CVE-2012-1856

Warnung

EPSS 92.14%
Veröffentlicht 15.08.2012 01:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."

Betroffene Produkte Warnungen 1 Metriken 4 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Commerce Server Version2002 Updatesp4

Microsoft ≫ Commerce Server Version2007 Updatesp2

Microsoft ≫ Commerce Server Version2009

Microsoft ≫ Commerce Server Version2009 Updater2

Microsoft ≫ Host Integration Server Version2004 Updatesp1

Microsoft ≫ Office Version2003 Updatesp3

Microsoft ≫ Office Version2007 Updatesp2

Microsoft ≫ Office Version2007 Updatesp3

Microsoft ≫ Office Version2010 Updatesp1 Editionx86

Microsoft ≫ Office Web Components Version2003 Updatesp3

Microsoft ≫ Sql Server Version2000 Updatesp4

Microsoft ≫ Sql Server Version2000 Updatesp4 Editionanalysis_services

Microsoft ≫ Sql Server Version2005 Updatesp3 Editionexpress_advanced_services

Microsoft ≫ Sql Server Version2005 Updatesp4

Microsoft ≫ Sql Server Version2008 Updater2_sp1

Microsoft ≫ Sql Server Version2008 Updater2_sp2

Microsoft ≫ Sql Server Version2008 Updatesp2

Microsoft ≫ Sql Server Version2008 Updatesp3

Microsoft ≫ Visual Basic Version6.0

Microsoft ≫ Visual Foxpro Version8.0 Updatesp1

Microsoft ≫ Visual Foxpro Version9.0 Updatesp2

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability

Schwachstelle

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	92.14%	0.997

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

http://www.us-cert.gov/cas/techalerts/TA12-227A.html

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/54948

Third Party Advisory

Broken Link

VDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060

Patch

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2012-1856

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1856

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1856

EUVD