Lucene search

K
cveMicrosoftCVE-2012-1849
HistoryJun 12, 2012 - 10:55 p.m.

CVE-2012-1849

2012-06-1222:55:01
microsoft
web.nvd.nist.gov
111
cve-2012-1849
microsoft lync
untrusted search path vulnerability
privilege escalation
trojan horse dll
security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.951

Percentile

99.4%

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka “Lync Insecure Library Loading Vulnerability.”

Affected configurations

Nvd
Node
microsoftlyncMatch2010attendant_x64
OR
microsoftlyncMatch2010attendant_x86
OR
microsoftlyncMatch2010attendee
OR
microsoftlyncMatch2010x64
OR
microsoftlyncMatch2010x86
VendorProductVersionCPE
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:attendant_x64:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:attendant_x86:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:x64:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:x86:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.951

Percentile

99.4%