[Forgot Password]
Login  Register Subscribe

24544

 
 

132176

 
 

121593

 
 

909

 
 

100139

 
 

148

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2012-0158Date: (C)2012-04-10   (M)2019-04-16


The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1026899
SECTRACK-1026900
SECTRACK-1026902
SECTRACK-1026903
SECTRACK-1026904
SECTRACK-1026905
BID-52911
IAVM:2012-A-0059
MS12-027
TA12-101A
http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-by-chris-pierce/
ms-activex-control-code-execution(74372)

CPE    29
cpe:/a:microsoft:office_web_components:2003:sp3
cpe:/a:microsoft:visual_foxpro:9.0:sp2
cpe:/a:microsoft:sql_server:2000:sp4:analysis_services
cpe:/a:microsoft:sql_server:2008:sp2:x64
...
CWE    1
CWE-94
OVAL    2
oval:org.secpod.oval:def:5113
oval:org.secpod.oval:def:5104

© SecPod Technologies