CVE-2012-0158

Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."

Los controles ActiveX (1) ListView, (2) ListView2, (3) TreeView, y (4) TreeView2 en MSCOMCTL.OCX en the Common Controls en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, y 2008 SP2, SP3, y R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, y 2009 Gold y R2; Visual FoxPro 8.0 SP1 y 9.0 SP2; y Visual Basic 6.0 Runtime
permita a atacantes remotos ejecutar código a través de la manipulación de: (a) sitios web, (b) documento de Office, o (c) fichero .rtf que provoca una corrupción "system state", como la explotada en April del 2012, también conocida como vulnerabilidad "MSCOMCTL.OCX RCE".

Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-12-13 CVE Reserved
2012-04-10 CVE Published
2012-04-25 First Exploit
2021-11-03 Exploited in Wild
2022-05-03 KEV Due Date
2024-07-25 EPSS Updated
2024-08-06 CVE Updated

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (15)

URL	Tag	Source
http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-by-chris-pierce	Broken Link
http://www.securityfocus.com/bid/52911	Broken Link
http://www.securitytracker.com/id?1026899	Broken Link
http://www.securitytracker.com/id?1026900	Broken Link
http://www.securitytracker.com/id?1026902	Broken Link
http://www.securitytracker.com/id?1026903	Broken Link
http://www.securitytracker.com/id?1026904	Broken Link
http://www.securitytracker.com/id?1026905	Broken Link
http://www.us-cert.gov/cas/techalerts/TA12-101A.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74372	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15462	Broken Link

URL	Date	SRC
https://www.exploit-db.com/exploits/18780	2012-04-25
https://github.com/Sunqiz/CVE-2012-0158-reproduction	2022-08-15
https://github.com/RobertoLeonFR-ES/Exploit-Win32.CVE-2012-0158.F.doc	2022-01-03

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-027	2024-07-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2003 Search vendor "Microsoft" for product "Office" and version "2003"		sp3		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2007 Search vendor "Microsoft" for product "Office" and version "2007"		sp2		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2007 Search vendor "Microsoft" for product "Office" and version "2007"		sp3		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2010 Search vendor "Microsoft" for product "Office" and version "2010"		x86		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2010 Search vendor "Microsoft" for product "Office" and version "2010"		sp1, x86		Affected
Microsoft Search vendor "Microsoft"		Office Web Components Search vendor "Microsoft" for product "Office Web Components"				2003 Search vendor "Microsoft" for product "Office Web Components" and version "2003"		sp3		Affected
Microsoft Search vendor "Microsoft"		Sql Server 2000 Search vendor "Microsoft" for product "Sql Server 2000"				-		sp4		Affected
Microsoft Search vendor "Microsoft"		Sql Server 2005 Search vendor "Microsoft" for product "Sql Server 2005"				-		sp4		Affected
Microsoft Search vendor "Microsoft"		Sql Server 2008 Search vendor "Microsoft" for product "Sql Server 2008"				-		sp2		Affected
Microsoft Search vendor "Microsoft"		Sql Server 2008 Search vendor "Microsoft" for product "Sql Server 2008"				-		sp3		Affected
Microsoft Search vendor "Microsoft"		Sql Server 2008 Search vendor "Microsoft" for product "Sql Server 2008"				r2 Search vendor "Microsoft" for product "Sql Server 2008" and version "r2"		-		Affected
Microsoft Search vendor "Microsoft"		Sql Server 2008 Search vendor "Microsoft" for product "Sql Server 2008"				r2 Search vendor "Microsoft" for product "Sql Server 2008" and version "r2"		sp1		Affected
Microsoft Search vendor "Microsoft"		Biztalk Server Search vendor "Microsoft" for product "Biztalk Server"				2002 Search vendor "Microsoft" for product "Biztalk Server" and version "2002"		sp1		Affected
Microsoft Search vendor "Microsoft"		Commerce Server Search vendor "Microsoft" for product "Commerce Server"				2002 Search vendor "Microsoft" for product "Commerce Server" and version "2002"		sp4		Affected
Microsoft Search vendor "Microsoft"		Commerce Server Search vendor "Microsoft" for product "Commerce Server"				2007 Search vendor "Microsoft" for product "Commerce Server" and version "2007"		sp2		Affected
Microsoft Search vendor "Microsoft"		Commerce Server 2009 Search vendor "Microsoft" for product "Commerce Server 2009"				-		-		Affected
Microsoft Search vendor "Microsoft"		Commerce Server 2009 Search vendor "Microsoft" for product "Commerce Server 2009"				r2 Search vendor "Microsoft" for product "Commerce Server 2009" and version "r2"		-		Affected
Microsoft Search vendor "Microsoft"		Visual Basic Search vendor "Microsoft" for product "Visual Basic"				6.0 Search vendor "Microsoft" for product "Visual Basic" and version "6.0"		-		Affected
Microsoft Search vendor "Microsoft"		Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro"				8.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "8.0"		sp1		Affected
Microsoft Search vendor "Microsoft"		Visual Foxpro Search vendor "Microsoft" for product "Visual Foxpro"				9.0 Search vendor "Microsoft" for product "Visual Foxpro" and version "9.0"		sp2		Affected