Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office security vulnerabilities
Published:11.07.2012
Source:
SecurityVulns ID:12465
Type:client
Threat Level:
5/10
Description:VBA unsafe library loading, Office for Mac weak files permissions.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2011 for Mac
CVE:CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability.")
 CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.)
Files:Microsoft Security Bulletin MS12-046 - Important Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
 Microsoft Security Bulletin MS12-051 - Important Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod