Microsoft Windows Common Controls MSCOMCTL.OCX Remote Code Execution Vulnerability
Last Update Date:
11 Apr 2012 11:39
Release Date:
11 Apr 2012
5423
Views
RISK: High Risk
TYPE: Operating Systems - Windows OS
A remote code execution vulnerability exists in the Windows common controls. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- Microsoft Office 2003
- Microsoft Office 2003 Web Components
- Microsoft Office 2007
- Microsoft Office 2010
- Microsoft SQL Server 2000 Analysis Services
- Microsoft SQL Server 2005 Express Edition with Advanced Services
- Microsoft SQL Server 2005
- Microsoft SQL Server 2008
- Microsoft SQL Server 2008 R2
- Microsoft BizTalk Server 2002
- Microsoft Commerce Server 2002
- Microsoft Commerce Server 2007
- Microsoft Commerce Server 2009
- Microsoft Commerce Server 2009 R2
- Microsoft Visual FoxPro 8.0
- Microsoft Visual FoxPro 9.0
- Visual Basic 6.0 Runtime
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms12-027
Vulnerability Identifier
Source
Related Link
Share with