Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1856

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-1856
Last Modified 02 Nov 2013 11:23:28
Published 14 Aug 2012 09:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1856

Summary

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."

Vulnerable Systems

Application

  • Microsoft Commerce Server 2002

  • Microsoft Commerce Server 2007

  • Microsoft Commerce Server 2009

  • Microsoft Host Integration Server 2004

  • Microsoft Office 2003

  • Microsoft Office 2007

  • Microsoft Office 2010

  • Microsoft Office Web Components 2003

  • Microsoft Sql Server 2000

  • Microsoft Sql Server 2005

  • Microsoft Sql Server 2008

  • Microsoft Visual Basic 6.0

  • Microsoft Visual Foxpro 8.0

  • Microsoft Visual Foxpro 9.0


References

MS - MS12-060

CERT - TA12-227A

Related Patches

MS12-060 Security Update for Microsoft Office 2010 32-Bit Edition (KB2597986)

MS12-060 Security Update for Microsoft Office 2007 suites (KB2687441)

MS12-060 Security Update for SQL Server 2000 Service Pack 4 Failover Clustering (KB983811) (See Notes)

MS12-060 Security Update for SQL Server 2000 Service Pack 4 Failover Clustering (KB983812) (See Notes)

MS12-060 Security Update for Host Integration Server 2004 SP 1 (KB2711207)

MS12-060 Security Update for SQL Server 2000 Service Pack 4 (KB983811)

MS12-060 Security Update for SQL Server 2000 Service Pack 4 (KB983812)

MS12-060 Security Update for Microsoft Office 2003 (KB2687323)

MS12-060 2720573 2708437 Security Update for Visual Basic 6.0 Service Pack 6

MS12-060 2720573 2716389 Security Update for Commerce Server 2002 Service Pack 4 (All Languages) (See Notes)

MS12-060 2720573 2716392 Security Update for Commerce Server 2009

MS12-060 2720573 983813 Security Update for SQL Server 2000 Analysis Services SP4 (See Notes)

MS12-060 2720573 2708941 Security Update for Microsoft Visual FoxPro 9.0 SP2

MS12-060 2720573 2716390 Security Update for Commerce Server 2007 Service Pack 2

MS12-060 2720573 2708940 Security Update for Microsoft Visual FoxPro 8.0 SP1

MS12-060 2720573 2716393 Security Update for Commerce Server 2009 R2

MS12-060 Security Update for Office 2003 (KB2726929)


Last Updated: 27 May 2016 10:49:39