 16.0.5495.1000 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5495.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5495.1000 | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10417.20003 | ||
| Microsoft | Office | Microsoft Office pour Universal versions antérieures à 16.0.14326.22331 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5495.1000 | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.18730.20000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5495.1002 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5495.1002 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5495.1000 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5495.1002 | ||
| Microsoft | Office | Microsoft Outlook pour Android versions antérieures à 4.2509.0 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5495.1002 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft OneNote pour Mac versions ant\u00e9rieures \u00e0 16.96.25033028",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10417.20003",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Universal versions ant\u00e9rieures \u00e0 16.0.14326.22331",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.18730.20000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1002",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1002",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1002",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook pour Android versions ant\u00e9rieures \u00e0 4.2509.0",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5495.1002",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27749"
},
{
"name": "CVE-2025-27746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27746"
},
{
"name": "CVE-2025-27751",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27751"
},
{
"name": "CVE-2025-27745",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27745"
},
{
"name": "CVE-2025-29816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29816"
},
{
"name": "CVE-2025-29805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29805"
},
{
"name": "CVE-2025-27748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27748"
},
{
"name": "CVE-2025-27747",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27747"
},
{
"name": "CVE-2025-27750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27750"
},
{
"name": "CVE-2025-29823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29823"
},
{
"name": "CVE-2025-29822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29822"
},
{
"name": "CVE-2025-29820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29820"
},
{
"name": "CVE-2025-29792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29792"
},
{
"name": "CVE-2025-27744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27744"
},
{
"name": "CVE-2025-26687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26687"
},
{
"name": "CVE-2025-29791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29791"
},
{
"name": "CVE-2025-27752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27752"
},
{
"name": "CVE-2025-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26642"
}
],
"initial_release_date": "2025-04-09T00:00:00",
"last_revision_date": "2025-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0287",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29816"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29820",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29820"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27749",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27749"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27744",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27744"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27751",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27751"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27752",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27752"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27746",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27746"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29822",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29822"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27747",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27747"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29823",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29823"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-26687",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26687"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-26642",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26642"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29792",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29792"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29791",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29791"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27745",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27745"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27748",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27748"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-27750",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27750"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-29805",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29805"
}
]
}
CERTFR-2025-AVI-0231
Vulnerability from certfr_avis - Published: 2025-03-21 - Updated: 2025-03-21
Une vulnérabilité a été découverte dans Microsoft Office. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.95.25030928 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.95.25030928 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5491.1001 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5491.1001 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.95.25030928",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.95.25030928",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5491.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5491.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24057"
}
],
"initial_release_date": "2025-03-21T00:00:00",
"last_revision_date": "2025-03-21T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0231",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Office. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-24057",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24057"
}
]
}
CERTFR-2025-AVI-0038
Vulnerability from certfr_avis - Published: 2025-01-15 - Updated: 2025-01-15
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office pour Mac versions antérieures à 16.93.25011212 | ||
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10416.20047 | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) versions antérieures à 16.0.5483.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Access 2016 (édition 32 bits) versions antérieures à 16.0.5483.1001 | ||
| Microsoft | Office | Microsoft Outlook pour Mac versions antérieures à 16.93 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5483.1000 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5483.1001 | ||
| Microsoft | Office | Microsoft Office pour iOS versions antérieures à 2.93.24123014 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5483.1001 | ||
| Microsoft | Office | Microsoft Office pour Universal versions antérieures à 16.0.14326.22175 | ||
| Microsoft | Office | Microsoft Access 2016 (édition 64 bits) versions antérieures à 16.0.5483.1001 | ||
| Microsoft | Office | Microsoft Office pour Android versions antérieures à 16.0.18429.20000 | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.93.25011212 | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) versions antérieures à 16.0.5483.1000 | ||
| Microsoft | Office | Microsoft OneNote pour Mac versions antérieures à 16.92.24120731 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5483.1000 | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.93.25011212 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Mac versions ant\u00e9rieures \u00e0 16.93.25011212",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10416.20047",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook pour Mac versions ant\u00e9rieures \u00e0 16.93",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour iOS versions ant\u00e9rieures \u00e0 2.93.24123014",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Universal versions ant\u00e9rieures \u00e0 16.0.14326.22175",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Android versions ant\u00e9rieures \u00e0 16.0.18429.20000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.93.25011212",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote pour Mac versions ant\u00e9rieures \u00e0 16.92.24120731",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5483.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.93.25011212",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-21395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21395"
},
{
"name": "CVE-2025-21361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21361"
},
{
"name": "CVE-2025-21357",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21357"
},
{
"name": "CVE-2025-21186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21186"
},
{
"name": "CVE-2025-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21346"
},
{
"name": "CVE-2025-21362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21362"
},
{
"name": "CVE-2025-21338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21338"
},
{
"name": "CVE-2025-21354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21354"
},
{
"name": "CVE-2025-21363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21363"
},
{
"name": "CVE-2025-21364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21364"
},
{
"name": "CVE-2025-21402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21402"
},
{
"name": "CVE-2025-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21345"
},
{
