Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege

January 4, 2017 007admin Leave a comment

Posted by Stefan Kanthak on Jan 03

Hi @ll,

the service pack installers for SoftMaker Office 201x, available
from <http://www.softmaker.com/en/servicepacks-office-windows>,
are (surprise.-) vulnerable.

The executable installer (OUCH) ofw16_763.exe, a 7z SFX (OUCH),
creates an UNPROTECTED directory “%TEMP%7zSxxxxxxxx” to extract
its payload, then executes “%TEMP%7zSxxxxxxxxspsetup.exe”.

“%TEMP%7zSxxxxxxxx” inherits the NTFS access rights…

007 Software

Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege

Leave a Reply Cancel reply

Software and Security Information