Microsoft Office for Mac Folder Permission Flaw Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1027234 |
|
SecurityTracker URL: http://securitytracker.com/id/1027234
|
|
CVE Reference:
CVE-2012-1894
(Links to External Site)
|
Date: Jul 10 2012
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Office for Mac 2011
|
Description:
A vulnerability was reported in Microsoft Office for Mac. A local user can obtain elevated privileges on the target system.
A local user can place a specially crafted executable file in the Microsoft Office 2011 folder. Then, when the target user later runs the file, code in the file will be executed with the privileges of the target user.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued the following fix:
Microsoft Office for Mac 2011:
http://www.microsoft.com/downloads/details.aspx?familyid=877700ed-3d03-4d46-a77b-5063d8f7d2e3
The Microsoft advisory is available at:
http://technet.microsoft.com/en-us/security/bulletin/ms12-051
|
Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms12-051 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