"name": "CVE-2025-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21365"
},
{
"name": "CVE-2025-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21366"
},
{
"name": "CVE-2025-21356",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21356"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0038",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21357",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21357"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21186",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21186"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21356",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21356"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21354",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21354"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21402",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21402"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21395",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21395"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21345",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21345"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21338",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21338"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21346",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21346"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21366",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21366"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21363",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21363"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21361",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21361"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21365",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21365"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21364",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21364"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2025-21362",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21362"
}
]
}
CERTFR-2024-AVI-0974
Vulnerability from certfr_avis - Published: 2024-11-13 - Updated: 2024-11-13
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2024 versions antérieures à 16.91.24111020 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5474.1000 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Excel 2016 Click-to-Run (C2R) pour éditions 32 bits versions antérieures à 16.0.5474.1001 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.91.24111020 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5474.1001 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5474.1000 | ||
| Microsoft | Office | Microsoft Office Online Server versions antérieures à 16.0.10416.20007 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Excel 2016 Click-to-Run (C2R) pour éditions 64 bits versions antérieures à 16.0.5474.1001 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) versions antérieures à 16.0.5474.1000 | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) versions antérieures à 16.0.5474.1000 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5474.1001 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2024 versions ant\u00e9rieures \u00e0 16.91.24111020",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5474.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 Click-to-Run (C2R) pour \u00e9ditions 32 bits versions ant\u00e9rieures \u00e0 16.0.5474.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.91.24111020",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5474.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5474.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Online Server versions ant\u00e9rieures \u00e0 16.0.10416.20007",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 Click-to-Run (C2R) pour \u00e9ditions 64 bits versions ant\u00e9rieures \u00e0 16.0.5474.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5474.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5474.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5474.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-49029",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49029"
},
{
"name": "CVE-2024-49028",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49028"
},
{
"name": "CVE-2024-49033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49033"
},
{
"name": "CVE-2024-49032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49032"
},
{
"name": "CVE-2024-49031",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49031"
},
{
"name": "CVE-2024-49026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49026"
},
{
"name": "CVE-2024-49030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49030"
},
{
"name": "CVE-2024-49027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49027"
}
],
"initial_release_date": "2024-11-13T00:00:00",
"last_revision_date": "2024-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0974",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49026",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49026"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49027",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49027"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49028",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49028"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49029",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49029"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49032",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49033",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49033"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-49031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031"
}
]
}
CERTFR-2024-AVI-0853
Vulnerability from certfr_avis - Published: 2024-10-09 - Updated: 2024-10-09
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | N/A | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5469.1000 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) versions antérieures à 16.0.5469.1001 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 64 bits | ||
| Microsoft | N/A | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5469.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2024 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) versions antérieures à 16.0.5469.1001 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | N/A | Microsoft Outlook pour Android versions antérieures à 4.2435.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5469.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5469.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5469.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2024 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5469.1001",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook pour Android versions ant\u00e9rieures \u00e0 4.2435.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43609"
},
{
"name": "CVE-2024-43604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43604"
},
{
"name": "CVE-2024-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43505"
},
{
"name": "CVE-2024-43576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43576"
},
{
"name": "CVE-2024-43504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43504"
},
{
"name": "CVE-2024-43616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43616"
}
],
"initial_release_date": "2024-10-09T00:00:00",
"last_revision_date": "2024-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0853",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Office. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-43576",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43576"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-43505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43505"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-43504",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43504"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-43604",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43604"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-43609",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43609"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office CVE-2024-43616",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43616"
}
]
}
CERTFR-2024-AVI-0399
Vulnerability from certfr_avis - Published: 2024-05-15 - Updated: 2024-05-15
Une vulnérabilité a été découverte dans Microsoft Office. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Office Online Server versions antérieures à 16.0.10410.20003 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) versions antérieures à 16.0.5448.1000 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 versions antérieures à 16.85.24051214 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) versions antérieures à 16.0.5448.1000 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Office Online Server versions ant\u00e9rieures \u00e0 16.0.10410.20003",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits) versions ant\u00e9rieures \u00e0 16.0.5448.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021 versions ant\u00e9rieures \u00e0 16.85.24051214",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits) versions ant\u00e9rieures \u00e0 16.0.5448.1000",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-30042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30042"
}
],
"initial_release_date": "2024-05-15T00:00:00",
"last_revision_date": "2024-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0399",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nOffice\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30042 du 14 mai 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30042"
}
]
}
CERTFR-2024-AVI-0288
Vulnerability from certfr_avis - Published: 2024-04-10 - Updated: 2024-04-10
Une vulnérabilité a été découverte dans Microsoft Office. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-26257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26257"
