Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Office for Mac vulnerability could allow escalation of privilege


Report ID: MS201207009
Date Published: 16 July 2012

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Microsoft Office for Mac 2011




Summary

A vulnerability in Microsoft Office for Mac could be exploited into allowing the attacker to execute code in the context of a logged-on user.



Detailed Description

Microsoft has released a security update that addresses an escalation of privilege vulnerability in Microsoft Office for Mac 2011. The vulnerability was caused by the way that folder permissions are set in certain installations of the program. An attacker could take advantage of the condition by placing a malicious executable in the folder and later logs on to run the executable in the security context of a logged-on user.

This issue has been resolved through the update by correcting the permission settings on the Microsoft Office 2011 folder and other affected folders. Users are recommended to install this latest update to protect their system from potential exploit attempts.



CVE Reference

CVE-2012-1894



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-051)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.