CVE-2012-1849

{"id": "CVE-2012-1849", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-06-12T22:55:01.420", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka \"Lync Insecure Library Loading Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad en b\u00fasqueda en Path no confiable en Microsoft Lync 2010, 2010 Attendee, y 2010 Attendant permite a usuarios locales obtener privilegios a trav\u00e9s de una DLL troyanizada, en el directorio de trabajo actual, como se demostr\u00f3 mediante un directorio que conten\u00eda el fichero .ocsmeet, tambi\u00e9n conocido como \"Lync Insecure Library Loading Vulnerability.\"\r\n\r\n"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendant_x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD4AAE75-E507-4EE5-926E-630D6C0B4B90"}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendant_x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20722891-B55F-42C1-9DCF-34196A9932A5"}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE98CEE9-200B-494A-B645-D14ACB577250"}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF2C62AD-CC37-42B4-88AD-75F8F603ADEB"}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F01B787D-6263-4753-977D-211432447E38"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039\r\n\r\nAV:N per \"How could an attacker exploit the vulnerability? \r\nAn attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained.\r\n\r\nIn an email attack scenario, an attacker could exploit the vulnerability by sending a legitimate Microsoft Lync-related file (such as an .ocsmeet file) to a user, and convincing the user to place the attachment into a directory that contains a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained.\r\n\r\nIn a network attack scenario, an attacker could place a legitimate Microsoft Lync-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file.\"", "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "sourceIdentifier": "secure@microsoft.com"}