Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2012-1854
HistoryJul 10, 2012 - 9:55 p.m.

CVE-2012-1854

2012-07-1021:55:05
microsoft
web.nvd.nist.gov
144
microsoft
office 2003
vbe6.dll
vulnerability
security
nvd
cve-2012-1854

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

17.5%

JSON

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka “Visual Basic for Applications Insecure Library Loading Vulnerability,” as exploited in the wild in July 2012.

Affected configurations

Nvd
Node
microsoftofficeMatch2003sp3
OR
microsoftofficeMatch2007sp2
OR
microsoftofficeMatch2007sp3
OR
microsoftofficeMatch2010x86
OR
microsoftofficeMatch2010sp1
OR
microsoftofficeMatch2010sp1x64
OR
microsoftofficeMatch2010sp1x86
OR
microsoftvisual_basic_for_applications
OR
microsoftvisual_basic_for_applications_sdk
VendorProductVersionCPE
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:*:x86:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*
microsoftvisual_basic_for_applications*cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*
microsoftvisual_basic_for_applications_sdk*cpe:2.3:a:microsoft:visual_basic_for_applications_sdk:*:*:*:*:*:*:*:*

Related

mskb 1
prion 1
cvelist 1
nvd 1
checkpoint_advisories 1
nessus 1
openvas 2
securityvulns 1
mskb
mskb
MS12-046: Vulnerability in Visual Basic for Applications could allow remote code execution: July 10, 2012
2012-07-10 00:00:00
prion
prion
Design/Logic Flaw
2012-07-10 21:55:00
cvelist
cvelist
CVE-2012-1854
2012-07-10 21:00:00
nvd
nvd
CVE-2012-1854
2012-07-10 21:55:05
checkpoint_advisories
checkpoint_advisories
Microsoft Visual Basic for Applications Insecure Library Loading (MS12-046; CVE-2012-1854)
2012-07-10 00:00:00
nessus
nessus
MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
2012-07-11 00:00:00
openvas
openvas
Visual Basic for Applications Remote Code Execution Vulnerability (2707960)
2012-07-11 00:00:00
Visual Basic for Applications Remote Code Execution Vulnerability (2707960)
2012-07-11 00:00:00
securityvulns
securityvulns
Microsoft Office security vulnerabilities
2012-07-11 00:00:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

17.5%

JSON
Related for CVE-2012-1854
mskb1prion1cvelist1nvd1checkpoint_advisories1nessus1openvas2securityvulns1