RULE(RULE ID:1905848)

Rule General Information
Release Date: 2020-11-18
Rule Name: Microsoft Lync Insecure Library Loading Vulnerability (CVE-2012-1849)
Severity:
CVE ID:
Rule Protection Details
Description: Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
Impact: An attacker could exploit this vulnerability to have unspecified effect.
Affected OS: Windows
Reference: MicrosoftSecurityBulletin:ms12-039
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14874
Solutions
The vendors have released upgrade patches to fix vulnerabilities, please visit:
http://technet.microsoft.com/zh-cn/security/bulletin/ms12-039