QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-1854

Back to search

CVE-2012-1854

Published: Jul 10, 2012

Modified: Apr 14, 2026

PUBLISHED

Description

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

VendorProductVersions

n/a

n/a

affected
n/a

References

TA12-192A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:14950
vdb-entry
signature
x_refsource_OVAL
MS12-046
vendor-advisory
x_refsource_MS

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now