ID CVE-2012-1854
Summary Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:*:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:*:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:visual_basic_for_applications_sdk:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_basic_for_applications_sdk:*:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 12-10-2018 - 22:02)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS12-046
bulletin_url
date 2012-07-10T00:00:00
impact Remote Code Execution
knowledgebase_id 2707960
knowledgebase_url
severity Important
title Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution
oval via4
accepted 2012-08-27T04:00:11.671-04:00
class vulnerability
contributors
name SecPod Team
organization SecPod Technologies
definition_extensions
  • comment Microsoft Office 2003 SP3 is installed
    oval oval:org.mitre.oval:def:15626
  • comment Microsoft Office 2007 SP2 is installed
    oval oval:org.mitre.oval:def:15607
  • comment Microsoft Office 2007 SP3 is installed
    oval oval:org.mitre.oval:def:15704
  • comment Microsoft Visual Basic for Applications is installed
    oval oval:org.mitre.oval:def:1746
  • comment Microsoft Office 2010 is installed
    oval oval:org.mitre.oval:def:12061
description Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
family windows
id oval:org.mitre.oval:def:14950
status accepted
submitted 2012-07-16T12:35:55
title Visual Basic for Applications Insecure Library Loading Vulnerability - MS12-046
version 20
refmap via4
cert TA12-192A
Last major update 12-10-2018 - 22:02
Published 10-07-2012 - 21:55
Last modified 12-10-2018 - 22:02
Back to Top