Intrusion Prevention

MS.VBA.Insecure.Library.Loading

Description

This indicates a possible attack against a remote Code Execution vulnerability in Microsoft Visual Basic for Applications.
The vulnerability is due to the way the applications load external libraries. When the vulnerable application loads a DLL file without specifying a fully qualified path name, Windows will try to locate the DLL by searching a defined set of directories which could lead to arbitrary code execution.

Affected Products

Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010
Microsoft Visual Basic for Applications
Microsoft Visual Basic for Applications SDK

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.microsoft.com/technet/security/Bulletin/MS12-046.mspx

CVE References

CVE-2012-1854