Back to KEVs

CVE-2012-1854

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 22, 2012
Published Date
July 10, 2012
Last Updated
April 14, 2026
Vendor
Microsoft
Product
Office
Description
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
Tags
cisa

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2012-07-10 21:00:00 UTC) Source

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046

Known Exploited Vulnerability Information

Source Added Date
CVE 2012-07-10 21:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel