Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Microsoft Office
Опубликовано:11 июля 2012 г.
Источник:
SecurityVulns ID:12465
Тип:клиент
Уровень опасности:
5/10
Описание:Небезопасная загрузка библиотек в VBA, слабые разрешения в Office for Mac.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2011 for Mac
CVE:CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability.")
 CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.)
Файлы:Microsoft Security Bulletin MS12-046 - Important Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
 Microsoft Security Bulletin MS12-051 - Important Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород