Is CVE-2012-1854 exploitable?

Yes — CVE-2012-1854 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2012-1854 a false positive?

No practitioners have marked CVE-2012-1854 a false positive so far (2 verdicts).

How do I remediate CVE-2012-1854?

Practitioners have shared remediation steps for CVE-2012-1854 — see the remediation notes on this page.

CVE-2012-1854

is CVE-2012-1854real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

High · CVSS 7.8EPSS 21.0%CISA KEVCWE-426

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.

References

NVD MITRE CVE.org CISA KEV

Published Jul 10, 2012

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2012-1854/badge.svg)](https://www.truepositive.app/cve/CVE-2012-1854)

HTML

<a href="https://www.truepositive.app/cve/CVE-2012-1854"><img src="https://www.truepositive.app/cve/CVE-2012-1854/badge.svg" alt="TruePositive verdict for CVE-2012-1854"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts

Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

Pick your verdict — we'll save it right after a quick sign-in.

Community real-world severity: High (High 2) — CVSS base score 7.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

0
Field note · Diego RamírezCurated
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability — Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution. Listed in the CISA KEV catalog (added 2026-04-13) — confirmed exploited in the wild, not theoretical. FIRST EPSS puts the chance of exploitation in the next 30 days at ~21%. Treat it as real and prioritize remediation over triage.
0
Remediation · Marco FerriCurated
Required action for Microsoft Visual Basic for Applications (VBA): Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. CISA set a federal remediation due date of 2026-04-27. After patching, verify the vulnerable path is no longer reachable before closing the finding.