Untrusted Search Path Vulnerability in Microsoft Office Products
CVE-2012-1854

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office; Visual Basic For Applications; Visual Basic For Applications Sdk
Vendor: CVE Published:; 10 July 2012

Summary

This vulnerability affects Microsoft Office components, specifically through the VBE6.dll and allows local users to exploit the system by placing a malicious DLL in the current working directory. This can lead to privilege escalation, particularly through the execution of crafted .docx files. The flaw was publicly exploited in July 2012, highlighting the risks associated with insecure library loading in Microsoft Visual Basic for Applications.

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

Timeline

Vulnerability published
Jul 10, 2012
Vulnerability Reserved
Mar 22, 2012