Back to KEVs

CVE-2012-1854

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 22, 2012
Published Date
July 10, 2012
Last Updated
August 06, 2024
Vendor
Microsoft
Product
Office
Description
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

CVSS Scores

CVSS v2.0

6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2012-07-10 21:00:00 UTC) Source

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046

Known Exploited Vulnerability Information

Source Added Date
CVE 2012-07-10 21:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel