Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1854

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2012-1854
Last Modified 06 Mar 2013 11:53:55
Published 10 Jul 2012 05:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1854

Summary

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

Vulnerable Systems

Application

  • Microsoft Office 2003

  • Microsoft Office 2007

  • Microsoft Office 2010

  • Microsoft Visual Basic For Applications

  • Microsoft Visual Basic For Applications Sdk


References

MS - MS12-046

CERT - TA12-192A

Related Patches

MS12-046 Security Update for Microsoft Office 2003 (KB2598361)

MS12-046 Security Update for Microsoft Office 2010 32-Bit Edition (KB2553447)

MS12-046 Security Update for Microsoft Office 2010 32-Bit Edition (KB2598243)

MS12-046 Security Update for Microsoft Office 2007 suites (KB2596744)

MS12-046 Security Update for Microsoft Office 2010 64-Bit Edition (KB2598243)

MS12-046 Security Update for Microsoft Office 2010 64-Bit Edition (KB2553447)

MS12-046 2707960 2688865 Security Update for Microsoft Visual Basic for Applications (Rev 2)

MS12-046 Security Update for Office 2003 (KB2687626)


Last Updated: 27 May 2016 10:54:51