}
],
"initial_release_date": "2024-04-10T00:00:00",
"last_revision_date": "2024-04-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26257 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26257"
}
],
"reference": "CERTFR-2024-AVI-0288",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nOffice\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office du 09 avril 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0204
Vulnerability from certfr_avis - Published: 2024-03-13 - Updated: 2024-03-13
De multiples vulnérabilités ont été découvertes dans Microsoft Office. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook pour Android versions ant\u00e9rieures \u00e0 4.2404.0",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-26204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26204"
},
{
"name": "CVE-2024-26199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26199"
}
],
"initial_release_date": "2024-03-13T00:00:00",
"last_revision_date": "2024-03-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26199 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26204 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26204"
}
],
"reference": "CERTFR-2024-AVI-0204",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Office du 12 mars 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0127
Vulnerability from certfr_avis - Published: 2024-02-14 - Updated: 2024-02-14
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft 365 Apps | ||
| Microsoft | Office | Microsoft Word 2016 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 | ||
| Microsoft | Office | Microsoft PowerPoint 2016 | ||
| Microsoft | Office | Microsoft Office 2019 | ||
| Microsoft | Office | Microsoft Outlook 2016 | ||
| Microsoft | Office | Microsoft Excel 2016 | ||
| Microsoft | Office | Microsoft Office 2016 | ||
| Microsoft | Office | Microsoft Publisher 2016 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft 365 Apps",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21413"
},
{
"name": "CVE-2024-20673",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20673"
},
{
"name": "CVE-2024-21384",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21384"
},
{
"name": "CVE-2024-21379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21379"
},
{
"name": "CVE-2024-21378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21378"
},
{
"name": "CVE-2024-21402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21402"
}
],
"initial_release_date": "2024-02-14T00:00:00",
"last_revision_date": "2024-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21378 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21379 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21384 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21384"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21413 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20673 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21402 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402"
}
],
"reference": "CERTFR-2024-AVI-0127",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2024-AVI-0020
Vulnerability from certfr_avis - Published: 2024-01-10 - Updated: 2024-01-10
Une vulnérabilité a été corrigée dans Microsoft Office. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20677"
}
],
"initial_release_date": "2024-01-10T00:00:00",
"last_revision_date": "2024-01-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20677 du 09 janvier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677"
}
],
"reference": "CERTFR-2024-AVI-0020",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nOffice\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2024",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-1022
Vulnerability from certfr_avis - Published: 2023-12-13 - Updated: 2023-12-13
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une usurpation d'identité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35636"
},
{
"name": "CVE-2023-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36009"
},
{
"name": "CVE-2023-35619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35619"
}
],
"initial_release_date": "2023-12-13T00:00:00",
"last_revision_date": "2023-12-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35619 du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35619"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35636 du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36009 du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36009"
}
],
"reference": "CERTFR-2023-AVI-1022",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0943
Vulnerability from certfr_avis - Published: 2023-11-15 - Updated: 2023-11-15
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Server Subscription Edition | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36413"
},
{
"name": "CVE-2023-36045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36045"
},
{
"name": "CVE-2023-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38177"
},
{
"name": "CVE-2023-36041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36041"
},
{
"name": "CVE-2023-36037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36037"
}
],
"initial_release_date": "2023-11-15T00:00:00",
"last_revision_date": "2023-11-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36045 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36045"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36041 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36041"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36037 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36037"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38177 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38177"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36413 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36413"
}
],
"reference": "CERTFR-2023-AVI-0943",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une\nex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0826
Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-11
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office pour Android | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Office pour Universal |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office pour Android",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Universal",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36565"
},
{
"name": "CVE-2023-36568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36568"
},
{
"name": "CVE-2023-36569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36569"
}
],
"initial_release_date": "2023-10-11T00:00:00",
"last_revision_date": "2023-10-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36565 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36569 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36568 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568"
}
],
"reference": "CERTFR-2023-AVI-0826",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0739
Vulnerability from certfr_avis - Published: 2023-09-13 - Updated: 2023-09-13
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
L'éditeur indique que la vulnérabilité CVE-2023-36761 est exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office Online Server | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 32 bits) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36761"
},
{
"name": "CVE-2023-41764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41764"
},
{
"name": "CVE-2023-36765",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36765"
},
{
"name": "CVE-2023-36762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36762"
},
{
"name": "CVE-2023-36767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36767"
},
{
"name": "CVE-2023-36763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36763"
},
{
"name": "CVE-2023-36766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36766"
}
],
"initial_release_date": "2023-09-13T00:00:00",
"last_revision_date": "2023-09-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36762 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36763 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36761 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36766 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36766"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36765 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36767 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36767"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41764 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41764"
}
],
"reference": "CERTFR-2023-AVI-0739",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une\nusurpation d\u0027identit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n\nL\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9\n[CVE-2023-36761](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761)\nest exploit\u00e9e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0657
Vulnerability from certfr_avis - Published: 2023-08-16 - Updated: 2023-08-16
Une vulnérabilité a été découverte dans Microsoft Office et OneNote. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft OneNote 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft | Office | Microsoft Office 2019 for 64-bit editions | ||
| Microsoft | Office | Microsoft Office LTSC 2021 for 64-bit editions | ||
| Microsoft | Office | Microsoft OneNote 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft | Office | Microsoft OneNote 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft OneNote 2016 (64-bit edition) | ||
| Microsoft | Office | Microsoft Office LTSC 2021 for 32-bit editions | ||
