CVE-2012-1854 Microsoft CVE debrief

Who should care

Organizations that use Microsoft products with VBA support, especially endpoint, desktop engineering, application security, and vulnerability management teams responsible for Office-enabled environments.

Technical summary

The official source corpus identifies the issue as an insecure library loading vulnerability in Microsoft Visual Basic for Applications (VBA). CISA’s KEV record marks it as known exploited, with a required action to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The source corpus does not provide a CVSS score or further technical detail.

Defensive priority

High

Recommended defensive actions

• Inventory systems and applications that rely on Microsoft VBA support and confirm exposure to the affected software path.
• Review and apply Microsoft’s guidance referenced by CISA, including Security Bulletin MS12-046 and any associated mitigations.
• If mitigations are unavailable for your environment, discontinue use of the affected product or feature per CISA guidance.
• Prioritize remediation before the CISA KEV due date of 2026-04-27 where operationally possible.
• Validate that vulnerability management and endpoint protection workflows track this CVE as a known exploited issue rather than a score-only finding.

Evidence notes

Evidence is limited to the supplied source corpus and official records. CISA’s KEV entry names the vulnerability, lists Microsoft as vendor and Visual Basic for Applications (VBA) as the product, and records dateAdded as 2026-04-13 with dueDate 2026-04-27. The CISA metadata also notes unknown ransomware campaign use and references Microsoft Security Bulletin MS12-046 and the NVD record. No CVSS score is provided in the corpus.

Official resources