Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 27, 2026

CVE-2012-1854

High
CISA KEV
Microsoft/Visual Basic for Applications (VBA)

Description

Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.

Required Action

https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Apr 13, 2026

Added to KEV

Apr 13, 2026

Remediation Due

Apr 27, 2026

Affected Product

Microsoft

Visual Basic for Applications (VBA)

View all Microsoft CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE