CVE-2012-0158
HIGH
8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
9,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers 'system state' corruption, as exploited in the wild in April 2012, aka 'MSCOMCTL.OCX RCE Vulnerability.'
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9431
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
94
Improper Control of Generation of Code ('Code Injection')
DraftCommon Consequences
Security Scopes Affected:
Access Control
Integrity
Confidentiality
Availability
Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Hide Activities
Applicable Platforms
Languages:
Interpreted
Technologies:
AI/ML
Exploit
Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) …
Verified Metasploit Framework (MSF)Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) (Metasploit)
View Exploit Code →
Application
Commerce Server 2009 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:commerce_server_2009:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Biztalk Server by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:biztalk_server:2002:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Office by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Office Web Components by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:office_web_components:2003:sp3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Server 2000 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:sql_server_2000:-:sp4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Office by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:office:2010:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Commerce Server by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:commerce_server:2007:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Commerce Server 2009 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:commerce_server_2009:r2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Visual Basic by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:visual_basic:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Office by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:office:2010:sp1:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Visual Foxpro by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Commerce Server by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:commerce_server:2002:sp4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:sql_server_2008:-:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Office by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:sql_server_2008:r2:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:sql_server_2008:r2:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Visual Foxpro by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:sql_server_2008:-:sp3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Server 2005 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:sql_server_2005:-:sp4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Office by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012…
http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-…
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-0…
https://exchange.xforce.ibmcloud.com/vulnerabilities/74372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://www.securityfocus.com/bid/52911
http://www.securitytracker.com/id?1026899
http://www.securitytracker.com/id?1026900
http://www.securitytracker.com/id?1026902
http://www.securitytracker.com/id?1026903
http://www.securitytracker.com/id?1026904
http://www.securitytracker.com/id?1026905
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-…
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-0…
https://exchange.xforce.ibmcloud.com/vulnerabilities/74372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://www.securityfocus.com/bid/52911
http://www.securitytracker.com/id?1026899
http://www.securitytracker.com/id?1026900
http://www.securitytracker.com/id?1026902
http://www.securitytracker.com/id?1026903
http://www.securitytracker.com/id?1026904
http://www.securitytracker.com/id?1026905
http://www.us-cert.gov/cas/techalerts/TA12-101A.html