Exploitation Summary
CVE-2012-1854 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2026.
Description
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1854
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA12-192A.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046
Scores
CVSS v3
7.8
EPSS
0.0314
EPSS Percentile
87.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2026-04-13
VulnCheck KEV
2012-07-10
InTheWild.io
2018-10-12
ENISA EUVD
EUVD-2012-1864
CWE
CWE-426
Status
published
Products (5)
microsoft/office
2003 sp3
microsoft/office
2007 sp2 (2 CPE variants)
microsoft/office
2010 (8 CPE variants)
microsoft/visual_basic_for_applications
microsoft/visual_basic_for_applications_sdk
Published
Jul 10, 2012
KEV Added
Apr 13, 2026
Tracked Since
Feb 18, 2026