| Microsoft | Office | Microsoft OneNote 2016 (32-bit edition) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft OneNote 2013 Service Pack 1 (32-bit editions)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 for 64-bit editions",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 for 64-bit editions",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote 2013 Service Pack 1 (64-bit editions)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote 2016 (64-bit edition)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 for 32-bit editions",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote 2016 (32-bit edition)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36769"
}
],
"initial_release_date": "2023-08-16T00:00:00",
"last_revision_date": "2023-08-16T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0657",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Office et OneNote.\nElle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Office et OneNote",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36769 du 15 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36769"
}
]
}
CERTFR-2023-AVI-0641
Vulnerability from certfr_avis - Published: 2023-08-09 - Updated: 2023-08-09
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office Online Server | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 RT Service Pack 1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36893"
},
{
"name": "CVE-2023-36865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36865"
},
{
"name": "CVE-2023-35371",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35371"
},
{
"name": "CVE-2023-36896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36896"
},
{
"name": "CVE-2023-35372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35372"
},
{
"name": "CVE-2023-36895",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36895"
},
{
"name": "CVE-2023-36866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36866"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36895 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36895"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36893 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36893"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35371 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36896 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36896"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35372 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36866 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36865 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865"
}
],
"reference": "CERTFR-2023-AVI-0641",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0645
Vulnerability from certfr_avis - Published: 2023-08-09 - Updated: 2023-08-09
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges, une usurpation d'identité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur Linux | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Teams pour Android | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur Linux | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 5) | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft | N/A | Microsoft Teams pour iOS | ||
| Microsoft | N/A | HEVC Video Extensions | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 21) | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | Office | Microsoft Visual Studio 2010 Tools pour Office Runtime | ||
| Microsoft | N/A | HEVC Video Extension | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2023 Release Wave 1 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur MacOS | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Teams pour Desktop | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server | ||
| Microsoft | N/A | Microsoft Teams pour Mac | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur MacOS |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 5)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 21)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2010 Tools pour Office Runtime",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour Desktop",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35390"
},
{
"name": "CVE-2023-35368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35368"
},
{
"name": "CVE-2023-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38167"
},
{
"name": "CVE-2023-35388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35388"
},
{
"name": "CVE-2023-36891",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36891"
},
{
"name": "CVE-2023-38170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38170"
},
{
"name": "CVE-2023-36892",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36892"
},
{
"name": "CVE-2023-29328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29328"
},
{
"name": "CVE-2023-21709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21709"
},
{
"name": "CVE-2023-38180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38180"
},
{
"name": "CVE-2023-38185",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38185"
},
{
"name": "CVE-2023-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38178"
},
{
"name": "CVE-2023-35389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35389"
},
{
"name": "CVE-2023-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38181"
},
{
"name": "CVE-2023-38169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38169"
},
{
"name": "CVE-2023-36890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36890"
},
{
"name": "CVE-2023-29330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29330"
},
{
"name": "CVE-2023-36897",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36897"
},
{
"name": "CVE-2023-35391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35391"
},
{
"name": "CVE-2023-36894",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36894"
},
{
"name": "CVE-2023-38182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38182"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35388 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38185 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29330 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38180 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38181 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35390 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36891 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36890 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38182 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35389 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35389"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29328 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29328"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35368 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36894 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36892 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21709 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35391 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38169 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38170 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38170"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38167 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36897 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38178 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178"
}
],
"reference": "CERTFR-2023-AVI-0645",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une \u00e9l\u00e9vation de privil\u00e8ges,\nune usurpation d\u0027identit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0532
Vulnerability from certfr_avis - Published: 2023-07-12 - Updated: 2023-07-13
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2013 Click-to-Run (C2R) pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2013 Click-to-Run (C2R) pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office pour Universal | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office Online Server | ||
| Microsoft | Office | Microsoft SharePoint Server Subscription Edition | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 RT Service Pack 1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Click-to-Run (C2R) pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Click-to-Run (C2R) pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Universal",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-33151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33151"
},
{
"name": "CVE-2023-33148",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33148"
},
{
"name": "CVE-2023-33160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33160"
},
{
"name": "CVE-2023-33150",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33150"
},
{
"name": "CVE-2023-33162",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33162"
},
{
"name": "CVE-2023-35311",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35311"
},
{
"name": "CVE-2023-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33134"
},
{
"name": "CVE-2023-33157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33157"
},
{
"name": "CVE-2023-33152",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33152"
},
{
"name": "CVE-2023-33159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33159"
},
{
"name": "CVE-2023-33149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33149"
},
{
"name": "CVE-2023-33158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33158"
},
{
"name": "CVE-2023-33161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33161"
},
{
"name": "CVE-2023-33165",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33165"
},
{
"name": "CVE-2023-33153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33153"
}
],
"initial_release_date": "2023-07-12T00:00:00",
