⚠ Actively exploited
Added to CISA KEV on 2026-04-13. Federal agencies required to patch by 2026-04-27. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2012-1854 — Untrusted Search Path in Microsoft Office
Severity
7.8HIGHNVD
VulnCheck6.9
EPSS
10.1%
top 6.90%
CISA KEV
KEV
Added 2026-04-13
Due 2026-04-27
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 10
KEV addedApr 13
Latest updateApr 14
KEV dueApr 27
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9