BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy May 08 2018 10:01PM
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

during installation of Microsoft Office 2003 and newer versions
as well as single components of Microsoft Office products, the
executable of the "Office Source Engine", ose.exe, is copied as
"%TEMP%\ose00000.exe" and then executed with elevated privileges.

%TEMP% is writable by unprivilege...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus