The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 20
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Microsoft Office
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
|
— | — |
|
Microsoft Office
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
|
— | — |
|
Microsoft Office
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
|
— | — |
|
Microsoft Office
cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:x86:*
|
— | — |
|
Microsoft Office
cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:x86:*
|
— | — |
|
Microsoft Office_Web_Components
cpe:2.3:a:microsoft:office_web_components:2003:sp3:*:*:*:*:*:*
|
— | — |
|
Microsoft Sql_Server_2000
cpe:2.3:a:microsoft:sql_server_2000:-:sp4:*:*:*:*:*:*
|
— | — |
|
Microsoft Sql_Server_2005
cpe:2.3:a:microsoft:sql_server_2005:-:sp4:*:*:*:*:*:*
|
— | — |
|
Microsoft Sql_Server_2008
cpe:2.3:a:microsoft:sql_server_2008:-:sp2:*:*:*:*:*:*
|
— | — |
|
Microsoft Sql_Server_2008
cpe:2.3:a:microsoft:sql_server_2008:-:sp3:*:*:*:*:*:*
|
— | — |
|
Microsoft Sql_Server_2008
cpe:2.3:a:microsoft:sql_server_2008:r2:-:*:*:*:*:*:*
|
— | — |
|
Microsoft Sql_Server_2008
cpe:2.3:a:microsoft:sql_server_2008:r2:sp1:*:*:*:*:*:*
|
— | — |
|
Microsoft Biztalk_Server
cpe:2.3:a:microsoft:biztalk_server:2002:sp1:*:*:*:*:*:*
|
— | — |
|
Microsoft Commerce_Server
cpe:2.3:a:microsoft:commerce_server:2002:sp4:*:*:*:*:*:*
|
— | — |
|
Microsoft Commerce_Server
cpe:2.3:a:microsoft:commerce_server:2007:sp2:*:*:*:*:*:*
|
— | — |
|
Microsoft Commerce_Server_2009
cpe:2.3:a:microsoft:commerce_server_2009:-:*:*:*:*:*:*:*
|
— | — |
|
Microsoft Commerce_Server_2009
cpe:2.3:a:microsoft:commerce_server_2009:r2:*:*:*:*:*:*:*
|
— | — |
|
Microsoft Visual_Basic
cpe:2.3:a:microsoft:visual_basic:6.0:*:*:*:*:*:*:*
|
— | — |
|
Microsoft Visual_Foxpro
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
|
— | — |
|
Microsoft Visual_Foxpro
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
|
— | — |
References 13
http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-…
secure@microsoft.com
http://www.securityfocus.com/bid/52911
secure@microsoft.com
http://www.securitytracker.com/id?1026899
secure@microsoft.com
http://www.securitytracker.com/id?1026900
secure@microsoft.com
http://www.securitytracker.com/id?1026902
secure@microsoft.com
http://www.securitytracker.com/id?1026903
secure@microsoft.com
http://www.securitytracker.com/id?1026904
secure@microsoft.com
http://www.securitytracker.com/id?1026905
secure@microsoft.com
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
secure@microsoft.com
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-0…
secure@microsoft.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/74372
secure@microsoft.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
secure@microsoft.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012…
134c704f-9b21-4f2e-91b3-4a467353bcc0