"last_revision_date": "2023-07-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33153 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33153"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33160 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33160"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33165 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33165"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33134 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33151 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33151"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33162 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33162"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33152 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33152"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33148 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33148"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33157 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33158 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33158"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33150 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33150"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33161 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33161"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35311 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33149 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33149"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33159 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159"
}
],
"reference": "CERTFR-2023-AVI-0532",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-12T00:00:00.000000"
},
{
"description": "Correction de l\u0027identifiant de l\u0027avis.",
"revision_date": "2023-07-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"url": null
}
]
}
CERTFR-2023-AVI-0461
Vulnerability from certfr_avis - Published: 2023-06-14 - Updated: 2023-06-14
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer un déni de service, une usurpation d'identité, une exécution de code à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft OneNote pour Universal | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office Online Server | ||
| Microsoft | Office | Microsoft SharePoint Server Subscription Edition | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 | ||
| Microsoft | Office | Microsoft Outlook 2013 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 RT Service Pack 1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OneNote pour Universal",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-33131",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33131"
},
{
"name": "CVE-2023-29357",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29357"
},
{
"name": "CVE-2023-33137",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33137"
},
{
"name": "CVE-2023-33132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33132"
},
{
"name": "CVE-2023-33133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33133"
},
{
"name": "CVE-2023-33130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33130"
},
{
"name": "CVE-2023-33129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33129"
},
{
"name": "CVE-2023-33146",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33146"
},
{
"name": "CVE-2023-33140",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33140"
},
{
"name": "CVE-2023-32029",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32029"
},
{
"name": "CVE-2023-33142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33142"
}
],
"initial_release_date": "2023-06-14T00:00:00",
"last_revision_date": "2023-06-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33140 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-32029 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32029"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29357 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33131 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33131"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33129 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33142 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33146 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33130 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33137 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33137"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33133 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33133"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33132 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132"
}
],
"reference": "CERTFR-2023-AVI-0461",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service, une usurpation d\u0027identit\u00e9, une\nex\u00e9cution de code \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0372
Vulnerability from certfr_avis - Published: 2023-05-10 - Updated: 2023-05-10
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une usurpation d'identité, un déni de service, une exécution de code à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office LTSC pour Mac 2021 | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office Online Server | ||
| Microsoft | Office | Microsoft SharePoint Server Subscription Edition | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Word 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC pour Mac 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29333"
},
{
"name": "CVE-2023-24950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24950"
},
{
"name": "CVE-2023-24953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24953"
},
{
"name": "CVE-2023-24955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24955"
},
{
"name": "CVE-2023-29344",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29344"
},
{
"name": "CVE-2023-29335",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29335"
},
{
"name": "CVE-2023-24954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24954"
}
],
"initial_release_date": "2023-05-10T00:00:00",
"last_revision_date": "2023-05-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24953 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29344 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29344"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29333 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24955 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24954 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24950 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29335 du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335"
}
],
"reference": "CERTFR-2023-AVI-0372",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une\nusurpation d\u0027identit\u00e9, un d\u00e9ni de service, une ex\u00e9cution de code \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2024-ALE-005
Vulnerability from certfr_alerte - Published: 2024-02-15 - Updated: 2024-04-15
[Mise à jour du 15 mars 2024] Ajout de précision concernant les défi-réponses NTLM
[Mise à jour du 22 février 2024] Ajout de recommandations et de précisions sur le fonctionnement de la vulnérabilité.
La vulnérabilité CVE-2024-21413 permet à un attaquant de contourner les mesures de sécurité de la suite Office, dont la solution de messagerie Outlook. Plus précisément, son exploitation permet de contourner certaines mesures de sécurité de la suite Office qui empêchent l'accès à une ressource externe sans validation de l'utilisateur.
Ainsi, en utilisant un lien malveillant dans un courriel, un attaquant est en mesure :
- d'obtenir la réponse à un défi-réponse lié à l'authentification de l'utilisateur, par exemple via le protocole SMB. Ce défi-réponse dépend de la configuration système et est communément au format NTLMv2. Ce comportement combiné à une attaque de type "relais NTLM" permettrait à un attaque de réaliser une coercition d'authentification.
- si la cible du lien est un document Office, de provoquer l'ouverture du document sans que le mode protégé de Microsoft Office ne soit activé, permettant in fine une exécution de code arbitraire à distance.
[Publication initiale]
Le 13 février 2024, Microsoft a publié un correctif pour la
vulnérabilité CVE-2024-21413 affectant le
produit Outlook pour Windows.
Elle permet à un attaquant non authentifié de divulguer le condensat
NTLM (new technology LAN manager) local et potentiellement
une exécution de code arbitraire à distance.
Son exploitation nécessite une intervention de l'utilisateur.
Une preuve de concept partielle ainsi qu'un descriptif de la vulnérabilité ont été publiés par le chercheur auteur de sa découverte.
Le CERT-FR n'a pas connaissance d'exploitation pour le moment. En fonction de l'évolution de la situation, cette alerte est susceptible d'être mise à jour.
Solution
[Mise à jour du 15 mars 2024] Ajout de précision concernant les défi-réponses NTLM
[Mise à jour du 22 février 2024] Ajout de recommandations.
Afin de prévenir l'exploitation à distance de cette vulnérabilité, le CERT-FR recommande:
- D’appliquer la mise à jour fournie par Microsoft dans les meilleurs délais. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- De limiter l'utilisation de NTLMv2 et d'activer les mesures de protection contre les attaques relais préconisées par l'éditeur [2] ainsi que les recommandations (R71 à R77) relatives à l'administration sécurisée des systèmes d'information reposant sur microsoft active directory [3]
- D'interdire les flux SMB en sortie du système d'information (TCP/445). Cette règle s'impose également aux postes nomades, dont les flux doivent être sécurisés.
- De détecter des liens malveillants dans les courriels reçus, par exemple en utilisant une expression régulière (voir la règle Yara [1]). Le CERT-FR n'est pas en mesure de garantir les résultats obtenus par cette règle de détection, qui devront donc être qualifiés.
[Publication initiale]
Le CERT-FR recommande fortement d’appliquer la mise à jour fournie par Microsoft. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
La vulnérabilité affecte en particulier Microsoft Outlook qui est inclus dans la suite Microsoft Office. L'interface OWA (Outlook Web Application), version web de la messagerie Outlook, n’est pas affectée par cette vulnérabilité selon l’éditeur.
