Vulnerability Name:

CVE-2012-1849 (CCN-75903)

Assigned:2012-06-12
Published:2012-06-12
Updated:2018-10-12
Summary:Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039

AV:N per "How could an attacker exploit the vulnerability?
An attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained.

In an email attack scenario, an attacker could exploit the vulnerability by sending a legitimate Microsoft Lync-related file (such as an .ocsmeet file) to a user, and convincing the user to place the attachment into a directory that contains a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained.

In a network attack scenario, an attacker could place a legitimate Microsoft Lync-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file."
Per: http://cwe.mitre.org/data/definitions/426.html

'CWE-426: Untrusted Search Path'
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-1849

Source: CCN
Type: SA48429
Microsoft Lync / Office Communicator Multiple Vulnerabilities

Source: CCN
Type: Microsoft Security Bulletin MS12-039
Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

Source: CCN
Type: Microsoft Security Bulletin MS12-066
Vulnerabilities in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)

Source: CCN
Type: Microsoft Security Bulletin MS12-076
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)

Source: CCN
Type: Microsoft Security Bulletin MS13-024
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)

Source: CCN
Type: Microsoft Security Bulletin MS13-035
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)

Source: CCN
Type: Microsoft Security Bulletin MS13-041
Vulnerability in Lync Could Allow Remote Code Execution (2834695)

Source: CCN
Type: Microsoft Security Bulletin MS13-067
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)

Source: CCN
Type: Microsoft Security Bulletin MS13-073
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)

Source: CCN
Type: Microsoft Security Bulletin MS13-084
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)

Source: CCN
Type: Microsoft Security Bulletin MS13-085
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

Source: CCN
Type: Microsoft Security Bulletin MS14-032
Vulnerability in Microsoft Lync Could Allow Information Disclosure

Source: CCN
Type: Microsoft Security Bulletin MS14-073
Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (3000431)

Source: CCN
Type: Microsoft Security Bulletin MS14-083
Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347)

Source: CCN
Type: Microsoft Security Bulletin MS15-116
Security Updates for Microsoft Office to Address Remote Code Execution (3104540)

Source: CCN
Type: Microsoft Security Bulletin MS15-131
Security Update for Microsoft Office to Address Remote Code Execution (3116111)

Source: CCN
Type: Microsoft Security Bulletin MS16-004
Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585)

Source: CCN
Type: Microsoft Security Bulletin MS16-015
Security Update for Microsoft Office to Address Remote Code Execution (3134226)

Source: CCN
Type: Microsoft Security Bulletin MS16-029
Security Update for Microsoft Office to Address Remote Code Execution (3141806)

Source: CCN
Type: Microsoft Security Bulletin MS16-042
Security Update for Microsoft Office (3148775)

Source: CCN
Type: Microsoft Security Bulletin MS16-054
Security Update for Microsoft Office (3155544)

Source: CCN
Type: Microsoft Security Bulletin MS16-070
Security Update for Office (3163610)

Source: CCN
Type: Microsoft Security Bulletin MS16-088
Security Updates for Office (3170008)

Source: CCN
Type: Microsoft Security Bulletin MS16-099
Security Update for Office (3177451)

Source: CCN
Type: Microsoft Security Bulletin MS16-107
Security Update for Microsoft Office (3185852)

Source: CCN
Type: Microsoft Security Bulletin MS16-121
Security Update for Microsoft Office (3194063)

Source: CCN
Type: Microsoft Security Bulletin MS16-133
Security Update for Microsoft Office (3199168)

Source: CCN
Type: Microsoft Security Bulletin MS16-148
Security Update for Microsoft Office (3204068)

Source: CCN
Type: Microsoft Security Bulletin MS17-002
Security Update for Microsoft Office (3214291)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: CCN
Type: Microsoft Security Bulletin MS17-014
Security Update for Microsoft Office (4013241)

Source: CCN
Type: BID-53831
Microsoft Lync CVE-2012-1849 DLL Loading Arbitrary Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA12-164A

Source: MS
Type: UNKNOWN
MS12-039

Source: XF
Type: UNKNOWN
ms-lync-dll-code-execution(75903)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14874

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:lync:2010:*:attendant_x64:*:*:*:*:*
  • OR cpe:/a:microsoft:lync:2010:*:attendant_x86:*:*:*:*:*
  • OR cpe:/a:microsoft:lync:2010:*:attendee:*:*:*:*:*
  • OR cpe:/a:microsoft:lync:2010:*:x64:*:*:*:*:*
  • OR cpe:/a:microsoft:lync:2010:*:x86:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:lync:2010:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:lync:2010:*:attendee:*:*:*:*:*
  • OR cpe:/a:microsoft:lync:2010:*:attendant_x64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14874
    V
    		Lync Insecure Library Loading Vulnerability (CVE-2012-1849)
    2014-08-18
    BACK
    microsoft lync 2010
    microsoft lync 2010
    microsoft lync 2010
    microsoft lync 2010
    microsoft lync 2010
    microsoft lync 2010
    microsoft lync 2010
    microsoft lync 2010