CVE-2012-1894 — Microsoft Office vulnerability

CWE-2642 documents2 sources

Severity

6.9MEDIUMNVD

EPSS

0.5%

top 33.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office

Timeline

PublishedJul 10

Latest updateMay 14

Description

Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/office2011

🔴Vulnerability Details

GHSA

GHSA-f78m-864p-mm89: Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, w↗2022-05-14

▶