Back to KEVs

CVE-2012-1856

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 22, 2012
Published Date
August 15, 2012
Last Updated
February 10, 2025
Vendor
n/a
Product
n/a
Description
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."

CVSS Scores

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2022-03-03 00:00:00 UTC) Source

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447 http://www.us-cert.gov/cas/techalerts/TA12-227A.html http://www.securityfocus.com/bid/54948

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-03-03 00:00:00 UTC