cve detail

CVE-2012-1854

naam

Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability

Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.

KEV

bekend misbruikt

EPSS

4,6%

percentiel

89%

vendor

Microsoft

product

Visual Basic for Applications (VBA)

toegevoegd aan KEV

13 apr 2026

due date

27 apr 2026

ransomware

Unknown

CWE

CWE-426

EPSS datum

12 mei 2026

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854