Untrusted Search Path Vulnerability in Microsoft Office Products
CVE-2012-1854

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Office
Visual Basic For Applications
Visual Basic For Applications Sdk
Vendor
CVE Published:
10 July 2012

Badges

๐Ÿ‘พ Exploit Exists๐Ÿฆ… CISA Reported

What is CVE-2012-1854?

This vulnerability affects Microsoft Office components, specifically through the VBE6.dll and allows local users to exploit the system by placing a malicious DLL in the current working directory. This can lead to privilege escalation, particularly through the execution of crafted .docx files. The flaw was publicly exploited in July 2012, highlighting the risks associated with insecure library loading in Microsoft Visual Basic for Applications.

CISA has reported CVE-2012-1854

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2012-1854 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

http://www.us-cert.gov/cas/techalerts/TA12-192A.html
third-party-advisoryx_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.