Untrusted Search Path Vulnerability in Microsoft Office Products
CVE-2012-1854

Currently unrated

Key Information:

Vendor

Microsoft
Status
Office
Visual Basic For Applications
Visual Basic For Applications Sdk
Vendor
CVE Published:
10 July 2012

What is CVE-2012-1854?

This vulnerability affects Microsoft Office components, specifically through the VBE6.dll and allows local users to exploit the system by placing a malicious DLL in the current working directory. This can lead to privilege escalation, particularly through the execution of crafted .docx files. The flaw was publicly exploited in July 2012, highlighting the risks associated with insecure library loading in Microsoft Visual Basic for Applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html
third-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.