VulDB: Microsoft Office 2011 on Mac privilege escalation [CVE-2012-1894]
General
scipID: 5648
Affected: Microsoft Office 2011
Published: 07/10/2012
Risk: 
problematic
Entry: 91.2% complete
Created: 07/11/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as problematic, has been found in Microsoft Office 2011 (Mac). Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was presented 07/10/2012 as MS12-051 as bulletin (Microsoft Technet). The advisory is shared for download at technet.microsoft.com. This vulnerability is handled as CVE-2012-1894 since 03/22/2012. The attack needs to be approached locally. A single authentication is necessary for exploitation. Technical details are unknown but a private exploit is available.
Applying the patch MS12-051 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. The problem might be mitigated by replacing the product with OpenOffice as an alternative. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (83654) and Secunia (SA49876).CVSS
Base Score: 4.1 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Privilege escalation
Local: Yes
Remote: No
Availability: Yes
Access: Private
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: MS12-051
Alternative: OpenOffice
Timeline
03/22/2012 | CVE assigned
07/10/2012 | Advisory disclosed
07/10/2012 | Countermeasure disclosed
07/10/2012 | OSVDB entry created
07/11/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: MS12-051
OSVDB: 83654
CVE: CVE-2012-1894 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49876
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
