CVE-2012-1849Improper Access Control in Microsoft Lync

CWE-284Improper Access Control5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
50.0%
top 2.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Lync
Timeline
PublishedJun 12
Latest updateMay 14

Description

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/lync2010

🔴Vulnerability Details

2
GHSA
GHSA-4wgv-p49g-987m: Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse2022-05-14
CVEList
CVE-2012-1849: Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse2012-06-12

📋Vendor Advisories

2
Red Hat
kernel: possible privilege escalation via SG_IO ioctl2011-12-22
Red Hat
mysql: over-sized packet denial of service vulnerability2010-05-13
CVE-2012-1849 — Improper Access Control in Microsoft | cvebase