Lucene search

[email protected]CVE-2012-1849

HistoryJun 12, 2012 - 10:55 p.m.

CVE-2012-1849

2012-06-1222:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

102

cve-2012-1849

microsoft lync

untrusted search path vulnerability

privilege escalation

trojan horse dll

security vulnerability

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.853 High

EPSS

Percentile

98.5%

JSON

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka “Lync Insecure Library Loading Vulnerability.”

CPENameOperatorVersion
microsoft:lyncmicrosoft lynceq2010

CPE	Name	Operator	Version
microsoft:lync	microsoft lync	eq	2010

References

www.us-cert.gov/cas/techalerts/TA12-164A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.853 High

EPSS

Percentile

98.5%

JSON

Related for CVE-2012-1849

symantec1 prion1 checkpoint_advisories1 openvas2 securityvulns1 nessus1