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office LTSC 2021",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "\u003cp\u003eLa vuln\u00e9rabilit\u00e9 affecte en particulier Microsoft Outlook qui est inclus dans la suite Microsoft Office. L\u0027interface \u003cspan class=\"mx_EventTile_body\" dir=\"auto\"\u003eOWA (Outlook Web Application), version web de la messagerie Outlook, n\u2019est pas affect\u00e9e par cette vuln\u00e9rabilit\u00e9 selon l\u2019\u00e9diteur. \u003c/span\u003e\u003c/p\u003e ",
"closed_at": "2024-04-15",
"content": "## Solution\n\n\u003cspan style=\"color: red;\"\u003e**\\[Mise \u00e0 jour du 15 mars 2024\\] Ajout de\npr\u00e9cision concernant les d\u00e9fi-r\u00e9ponses NTLM**\u003c/span\u003e\n\n**\\[Mise \u00e0 jour du 22 f\u00e9vrier 2024\\] Ajout de\nrecommandations.**\n\nAfin de pr\u00e9venir l\u0027exploitation \u00e0 distance de cette vuln\u00e9rabilit\u00e9, le\nCERT-FR recommande:\n\n- D\u2019appliquer la mise \u00e0 jour fournie par Microsoft dans les meilleurs\n d\u00e9lais. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\n l\u0027obtention des correctifs (cf. section Documentation).\n- De limiter l\u0027utilisation de NTLMv2 et d\u0027activer les mesures de\n protection contre les attaques relais pr\u00e9conis\u00e9es par l\u0027\u00e9diteur\n \\[2\\] ainsi que les recommandations (R71 \u00e0 R77) relatives \u00e0\n l\u0027administration s\u00e9curis\u00e9e des syst\u00e8mes d\u0027information reposant sur\n microsoft active directory \\[3\\]\n- D\u0027interdire les flux SMB \u003cspan\n style=\"text-decoration: underline;\"\u003een sortie du syst\u00e8me\n d\u0027information\u003c/span\u003e (TCP/445). Cette r\u00e8gle s\u0027impose \u00e9galement aux\n postes nomades, dont les flux doivent \u00eatre s\u00e9curis\u00e9s.\n- De d\u00e9tecter des liens malveillants dans les courriels re\u00e7us, par\n exemple en utilisant une expression r\u00e9guli\u00e8re (voir la r\u00e8gle Yara\n \\[1\\]). Le CERT-FR n\u0027est pas en mesure de garantir les r\u00e9sultats\n obtenus par cette r\u00e8gle de d\u00e9tection, qui devront donc \u00eatre\n qualifi\u00e9s.\n\n**\\[Publication initiale\\]**\n\nLe CERT-FR recommande fortement d\u2019appliquer la mise \u00e0 jour fournie par\nMicrosoft. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21413"
}
],
"initial_release_date": "2024-02-15T00:00:00",
"last_revision_date": "2024-04-15T00:00:00",
"links": [
{
"title": "[1] R\u00e8gle Yara de d\u00e9tection de la vuln\u00e9rabilit\u00e9 CVE-2024-21413 propos\u00e9e par X__Junior et Florian Roth",
"url": "https://github.com/Neo23x0/signature-base/blob/master/yara/expl_outlook_cve_2024_21413.yar"
},
{
"title": "Avis CERTFR-2024-AVI-0127 du 14 f\u00e9vrier 2024",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0127/"
},
{
"title": "[2] Base de connaissance Microsoft",
"url": "https://support.microsoft.com/fr-fr/topic/kb5005413-att%C3%A9nuation-des-attaques-de-relais-ntlm-sur-les-services-de-certificats-active-directory-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429"
},
{
"title": "[3] Recommandations relatives \u00e0 l\u0027administration s\u00e9curis\u00e9e des syst\u00e8mes d\u0027information reposant sur microsoft active directory. Document ANSSI-PA-099 version 1.0 du 02 octobre 2023",
"url": "https://cyber.gouv.fr/publications/recommandations-pour-ladministration-securisee-des-si-reposant-sur-ad"
}
],
"reference": "CERTFR-2024-ALE-005",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-15T00:00:00.000000"
},
{
"description": "Ajout de recommandations et de pr\u00e9cisions sur le fonctionnement de la vuln\u00e9rabilit\u00e9",
"revision_date": "2024-02-22T00:00:00.000000"
},
{
"description": "Ajout de recommandations concernant l\u0027utilisation de NTLM",
"revision_date": "2024-03-15T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2024-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "\u003cspan style=\"color: red;\"\u003e\u003cstrong\u003e\\[Mise \u00e0 jour du 15 mars 2024\\] Ajout de\npr\u00e9cision concernant les d\u00e9fi-r\u00e9ponses NTLM\u003c/strong\u003e\u003c/span\u003e\n\n\u003cstrong\u003e\\[Mise \u00e0 jour du 22 f\u00e9vrier 2024\\] \u003cspan\nclass=\"mx_EventTile_body markdown-body\" dir=\"auto\"\u003eAjout de\nrecommandations et de pr\u00e9cisions sur le fonctionnement de la\nvuln\u00e9rabilit\u00e9.