Issue
When you deploy Office 2008 by using a remote connection, such as Apple Remote Desktop, to a client computer at a login window, a postflight script in the Office Installer
causes the Dock application to open with root user privileges. Any applications subsequently opened from the Dock will also be run with root user privileges. Under these conditions, someone with physical access to the client computer can gain local elevation of privilege. This security issue can only occur when Office 2008
is deployed to computers that run Mac OS X v10.4.9
or a later version of Mac OS X v10.4 (Tiger). This is not an issue for computers that run Mac OS X v10.5 (Leopard). For more information about this security issue, see
Apple KB304131: "Remote Desktop: Installing a package on clients that are at a login window"
. For information about how to install by using Apple Remote Desktop, see
Installation by using Apple Remote Desktop
Solution
Before you use the Office 2008 installer, delete the postflight script file from Office Installer.mpkg/Contents/Packages/Office2008_<language>_dock.pkg/Contents/Resources/. A known issue prevents network deployment of Office 2008 Dock icons. However, a postflight script, which is in the package that attempts to install icons in the Dock, runs successfully. The postflight script causes the Dock application to close and then reopen. To delete the postflight script, perform the following steps:
Copy Office Installer from the Office 2008 DVD to a writable volume.
Hold down CONTROL and click the Office Installer icon.
Click Show Package Contents.
Double-click Contents, and then double-click Packages, and then locate Office2008_<language>_dock.pkg.
Note Replace <language> with the relevant two-letter language code, such as en, ja, or fr.
Hold down CONTROL and click Office2008_<language>_dock.pkg, and then click Show Package Contents.
Double-click Contents, and then double-click Resources, and then delete postflight.
Mitigations
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, which could reduce the severity of exploitation of vulnerability. The following mitigating factors may be helpful in your situation:
Mac OS X v10.5 (Leopard) is not vulnerable to this issue.
Restarting the client computers after the installation removes the vulnerability.
If you use Apple Remote Desktop 3 or later to deploy Office 2008, choose the options to lock the screens during installation. If the screen is locked during installation, then this vulnerability is not exposed.
Note For an introduction to Apple Remote Desktop, see
Apple Remote Desktop 3 on the Apple Web site (www.apple.com/remotedesktop). For detailed information, see the
Apple Remote Desktop Administrator's Guide documentation available for download from the Resources page in the same area of the Apple Web site.
