Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability

Added: 04/12/2012
CVE: CVE-2012-0158
BID: 52911
OSVDB: 81125

Background

Microsoft Windows bundles various common ActiveX controls in the Common Controls library MSCOMCTL.OCX. Several Windows applications use these controls.

Problem

Various ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2007 and Office 2010 allow remote attackers to execute arbitrary code via a crafted .rtf file that triggers system state corruption.

Resolution

Apply the update referenced in MS12-027.

References

http://technet.microsoft.com/en-us/security/bulletin/ms12-027
http://www.net-security.org/secworld.php?id=12732

Limitations

This exploit has been tested on Microsoft Word 2007 SP3 and Microsoft Word 2010 SP1 running on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit file in Microsoft Word on the target system.

Platforms

Windows

Back to exploit index