Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2012-1856

Published: 15/08/2012 Updated: 07/11/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote malicious users to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft office 2007

microsoft office 2010

microsoft sql server 2008

microsoft commerce server 2009

microsoft office 2003

microsoft office web components 2003

microsoft sql server 2005

microsoft commerce server 2002

microsoft commerce server 2007

microsoft visual foxpro 9.0

microsoft visual basic 6.0

microsoft sql server 2000

microsoft host integration server 2004

microsoft visual foxpro 8.0

Recent Articles

Four bugs bait hooks in Asian phishing trip
The Register • Darren Pauli • 20 Apr 2016

Rich text pwnage

Malware writers are exploiting four RTF parser vulnerabilities, in a long-running campaign to target journalists, human rights activists, and Tibetans across Hong Kong and Taiwan. An Arbor Networks study found miscreants are exploiting since-patched vulnerabilities in Microsoft Office's handling of rich text files (CVE-2012-0158; CVE-2012-1856; CVE-2015-1641; and CVE-2015-1770), which help deliver at least six forms of Chinese malware. The research team reckons the characteristics of the tools, ...

Read more...
The Icefog APT: Frequently Asked Questions
Securelist • GReAT • 26 Sep 2013

Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea. Icefog refers to a cyber-espionage campaign that has been active at least since 2011. It targets governmental institutions, military contractors, maritime and ship-building groups, telecom operators, satellite operators, industrial and high technology companies and mass media, mainly in South Korea and Japan. It is likely that the crew targets organizations in ...

Read more...

References

CWE-94http://www.us-cert.gov/cas/techalerts/TA12-227A.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060http://www.securityfocus.com/bid/54948https://nvd.nist.govhttps://www.theregister.co.uk/2016/04/20/four_bugs_bait_hooks_in_asian_phishing_trip/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook