Loading…

Cookies and privacy

We use strictly necessary cookies to run the site. With your permission we also load Vercel Web Analytics and Speed Insights to measure traffic and performance in aggregate. See our Cookie Policy and Privacy Policy.

CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability · Scorifya

CVE detail

CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

Microsoft · Visual Basic for Applications (VBA)

Date added (KEV): Apr 13, 2026
CISA due date: Apr 27, 2026
Ransomware campaign use: Unknown

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vendor fix: Vendor mitigation

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046MitigationVendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046MitigationVendor Advisory
https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-046MitigationVendor Advisory
http://www.us-cert.gov/cas/techalerts/TA12-192A.htmlUS Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950

Other recent CVEs from Microsoft

CVE-2026-42897Microsoft — Microsoft Exchange Server Cross-Site Scripting Vulnerability
CVE-2026-32202Windows — Microsoft Windows Protection Mechanism Failure Vulnerability
CVE-2026-33825Defender — Microsoft Defender Insufficient Granularity of Access Control Vulnerability
CVE-2009-0238Office — Microsoft Office Remote Code Execution
CVE-2026-32201SharePoint Server — Microsoft SharePoint Server Improper Input Validation Vulnerability

Check your domain's public posture

Scorifya doesn't test for specific CVEs, but if patching Microsoft changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.

Run a free scan Methodology