VYPR
High severity7.8CISA KEVNVD Advisory· Published Jul 10, 2012· Updated Jun 16, 2026

CVE-2012-1854

CVE-2012-1854

Description

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Microsoft/Office8 versions
    cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:x64:*
    • cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:x86:*
    • cpe:2.3:a:microsoft:office:2010:-:*:*:*:*:x64:*
    • cpe:2.3:a:microsoft:office:2010:-:*:*:*:*:x86:*
    • (no CPE)range: 2003 SP3, 2007 SP2 and SP3, 2010 Gold and SP1
  • cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:visual_basic_for_applications:*:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:a:microsoft:visual_basic_for_applications_sdk:*:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.