8.8 - CVE-2012-0158

Executive Summary

Informations
Name	CVE-2012-0158	First vendor Publication	2012-04-10
Vendor	Cve	Last vendor Modification	2025-02-10

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Overall CVSS Score	8.8
Base Score	8.8	Environmental Score	8.8
impact SubScore	5.9	Temporal Score	8.8
Exploitabality Sub Score	2.8

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	Required
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0158

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15462

Oval ID:	oval:org.mitre.oval:def:15462
Title:	MSCOMCTL.OCX RCE Vulnerability
Description:	The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0158	Version:	10
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7	Product(s):	Microsoft Office 2003 Microsoft Office 2003 Web Components Microsoft Office 2007 Microsoft Office 2010 Microsoft SQL Server 2000 Analysis Services Microsoft SQL Server 2000 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 2005 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft BizTalk Server 2002 Microsoft Commerce Server 2002 Microsoft Commerce Server 2007 Microsoft Commerce Server 2009 Microsoft Commerce Server 2009 R2 Microsoft Visual FoxPro 8.0 Microsoft Visual FoxPro 9.0 Visual Basic 6.0 Runtime
Definition Synopsis:
Vulnerable version of Mscomctl.Ocx Multiple Affected Software Microsoft Office 2003 SP3 is installed AND Microsoft Office 2003 Web Components SP3 is installed AND Microsoft Office 2007 SP2 is installed AND Microsoft Office 2007 SP3 is installed AND Microsoft Office 2010 SP1 x86 is installed OR Microsoft Office 2010 SP0 x86 Microsoft Office 2010 is installed AND an architecture of Office 2010 is x86 AND NOT Microsoft Office 2010 SP1 is installed AND NOT Microsoft Office 2010 SP2 is installed AND Microsoft SQL Server 2005 SP4 is installed AND Microsoft SQL Server 2008 SP2 is installed AND Microsoft SQL Server 2008 SP3 is installed OR SQL Server 2008 R2 SP0 and SP1 NOT Microsoft SQL Server 2008 R2 SP2 is installed AND Microsoft SQL Server 2008 R2 is installed AND Microsoft BizTalk Server 2002 is installed AND Microsoft Commerce Server 2002 is installed AND Microsoft Commerce Server 2007 is installed AND Microsoft Commerce Server 2009 is installed AND Microsoft Visual FoxPro is installed AND Microsoft Visual Basic 6.0 is installed AND Mscomctl.Ocx version is less than 6.01.98.33 OR Microsoft SQL Server 2000 Analysis Services Service Microsoft SQL Server 2000 Analysis Services SP4 is installed AND The version of Msmdsrv.exe is less than 8.0.2302.0 OR SQL Server 2000 SP4 32-bit editions Microsoft SQL Server 2000 SP4 is installed AND GDR or QFE Service branch the version of sqlservr.exe is less than 2000.80.2065.0 OR QFE SQL Server 2000 QFE - the version of sqlservr.exe is greater than 2000.80.2200.0 AND the version of sqlservr.exe is less than 2000.80.2301.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Biztalk Server cpe:2.3:a:microsoft:biztalk_server:2002:sp1::::::	1
Application	Microsoft Commerce Server cpe:2.3:a:microsoft:commerce_server:2007:sp2:::::: cpe:2.3:a:microsoft:commerce_server:2002:sp4::::::	2
Application	Microsoft Commerce Server 2009 cpe:2.3:a:microsoft:commerce_server_2009:r2:::::::* cpe:2.3:a:microsoft:commerce_server_2009:-:::::::*	2
Application	Microsoft Office cpe:2.3:a:microsoft:office:2010:sp1:::::x86:* cpe:2.3:a:microsoft:office:2010::::::x86: cpe:2.3:a:microsoft:office:2007:sp3:::::: cpe:2.3:a:microsoft:office:2007:sp2:::::: cpe:2.3:a:microsoft:office:2003:sp3::::::	5
Application	Microsoft Office Web Components cpe:2.3:a:microsoft:office_web_components:2003:sp3::::::	1
Application	Microsoft Sql Server 2000 cpe:2.3:a:microsoft:sql_server_2000:-:sp4::::::	1
Application	Microsoft Sql Server 2005 cpe:2.3:a:microsoft:sql_server_2005:-:sp4::::::	1
Application	Microsoft Sql Server 2008 cpe:2.3:a:microsoft:sql_server_2008:r2:sp1:::::: cpe:2.3:a:microsoft:sql_server_2008:r2:-:::::: cpe:2.3:a:microsoft:sql_server_2008:-:sp3:::::: cpe:2.3:a:microsoft:sql_server_2008:-:sp2::::::	4
Application	Microsoft Visual Basic cpe:2.3:a:microsoft:visual_basic:6.0:::::::*	1
Application	Microsoft Visual Foxpro cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:::::: cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1::::::	2

SAINT Exploits

Description	Link
Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability	More info here

ExploitDB Exploits

id	Description
2012-04-25	MS12-027 MSCOMCTL ActiveX Buffer Overflow

OpenVAS Exploits

Date	Description
2012-04-11	Name : Microsoft Windows Common Controls Remote Code Execution Vulnerability (2664258) File : nvt/secpod_ms12-027.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2012-04-12	IAVM : 2012-A-0059 - Microsoft Windows Common Controls Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031982

