CVE-2012-1854

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA12-192A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2007:sp2::::::
	cpe:2.3:a:microsoft:office:2007:sp3::::::
	cpe:2.3:a:microsoft:office:2010::x86:::::
	cpe:2.3:a:microsoft:office:2010:sp1::::::
	cpe:2.3:a:microsoft:office:2010:sp1:x64:::::*
	cpe:2.3:a:microsoft:office:2010:sp1:x86:::::*
	cpe:2.3:a:microsoft:visual_basic_for_applications::::::::
	cpe:2.3:a:microsoft:visual_basic_for_applications_sdk::::::::

History

No history.

Information

Published : 2012-07-10 21:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-1854

Mitre link : CVE-2012-1854

CVE.ORG link : CVE-2012-1854

JSON object : View

Products Affected

microsoft

visual_basic_for_applications_sdk
office
visual_basic_for_applications

CWE

NVD-CWE-Other

{"id": "CVE-2012-1854", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-07-10T21:55:05.587", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka \"Visual Basic for Applications Insecure Library Loading Vulnerability,\" as exploited in the wild in July 2012."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable (\"Untrusted search path\") en VBE6.dll en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Microsoft Visual Basic para Applications (VBA); y Summit Microsoft Visual Basic para Applications SDK permite a usuarios locales conseguir privilegios a trav\u00e9s de un troyano dll en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. docx, tambi\u00e9n conocido como vulnerabilidad \"Visual Basic para la carga de librer\u00edas inseguras\",\" como fue explotado en julio de 2012."}], "lastModified": "2018-10-12T22:02:45.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA"}, {"criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:*:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0CF7572-79BA-4576-ADED-528D17809071"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9932C177-FCBB-4AD1-A42A-1FAB28F392F3"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8239CEF1-BD02-4ACE-A0C2-75A9EAA15914"}, {"criteria": "cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8383FADC-9391-4570-AAF9-92A952A4F04F"}, {"criteria": "cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "390665EF-39A5-4FB7-93D1-CC5D3DEDEB93"}, {"criteria": "cpe:2.3:a:microsoft:visual_basic_for_applications_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99D0A944-E18D-4E24-8614-CE82FD201384"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'", "sourceIdentifier": "secure@microsoft.com"}