Technology news and Jobs 
Information Technology News Another Office 2008 installer security flaw
Information Technology News Another Office 2008 installer security flaw | Another Office 2008 installer security flaw |
|
| by Stephen Withers | |
| Monday, 25 February 2008 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
The flaw affects Mac OS X 10.4.9 and later, but not any versions of Mac OS X 10.5. It arises when the target computer is sitting at the login prompt. The installer is unable to install Dock icons in these circumstances, and uses a postflight script (a script that is executed after the main installation process) instead. That script opens the Dock with root privileges, which allows anyone sitting at the computer to use the Dock to open applications with root privileges. Microsoft recommends the deletion of the postflight script from the installer before it is used remotely on systems running affected versions of Mac OS X. Another possibility is to lock the target system's screen (possible with Apple Remote Desktop 3) during installation to prevent exploitation. Restarting the computer after installation is also necessary. This is the second installer-related issue with Office 2008. It was previously revealed that the installer incorrectly sets user ID 502 as the owner of the software, which could result in a user without admin rights to modify Office program files. Microsoft has described a manual fix for that issue, and is expected to correct the installer files some time in the future. |
Tags
| < Next story in category | Previous story in the category > |
|---|
