9.3 - MS12-027

Executive Summary

Summary
Title	Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

Informations
Name	MS12-027	First vendor Publication	2012-04-10
Vendor	Microsoft	Last vendor Modification	2012-04-26
Severity (Vendor)	Critical	Revision	2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V2.0 (April 26, 2012): Added Service Pack 1 versions of SQL Server 2008 R2 to the Affected Software and added an entry to the update FAQ to explain which SQL Server 2000 update to use based on version ranges. These are informational changes only. There were no changes to the security update files or detection logic. For a complete list of changes, see the entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update.

Summary: This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-027

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15462

Oval ID:	oval:org.mitre.oval:def:15462
Title:	MSCOMCTL.OCX RCE Vulnerability
Description:	The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0158	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Office 2003 Microsoft Office 2003 Web Components Microsoft Office 2007 Microsoft Office 2010 Microsoft SQL Server 2000 Analysis Services Microsoft SQL Server 2000 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 2005 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft BizTalk Server 2002 Microsoft Commerce Server 2002 Microsoft Commerce Server 2007 Microsoft Commerce Server 2009 Microsoft Commerce Server 2009 R2 Microsoft Visual FoxPro 8.0 Microsoft Visual FoxPro 9.0 Visual Basic 6.0 Runtime
Definition Synopsis:
Vulnerable version of Mscomctl.Ocx Multiple Affected Software Microsoft Office 2003 SP3 is installed AND Microsoft Office 2003 Web Components SP3 is installed AND Microsoft Office 2007 SP2 is installed AND Microsoft Office 2007 SP3 is installed AND Microsoft Office 2010 SP1 x86 is installed OR Microsoft Office 2010 SP0 x86 Microsoft Office 2010 is installed AND an architecture of Office 2010 is x86 AND NOT Microsoft Office 2010 SP1 is installed AND NOT Microsoft Office 2010 SP2 is installed AND Microsoft SQL Server 2005 SP4 is installed AND Microsoft SQL Server 2008 SP2 is installed AND Microsoft SQL Server 2008 SP3 is installed OR SQL Server 2008 R2 SP0 and SP1 NOT Microsoft SQL Server 2008 R2 SP2 is installed AND Microsoft SQL Server 2008 R2 is installed AND Microsoft BizTalk Server 2002 is installed AND Microsoft Commerce Server 2002 is installed AND Microsoft Commerce Server 2007 is installed AND Microsoft Commerce Server 2009 is installed AND Microsoft Visual FoxPro is installed AND Microsoft Visual Basic 6.0 is installed AND Mscomctl.Ocx version is less than 6.01.98.33 OR Microsoft SQL Server 2000 Analysis Services Service Microsoft SQL Server 2000 Analysis Services SP4 is installed AND The version of Msmdsrv.exe is less than 8.0.2302.0 OR SQL Server 2000 SP4 32-bit editions Microsoft SQL Server 2000 SP4 is installed AND GDR or QFE Service branch the version of sqlservr.exe is less than 2000.80.2065.0 OR QFE SQL Server 2000 QFE - the version of sqlservr.exe is greater than 2000.80.2200.0 AND the version of sqlservr.exe is less than 2000.80.2301.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Biztalk Server cpe:2.3:a:microsoft:biztalk_server:2002:sp1::::::	1
Application	Microsoft Commerce Server cpe:2.3:a:microsoft:commerce_server:2009:r2:::::: cpe:2.3:a:microsoft:commerce_server:2009:::::::* cpe:2.3:a:microsoft:commerce_server:2007:sp2:::::: cpe:2.3:a:microsoft:commerce_server:2002:sp4::::::	4
Application	Microsoft Office cpe:2.3:a:microsoft:office:2010:sp1:x86:::::* cpe:2.3:a:microsoft:office:2010::x86::::: cpe:2.3:a:microsoft:office:2007:sp2:::::: cpe:2.3:a:microsoft:office:2007:sp3:::::: cpe:2.3:a:microsoft:office:2003:sp3::::::	5
Application	Microsoft Office Web Components cpe:2.3:a:microsoft:office_web_components:2003:sp3::::::	1
Application	Microsoft Sql Server cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:::::* cpe:2.3:a:microsoft:sql_server:2008:r2:x86:::::* cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:::::* cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:::::* cpe:2.3:a:microsoft:sql_server:2008:sp2:x86:::::* cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:::::* cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:::::* cpe:2.3:a:microsoft:sql_server:2008:r2:x64:::::* cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:::::* cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:::::* cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:::::* cpe:2.3:a:microsoft:sql_server:2005:sp4:x86:::::* cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:::::* cpe:2.3:a:microsoft:sql_server:2000:sp4:analysis_services:::::* cpe:2.3:a:microsoft:sql_server:2000:sp4::::::	15
Application	Microsoft Visual Basic cpe:2.3:a:microsoft:visual_basic:6.0::runtime_extended_files:::::	1
Application	Microsoft Visual Foxpro cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:::::: cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1::::::	2

