MS12-051: Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) (Mac OS X)

medium Nessus Plugin ID 59914

Synopsis

An application installed on the remote Mac OS X host is affected by an elevation of privilege vulnerability.

Description

The remote Mac OS X host is running a version of Microsoft Office for Mac that is affected by a privilege escalation vulnerability in the way that folder permissions are set in certain installations. If an attacker places a malicious executable in the Office 2011 folder and lures a user into logging in and running that executable, he could cause arbitrary code to be executed in the context of that user.

Note that this issue is primarily a risk on shared workstations, such as in a library or an Internet cafe.

Solution

Microsoft has released a patch for Office for Mac 2011.

See Also

http://technet.microsoft.com/en-us/security/bulletin/ms12-051

Plugin Details

Severity: Medium

ID: 59914

File Name: macosx_ms12-051.nasl

Version: 1.15

Type: local

Agent: macosx

Published: 7/11/2012

Updated: 11/27/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-1894

Vulnerability Information

CPE: cpe:/a:microsoft:office:2011::mac

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/10/2012

Vulnerability Publication Date: 7/10/2012

Reference Information

CVE: CVE-2012-1894

BID: 54361

MSFT: MS12-051

MSKB: 2721015