\u003c/span\u003e\u003c/strong\u003e\n\nLa vuln\u00e9rabilit\u00e9 CVE-2024-21413 permet \u00e0 un attaquant de contourner les\nmesures de s\u00e9curit\u00e9 de la suite Office, dont la solution de messagerie\nOutlook. Plus pr\u00e9cis\u00e9ment, son exploitation permet de contourner\ncertaines mesures de s\u00e9curit\u00e9 de la suite Office qui emp\u00eachent l\u0027acc\u00e8s \u00e0\nune ressource externe sans validation de l\u0027utilisateur.\n\nAinsi, en utilisant un lien malveillant dans un courriel, un attaquant\nest en mesure :\n\n- d\u0027obtenir la r\u00e9ponse \u00e0 un d\u00e9fi-r\u00e9ponse li\u00e9 \u00e0 l\u0027authentification de\n l\u0027utilisateur, par exemple *via* le protocole SMB. Ce d\u00e9fi-r\u00e9ponse\n d\u00e9pend de la configuration syst\u00e8me et est commun\u00e9ment au format\n NTLMv2. Ce comportement combin\u00e9 \u00e0 une attaque de type \"relais NTLM\"\n permettrait \u00e0 un attaque de r\u00e9aliser une coercition\n d\u0027authentification.\n- si la cible du lien est un document Office, de provoquer l\u0027ouverture\n du document sans que le mode prot\u00e9g\u00e9 de Microsoft Office ne soit\n activ\u00e9, permettant *in fine* une ex\u00e9cution de code arbitraire \u00e0\n distance.\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLe 13 f\u00e9vrier 2024, Microsoft a publi\u00e9 un correctif pour la\nvuln\u00e9rabilit\u00e9 \u003cspan class=\"css-200\"\u003eCVE-2024-21413\u003c/span\u003e affectant le\nproduit Outlook pour Windows. \nElle permet \u00e0 un attaquant non authentifi\u00e9 \u003cspan\nclass=\"mx_EventTile_body\" dir=\"auto\"\u003ede divulguer le condensat\n\u003c/span\u003e*NTLM* (*new technology LAN manager*) local et potentiellement\nune ex\u00e9cution de code arbitraire \u00e0 distance. \nSon exploitation n\u00e9cessite une intervention de l\u0027utilisateur.\n\nUne preuve de concept partielle ainsi qu\u0027un descriptif de la\nvuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 publi\u00e9s par le chercheur auteur de sa d\u00e9couverte.\n\nLe CERT-FR n\u0027a pas connaissance d\u0027exploitation pour le moment. En\nfonction de l\u0027\u00e9volution de la situation, cette alerte est susceptible\nd\u0027\u00eatre mise \u00e0 jour.\n",
"title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook",
"vendor_advisories": [
{
"published_at": "2024-02-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413"
}
]
}
CERTFR-2023-ALE-006
Vulnerability from certfr_alerte - Published: 2023-12-12 - Updated: 2023-12-12
Description de la vulnérabilité
Dans le cadre de son Patch Tuesday, en date du 11 juillet 2023, Microsoft a indiqué l'existence d'une vulnérabilité référencée CVE-2023-36884 [1] au sein de plusieurs versions de Windows et produits Office. Un score CVSSv3 de 8.3 lui a été attribué.
L'éditeur confirme qu'elle est activement exploitée de façon ciblée [2].
La vulnérabilité CVE-2023-36884 permet à un attaquant d'exécuter du code arbitraire à distance dans le contexte utilisateur à l'aide d'un document Microsoft Office spécialement conçu, préalablement transmis à l'aide de technique d'ingénierie sociale.
Le CERT-FR recommande fortement de mettre en œuvre les moyens d'atténuation proposés par l'éditeur en attendant la publication d'un correctif.
Cette alerte sera mise à jour de façon régulière au gré des nouveaux éléments qui nous seront communiqués.
Campagne d'exploitation
La CVE-2023-36884 aurait été exploitée, d’après Microsoft [4], par le mode opératoire Storm-0978 lors d’une campagne en juin 2023 contre des entités gouvernementales et du secteur de la défense européennes et nord-américaines à des fins d’espionnage. Le code malveillant utilisé par les attaquants suite à l’exploitation de cette vulnérabilité, présenterait des similarités avec la porte dérobée RomCom.
RomCom est un code malveillant découvert en août 2022 par PaloAlto [5], qui aurait été utilisé depuis octobre 2022 dans des campagnes d’espionnage contre des entités gouvernementales et militaires ukrainiennes ([6], [7]), et des entités des secteurs du gouvernement, de la défense, de la santé, des services numériques et de la logistique dans certains pays d’Europe et d’Amérique du Nord ([7], [8], [9], [10], [11], [4]).
Le code malveillant RomCom a été associé au groupe cybercriminel Cuba par plusieurs éditeurs de sécurité [5], [12]. Cuba est notamment connu pour avoir revendiqué l’attaque par rançongiciel contre le gouvernement du Monténégro en août 2022 [13].
Contournement provisoire
L'éditeur fournit un ensemble de mesures d’atténuation visant à limiter son exploitation. [1] [3]
Solution
Les mises à jour publiées par l'éditeur en août 2023 corrigent cette vulnérabilité [1].
