CyberSec.Space Logo
Back to CVE Browser

CVE-2012-1849

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile36.64th
PublishedJun 12, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2010
πŸ“¦
Microsoft

Lync

= 2010

References & Advisories

πŸ”— http://www.us-cert.gov/cas/techalerts/TA12-164A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874
πŸ”— http://www.us-cert.gov/cas/techalerts/TA12-164A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874

Related Vulnerabilities

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2014-18189.3

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Window...

CVE-2013-13029.3

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, whic...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...