Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft VBA vulnerability could allow remote code execution


Report ID: MS201207004
Date Published: 16 July 2012

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Visual Basic for Applications




Summary

A vulnerability in Microsoft Visual Basic for Applications (VBA) could allow an attacker to execute arbitrary code on an affected system.



Detailed Description

Microsoft has released a security update to address a vulnerability in Microsoft Visual Basic for Applications (VBA) that resulted from placing incorrect restriction on the path used for loading external libraries. Upon successful exploit, an attacker could execute code in the context of a logged-on user and take control of the affected system.

In the latest update, the way that Microsoft VBA loads external libraries has been corrected. Users are recommended to install this update to their system as a protection measure againsts potential exploit attempts.



CVE Reference

CVE-2012-1854



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-046)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.