CVE-2012-1854

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:*:x86:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic_for_applications_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*

Information

Published : 2012-07-10 14:55

Updated : 2018-10-12 15:02


NVD link : CVE-2012-1854

Mitre link : CVE-2012-1854


JSON object : View

Advertisement

dedicated server usa

Products Affected

microsoft

  • visual_basic_for_applications
  • office
  • visual_basic_for_applications_sdk