Skip to main content

Microsoft Windows Common Controls MSCOMCTL.OCX Remote Code Execution Vulnerability

Last Update Date: 11 Apr 2012 11:39 Release Date: 11 Apr 2012 5423 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A remote code execution vulnerability exists in the Windows common controls. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.


Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Microsoft Office 2003
  • Microsoft Office 2003 Web Components
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft SQL Server 2000 Analysis Services
  • Microsoft SQL Server 2005 Express Edition with Advanced Services
  • Microsoft SQL Server 2005
  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2008 R2
  • Microsoft BizTalk Server 2002
  • Microsoft Commerce Server 2002
  • Microsoft Commerce Server 2007
  • Microsoft Commerce Server 2009
  • Microsoft Commerce Server 2009 R2
  • Microsoft Visual FoxPro 8.0
  • Microsoft Visual FoxPro 9.0
  • Visual Basic 6.0 Runtime

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link