Executive Summary
Summary | |
---|---|
Title | Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) |
Informations | |||
---|---|---|---|
Name | MS12-046 | First vendor Publication | 2012-07-10 |
Vendor | Microsoft | Last vendor Modification | 2012-11-13 |
Severity (Vendor) | Important | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.0 (November 13, 2012): Rereleased bulletin to replace the KB2598361 update with the KB2687626 update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-046 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14950 | |||
Oval ID: | oval:org.mitre.oval:def:14950 | ||
Title: | Visual Basic for Applications Insecure Library Loading Vulnerability - MS12-046 | ||
Description: | Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1854 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 Microsoft Visual Basic for Applications |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-11 | Name : Visual Basic for Applications Remote Code Execution Vulnerability (2707960) File : nvt/secpod_ms12-046.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-07-12 | IAVM : 2012-A-0109 - Microsoft Visual Basic for Applications Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0033311 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Word imeshare.dll dll-load exploit attempt RuleID : 23316 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word request for imeshare.dll over SMB attempt RuleID : 23315 - Revision : 4 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-07-11 | Name : Arbitrary code can be executed on the remote host through Visual Basic for Ap... File : smb_nt_ms12-046.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-27 01:59:20 |
|
2014-02-17 11:47:22 |
|
2014-01-19 21:30:51 |
|
2013-11-11 12:41:29 |
|
2013-03-07 13:21:02 |
|
2012-11-13 21:22:40 |
|
2012-11-13 21:18:32 |
|