Home / bulletins

MS12-046 - Important : Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) - Version: 1.0

Posted on 10 July 2012

There is an newer version: MS12-046 - Version: 2.0

Important

Severity Rating: Important
Revision Note: V1.0 (July 10, 2012): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Link

Other versions

 

TOP