Exposures › CVE-2012-1854
Microsoft VBA allows remote code execution via insecure library loading, actively exploited and linked to ransomware.
Microsoft Visual Basic for Applications (VBA) contains a critical insecure library loading vulnerability (CVE-2012-1854) enabling remote code execution, which has been actively exploited by threat actors. Defense-industrial-base organizations must ensure VBA is disabled or hardened in untrusted environments to prevent unauthorized code execution and potential ransomware infiltration.
Shame score — The vulnerability is actively exploited and linked to ransomware, indicating a significant security risk that requires immediate remediation.
Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |