Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy
May 08 2018 10:01PM
Stefan Kanthak (stefan kanthak nexgo de)
during installation of Microsoft Office 2003 and newer versions
as well as single components of Microsoft Office products, the
executable of the "Office Source Engine", ose.exe, is copied as
"%TEMP%\ose00000.exe" and then executed with elevated privileges.
%TEMP% is writable by unprivilege...
[ more ]
Copyright 2010, SecurityFocus