CVE-2012-1854

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 Microsoft Visual Basic for Applications (VBA) Summit Microsoft Visual Basic for Applications SDK

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. This can be exploited by placing a malicious DLL in a directory that contains a .docx file. The vulnerability has been exploited in the wild. It is a remote code execution vulnerability that exists in the way Microsoft Visual Basic for Applications handles the loading of DLL files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Office 2003 SP3, consider disabling the loading of external DLL files until a patch is available. For Microsoft Office 2007 SP2 and SP3, restrict access to the VBE6.dll module to minimize the risk of exploitation. For Microsoft Office 2010 Gold and SP1, avoid using the vulnerable VBA functionality in sensitive environments until the issue is resolved. For Microsoft Visual Basic for Applications (VBA), consider implementing additional security measures to prevent the loading of malicious DLL files. For Summit Microsoft Visual Basic for Applications SDK, restrict the use of the SDK in environments where the vulnerability could be exploited.