返回 CVE 浏览器

CVE-2012-1849

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0600%

EPSS Percentile36.64th

Published2012年6月12日

Last Modified2026年4月29日

Vulnerability Description

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

📦

Microsoft

Lync

= 2010

References & Advisories

🔗 http://www.us-cert.gov/cas/techalerts/TA12-164A.html

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874

🔗 http://www.us-cert.gov/cas/techalerts/TA12-164A.html

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874

相关漏洞威胁

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2014-18189.3

GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Window...

CVE-2013-13029.3

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, whic...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...