CVE-2012-1849 - Vulnerability Details - OpenCVE

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.59138.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Lync

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:lync:2010::attendant_x64:::::
	cpe:2.3:a:microsoft:lync:2010::attendant_x86:::::
	cpe:2.3:a:microsoft:lync:2010::attendee:::::
	cpe:2.3:a:microsoft:lync:2010::x64:::::
	cpe:2.3:a:microsoft:lync:2010::x86:::::

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2012-06-12T22:00:00

Updated: 2024-08-06T19:08:38.715Z

Reserved: 2012-03-22T00:00:00

Link: CVE-2012-1849

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-06-12T22:55:01.420

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-1849

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka \"Lync Insecure Library Loading Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "TA12-164A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"}, {"name": "oval:org.mitre.oval:def:14874", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874"}, {"name": "MS12-039", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2012-1849", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka \"Lync Insecure Library Loading Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA12-164A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"}, {"name": "oval:org.mitre.oval:def:14874", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874"}, {"name": "MS12-039", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:08:38.715Z"}, "title": "CVE Program Container", "references": [{"name": "TA12-164A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"}, {"name": "oval:org.mitre.oval:def:14874", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874"}, {"name": "MS12-039", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2012-1849", "datePublished": "2012-06-12T22:00:00", "dateReserved": "2012-03-22T00:00:00", "dateUpdated": "2024-08-06T19:08:38.715Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendant_x64:*:*:*:*:*", "matchCriteriaId": "FD4AAE75-E507-4EE5-926E-630D6C0B4B90", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendant_x86:*:*:*:*:*", "matchCriteriaId": "20722891-B55F-42C1-9DCF-34196A9932A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*", "matchCriteriaId": "EE98CEE9-200B-494A-B645-D14ACB577250", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:x64:*:*:*:*:*", "matchCriteriaId": "AF2C62AD-CC37-42B4-88AD-75F8F603ADEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:lync:2010:*:x86:*:*:*:*:*", "matchCriteriaId": "F01B787D-6263-4753-977D-211432447E38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka \"Lync Insecure Library Loading Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad en b\u00fasqueda en Path no confiable en Microsoft Lync 2010, 2010 Attendee, y 2010 Attendant permite a usuarios locales obtener privilegios a trav\u00e9s de una DLL troyanizada, en el directorio de trabajo actual, como se demostr\u00f3 mediante un directorio que conten\u00eda el fichero .ocsmeet, tambi\u00e9n conocido como \"Lync Insecure Library Loading Vulnerability.\"\r\n\r\n"}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "evaluatorImpact": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039\r\n\r\nAV:N per \"How could an attacker exploit the vulnerability? \r\nAn attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained.\r\n\r\nIn an email attack scenario, an attacker could exploit the vulnerability by sending a legitimate Microsoft Lync-related file (such as an .ocsmeet file) to a user, and convincing the user to place the attachment into a directory that contains a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained.\r\n\r\nIn a network attack scenario, an attacker could place a legitimate Microsoft Lync-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file.\"", "id": "CVE-2012-1849", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-06-12T22:55:01.420", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}