Snort® IPS/IDS

Date	Description
2017-09-19	RTF obfuscation string RuleID : 43990 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2017-09-19	newlines embedded in rtf header RuleID : 43989 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32863 - Revision : 4 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32862 - Revision : 3 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32861 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32860 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32859 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32858 - Revision : 2 - Type : FILE-OFFICE
2015-01-20	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 32857 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 31927 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 31926 - Revision : 2 - Type : FILE-OFFICE
2014-11-16	Win.Trojan.Otupsys variant outbound connection RuleID : 31716 - Revision : 2 - Type : MALWARE-CNC
2014-06-14	Shiqiang Gang malicious XLS targeted attack detection RuleID : 30991 - Revision : 6 - Type : MALWARE-CNC
2014-06-14	Shiqiang Gang malicious XLS targeted attack detection RuleID : 30990 - Revision : 5 - Type : MALWARE-CNC
2014-06-14	DNS request for known malware domain help.2012hi.hk RuleID : 30989 - Revision : 3 - Type : BLACKLIST
2014-05-01	multiple binary tags in close proximity - potentially malicious RuleID : 30328 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2014-05-01	multiple binary tags in close proximity - potentially malicious RuleID : 30327 - Revision : 3 - Type : INDICATOR-OBFUSCATION
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious toolbar... RuleID : 30166 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious toolbar... RuleID : 30165 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30164 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30163 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30162 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via malicious MSComct... RuleID : 30161 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30160 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30159 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30158 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30157 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30156 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30155 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30154 - Revision : 2 - Type : FILE-OFFICE
2014-04-12	Microsoft Windows common controls stack buffer overflow via MIME HTML documen... RuleID : 30153 - Revision : 2 - Type : FILE-OFFICE
2014-04-05	Win.Trojan.Zaleelq variant outbound connection RuleID : 30037 - Revision : 3 - Type : MALWARE-CNC
2014-01-10	Win.Trojan.Terminator RAT variant outbound connection RuleID : 28482 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	DNS request for known malware domain catlovers.25u.com RuleID : 28481 - Revision : 3 - Type : BLACKLIST
2014-01-10	DNS request for known malware domain liumingzhen.myftp.org RuleID : 28480 - Revision : 3 - Type : BLACKLIST
2014-01-10	DNS request for known malware domain liumingzhen.zapto.org RuleID : 28479 - Revision : 3 - Type : BLACKLIST
2014-01-10	Osx.Trojan.Janicab file download attempt RuleID : 27549 - Revision : 3 - Type : MALWARE-OTHER
2014-01-10	Osx.Trojan.Janicab file download attempt RuleID : 27548 - Revision : 3 - Type : MALWARE-OTHER
2014-01-10	Osx.Trojan.Janicab outbound connection RuleID : 27547 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	Osx.Trojan.Janicab outbound connection RuleID : 27546 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	Osx.Trojan.Janicab outbound connection RuleID : 27545 - Revision : 4 - Type : MALWARE-CNC
2014-01-10	Osx.Trojan.Janicab runtime traffic detected RuleID : 27544 - Revision : 3 - Type : MALWARE-CNC
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 23305 - Revision : 10 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21937 - Revision : 11 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21906 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21905 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21904 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21903 - Revision : 12 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21902 - Revision : 13 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21901 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21900 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21899 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21898 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21897 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt RuleID : 21896 - Revision : 7 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21801 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21800 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21799 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21798 - Revision : 9 - Type : FILE-OFFICE
2014-01-10	MSCOMCTL ActiveX control deserialization arbitrary code execution attempt RuleID : 21797 - Revision : 9 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date	Description
2012-04-11	Name : The remote Windows host is affected by a remote code execution vulnerability. File : smb_nt_ms12-027.nasl - Type : ACT_GATHER_INFO
2003-01-26	Name : The remote host has a database server installed. File : mssql_version.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploi...
http://www.securityfocus.com/bid/52911
http://www.securitytracker.com/id?1026899
http://www.securitytracker.com/id?1026900
http://www.securitytracker.com/id?1026902
http://www.securitytracker.com/id?1026903
http://www.securitytracker.com/id?1026904
http://www.securitytracker.com/id?1026905
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12...
https://exchange.xforce.ibmcloud.com/vulnerabilities/74372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2025-02-11 17:21:37	Multiple Updates
2024-12-19 21:21:26	Multiple Updates
2024-11-28 23:02:17	Multiple Updates
2024-11-28 12:28:25	Multiple Updates
2024-07-24 21:28:05	Multiple Updates
2021-05-04 12:18:58	Multiple Updates
2021-04-22 01:22:42	Multiple Updates
2020-05-23 13:16:58	Multiple Updates
2020-05-23 00:32:36	Multiple Updates
2018-10-13 05:18:34	Multiple Updates
2017-09-19 09:25:07	Multiple Updates
2017-08-29 09:23:40	Multiple Updates
2017-02-24 09:23:35	Multiple Updates
2016-04-26 21:24:05	Multiple Updates
2015-01-20 21:25:00	Multiple Updates
2014-11-16 21:24:34	Multiple Updates
2014-06-14 21:23:01	Multiple Updates
2014-05-01 21:20:43	Multiple Updates
2014-04-12 21:21:32	Multiple Updates
2014-04-05 21:21:32	Multiple Updates
2014-02-17 11:07:04	Multiple Updates
2014-01-19 21:28:20	Multiple Updates
2013-11-11 12:39:43	Multiple Updates
2013-05-10 22:31:31	Multiple Updates
2013-03-07 13:19:42	Multiple Updates
2012-12-06 13:20:05	Multiple Updates
2012-11-20 13:22:22	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	20
Sources(s)	12
Saint Exploit(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	1
IAVM(s)	1
Snort® Rule(s)	60
Nessus® Exploit(s)	2

	Related
10	TA15-119A
9.3	TA12-101A
9.3	MS12-027
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)