Lucene search

PRIOn knowledge basePRION:CVE-2012-1849

HistoryJun 12, 2012 - 10:55 p.m.

Design/Logic Flaw

2012-06-1222:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.853 High

EPSS

Percentile

98.4%

JSON

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka “Lync Insecure Library Loading Vulnerability.”

CPENameOperatorVersion
lynceq2010 x86
lynceq2010 x64
lynceq2010 attendee
lynceq2010 attendant-x86
lynceq2010 attendant-x64

Name	Operator	Version
lync	eq	2010 x86
lync	eq	2010 x64
lync	eq	2010 attendee
lync	eq	2010 attendant-x86
lync	eq	2010 attendant-x64

References

www.us-cert.gov/cas/techalerts/TA12-164A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874

6.8 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.853 High

EPSS

Percentile

98.4%

JSON

Related for PRION:CVE-2012-1849