Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability
Added: 04/12/2012CVE: CVE-2012-0158
BID: 52911
OSVDB: 81125
Background
Microsoft Windows bundles various common ActiveX controls in the Common Controls library MSCOMCTL.OCX. Several Windows applications use these controls.Problem
Various ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2007 and Office 2010 allow remote attackers to execute arbitrary code via a crafted .rtf file that triggers system state corruption.Resolution
Apply the update referenced in MS12-027.References
http://technet.microsoft.com/en-us/security/bulletin/ms12-027http://www.net-security.org/secworld.php?id=12732
Limitations
This exploit has been tested on Microsoft Word 2007 SP3 and Microsoft Word 2010 SP1 running on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).The user must open the exploit file in Microsoft Word on the target system.
Platforms
WindowsBack to exploit index