Vulnerabilities > CVE-2012-1849 - Unspecified vulnerability in Microsoft Lync 2010

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
critical
nessus

Summary

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039 AV:N per "How could an attacker exploit the vulnerability? An attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained. In an email attack scenario, an attacker could exploit the vulnerability by sending a legitimate Microsoft Lync-related file (such as an .ocsmeet file) to a user, and convincing the user to place the attachment into a directory that contains a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained. In a network attack scenario, an attacker could place a legitimate Microsoft Lync-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part Description Count
Application
Microsoft
5

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS12-039.NASL
descriptionThe remote Windows host is potentially affected by the following vulnerabilities : - Multiple code execution vulnerabilities exist in the handling of specially crafted TrueType font files. (CVE-2011-3402, CVE-2012-0159) - An insecure library loading vulnerability exists in the way that Microsoft Lync handles the loading of DLL files. (CVE-2012-1849) - An HTML sanitization vulnerability exists in the way that HTML is filtered. (CVE-2012-1858)
last seen2020-06-01
modified2020-06-02
plugin id59457
published2012-06-13
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/59457
titleMS12-039: Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

Oval

accepted2014-08-18T04:01:09.686-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMicrosoft Lync 2010 is installed
    ovaloval:org.mitre.oval:def:15099
  • commentMicrosoft Lync 2010 Attendee (user level install) is installed
    ovaloval:org.mitre.oval:def:15641
  • commentMicrosoft Lync 2010 Attendee (admin level install) is installed
    ovaloval:org.mitre.oval:def:15556
  • commentMicrosoft Lync 2010 Attendant is installed
    ovaloval:org.mitre.oval:def:15600
descriptionUntrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
familywindows
idoval:org.mitre.oval:def:14874
statusaccepted
submitted2012-06-18T15:13:15
titleLync Insecure Library Loading Vulnerability (CVE-2012-1849)
version13