SAINT Exploits

Description	Link
Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability	More info here

ExploitDB Exploits

id	Description
2012-04-25	MS12-027 MSCOMCTL ActiveX Buffer Overflow

OpenVAS Exploits

Date	Description
2012-04-11	Name : Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) File : nvt/secpod_ms12-027.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2012-04-12	IAVM : 2012-A-0059 - Microsoft Windows Common Controls Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031982

Snort® IPS/IDS

Date	Description
2017-09-19	RTF obfuscation string RuleID : 43990 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2017-09-19	newlines embedded in rtf header RuleID : 43989 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32863 - Revision : 4 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32862 - Revision : 3 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32861 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32860 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32859 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32858 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32857 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 31927 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 31926 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Win.Trojan.Otupsys variant outbound connection RuleID : 31716 - Revision : 2 - Type : MALWARE-CNC
2014-06-14	Shiqiang Gang malicious XLS targeted attack detection RuleID : 30991 - Revision : 6 - Type : MALWARE-CNC
2014-06-14	Shiqiang Gang malicious XLS targeted attack detection RuleID : 30990 - Revision : 5 - Type : MALWARE-CNC
2014-06-14	DNS request for known malware domain help.2012hi.hk RuleID : 30989 - Revision : 3 - Type : BLACKLIST
2014-05-01	multiple binary tags in close proximity - potentially malicious RuleID : 30328 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2014-05-01	multiple binary tags in close proximity - potentially malicious RuleID : 30327 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious toolbar... RuleID : 30166 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious toolbar... RuleID : 30165 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30164 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30163 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30162 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30161 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30160 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30159 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30158 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30157 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30156 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30155 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30154 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30153 - Revision : 2 - Type : FILE-OFFICE
2014-04-05	Win.Trojan.Zaleelq variant outbound connection RuleID : 30037 - Revision : 3 - Type : MALWARE-CNC
2014-01-10	Win.Trojan.Terminator RAT variant outbound connection RuleID : 28482 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	DNS request for known malware domain catlovers.25u.com RuleID : 28481 - Revision : 3 - Type : BLACKLIST
2014-01-10	DNS request for known malware domain liumingzhen.myftp.org RuleID : 28480 - Revision : 3 - Type : BLACKLIST
2014-01-10	DNS request for known malware domain liumingzhen.zapto.org RuleID : 28479 - Revision : 3 - Type : BLACKLIST
2014-01-10	Osx.Trojan.Janicab file download attempt RuleID : 27549 - Revision : 3 - Type : MALWARE-OTHER
2014-01-10	Osx.Trojan.Janicab file download attempt RuleID : 27548 - Revision : 3 - Type : MALWARE-OTHER
2014-01-10	Osx.Trojan.Janicab outbound connection RuleID : 27547 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	Osx.Trojan.Janicab outbound connection RuleID : 27546 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	Osx.Trojan.Janicab outbound connection RuleID : 27545 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	Osx.Trojan.Janicab runtime traffic detected RuleID : 27544 - Revision : 3 - Type : MALWARE-CNC
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 23305 - Revision : 10 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21937 - Revision : 11 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21906 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21905 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21904 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21903 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21902 - Revision : 13 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21901 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21900 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21899 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21898 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21897 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21896 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21801 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21800 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21799 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21798 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21797 - Revision : 9 - Type : FILE-OFFICE

Metasploit Database

id	Description
2012-04-10	MS12-027 MSCOMCTL ActiveX Buffer Overflow

Nessus® Vulnerability Scanner

Date	Description
2012-04-11	Name : The remote Windows host is affected by a remote code execution vulnerability. File : smb_nt_ms12-027.nasl - Type : ACT_GATHER_INFO
2003-01-26	Name : The remote host has a database server installed. File : mssql_version.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-05-23 13:17:13	Multiple Updates
2016-04-26 23:06:15	Multiple Updates
2015-01-20 21:25:03	Multiple Updates
2014-11-16 21:25:23	Multiple Updates
2014-04-12 21:21:32	Multiple Updates
2014-02-17 11:47:18	Multiple Updates
2014-01-19 21:30:49	Multiple Updates
2013-11-11 12:41:28	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	29
Saint Exploit(s)	1
ExploitDB Exploit(s)	1
Metasploit Exploit(s)	1
Openvas Exploit(s)	1
IAVM(s)	1
Snort® Rule(s)	60
Nessus® Exploit(s)	2

	Related
10	TA15-119A
9.3	MS12-060
9.3	CVE-2012-0158
9	MS09-004
6.8	MS12-050
4.3	MS12-066
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)