Lucene search

[email protected]CVE-2012-1849

HistoryJun 12, 2012 - 10:55 p.m.

CVE-2012-1849

2012-06-1222:55:01

[email protected]

web.nvd.nist.gov

106

cve-2012-1849

microsoft lync

untrusted search path vulnerability

privilege escalation

trojan horse dll

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.942 High

EPSS

Percentile

99.2%

JSON

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka “Lync Insecure Library Loading Vulnerability.”

Affected configurations

NVD

Node

microsoftlyncMatch2010attendant_x64

microsoftlyncMatch2010attendant_x86

microsoftlyncMatch2010attendee

microsoftlyncMatch2010x64

microsoftlyncMatch2010x86

CPENameOperatorVersion
microsoft:lyncmicrosoft lynceq2010

CPE	Name	Operator	Version
microsoft:lync	microsoft lync	eq	2010

References

www.us-cert.gov/cas/techalerts/TA12-164A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.942 High

EPSS

Percentile

99.2%

JSON

Related for CVE-2012-1849

prion1 nvd1 symantec1 checkpoint_advisories1 cvelist1 openvas2 nessus1 securityvulns1