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2022 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 64 bits | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 | ||
| Microsoft | Office | Microsoft Office LTSC 2021 pour éditions 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes x64 | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | N/A | Microsoft Word 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | N/A | Microsoft Word 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Word 2016 (édition 32 bits) | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes x64 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office LTSC 2021 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2023-12-12",
"content": "## Contournement provisoire\n\nL\u0027\u00e9diteur fournit un ensemble de mesures d\u2019att\u00e9nuation visant \u00e0 limiter\nson exploitation. \\[1\\] \\[3\\]\n\n## Solution\n\nLes mises \u00e0 jour publi\u00e9es par l\u0027\u00e9diteur en ao\u00fbt 2023 corrigent cette\nvuln\u00e9rabilit\u00e9 \\[1\\].\n",
"cves": [
{
"name": "CVE-2023-36884",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36884"
}
],
"initial_release_date": "2023-12-12T00:00:00",
"last_revision_date": "2023-12-12T00:00:00",
"links": [
{
"title": "[13]",
"url": "https://www.bankinfosecurity.com/cuba-ransomware-gang-takes-credit-for-attacking-montenegro-a-19938"
},
{
"title": "[7]",
"url": "https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/"
},
{
"title": "[9]",
"url": "https://blogs.blackberry.com/en/2023/06/romcom-resurfaces-targeting-ukraine"
},
{
"title": "[2]",
"url": "https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/"
},
{
"title": "[8]",
"url": "https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html"
},
{
"title": "[10]",
"url": "https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit"
},
{
"title": "[12]",
"url": "https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/"
},
{
"title": "[4]",
"url": "https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/"
},
{
"title": "[11]",
"url": "https://cert.gov.ua/article/5077168"
},
{
"title": "[6]",
"url": "https://cert.gov.ua/article/2394117"
},
{
"title": "[1]",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884"
},
{
"title": "[5]",
"url": "https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/"
},
{
"title": "[3]",
"url": "https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes"
}
],
"reference": "CERTFR-2023-ALE-006",
"revisions": [
{
"description": "Correction de la rubrique SOLUTION",
"revision_date": "2023-12-12T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2023-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "### Description de la vuln\u00e9rabilit\u00e9\n\nDans le cadre de son *Patch Tuesday*, en date du 11 juillet 2023,\nMicrosoft a indiqu\u00e9 l\u0027existence d\u0027une vuln\u00e9rabilit\u00e9 r\u00e9f\u00e9renc\u00e9e\nCVE-2023-36884 \\[1\\] au sein de plusieurs versions de Windows et\nproduits Office. Un score CVSSv3 de 8.3 lui a \u00e9t\u00e9 attribu\u00e9.\n\nL\u0027\u00e9diteur confirme qu\u0027elle est activement exploit\u00e9e de fa\u00e7on cibl\u00e9e\n\\[2\\].\n\nLa vuln\u00e9rabilit\u00e9 CVE-2023-36884 permet \u00e0 un attaquant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance dans le contexte utilisateur \u00e0 l\u0027aide d\u0027un\ndocument Microsoft Office sp\u00e9cialement con\u00e7u, pr\u00e9alablement transmis \u00e0\nl\u0027aide de technique d\u0027ing\u00e9nierie sociale.\n\nLe CERT-FR recommande fortement de mettre en \u0153uvre les moyens\nd\u0027att\u00e9nuation propos\u00e9s par l\u0027\u00e9diteur en attendant la publication d\u0027un\ncorrectif.\n\nCette alerte sera mise \u00e0 jour de fa\u00e7on r\u00e9guli\u00e8re au gr\u00e9 des nouveaux\n\u00e9l\u00e9ments qui nous seront communiqu\u00e9s.\n\n\u00a0\n\n### Campagne d\u0027exploitation\n\nLa CVE-2023-36884 aurait \u00e9t\u00e9 exploit\u00e9e, d\u2019apr\u00e8s Microsoft \\[4\\], par le\nmode op\u00e9ratoire Storm-0978 lors d\u2019une campagne en juin 2023 contre des\nentit\u00e9s gouvernementales et du secteur de la d\u00e9fense europ\u00e9ennes et\nnord-am\u00e9ricaines \u00e0 des fins d\u2019espionnage. Le code malveillant utilis\u00e9\npar les attaquants suite \u00e0 l\u2019exploitation de cette vuln\u00e9rabilit\u00e9,\npr\u00e9senterait des similarit\u00e9s avec la porte d\u00e9rob\u00e9e RomCom.\n\nRomCom est un code malveillant d\u00e9couvert en ao\u00fbt 2022 par PaloAlto\n\\[5\\], qui aurait \u00e9t\u00e9 utilis\u00e9 depuis octobre 2022 dans des campagnes\nd\u2019espionnage contre des entit\u00e9s gouvernementales et militaires\nukrainiennes (\\[6\\], \\[7\\]), et des entit\u00e9s des secteurs du\ngouvernement, de la d\u00e9fense, de la sant\u00e9, des services num\u00e9riques et de\nla logistique dans certains pays d\u2019Europe et d\u2019Am\u00e9rique du Nord (\\[7\\],\n\\[8\\], \\[9\\], \\[10\\], \\[11\\], \\[4\\]).\n\nLe code malveillant RomCom a \u00e9t\u00e9 associ\u00e9 au groupe cybercriminel Cuba\npar plusieurs \u00e9diteurs de s\u00e9curit\u00e9 \\[5\\], \\[12\\]. Cuba est notamment\nconnu pour avoir revendiqu\u00e9 l\u2019attaque par ran\u00e7ongiciel contre le\ngouvernement du Mont\u00e9n\u00e9gro en ao\u00fbt 2022 \\[13\\].\n\n\u00a0\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Microsoft",
"vendor_advisories": []
}