Microsoft Office
CVE-2018-8412 — Microsoft (MAU) Office Elevation of Privilege Vulnerability
Important
2018-08 archive
Executive Summary
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges. To exploit the vulnerability, the attacker could place a crafted executable in a specific location used by the update application to execute arbitrary code in a privileged context. This update addresses the vulnerability by ensuring that MAU for Mac properly validates packages prior to installing them.
Overview
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
1 affected product
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Office 2016 for Mac | Release Notes (Security Update) |
Important | Elevation of Privilege | No |
Patches
1 patch
| Article | Type | Restart |
|---|---|---|
Release Notes |
Security Update | No |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
CodeColorist from AntFinancial LightYear Security Lab
References
On This Page