Windows common control vulnerability could allow remote code execution
Report ID: MS201204005
Date Published: 12 April 2012
Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft SQL Server 2000 Analysis Services
Microsoft SQL Server 2000
Microsoft SQL Server 2005 Express Edition with Advance Services
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2002
Microsoft Commerce Server 2007
Microsoft Commerce Server 2009
Microsoft Commerce Server 2009 R2
Microsoft Visual FoxPro 8.0
Microsoft Visual FoxPro 9.0
Visual Basic 6.0 Runtime
Summary
A vulnerability that exists in Windows common controls could allow an attacker to execute arbitrary code and take control of an affected system.
Detailed Description
Microsoft has issued a security update to address a vulnerability that exists in Windows common controls. The vulnerability resulted when ActiveX controls, while being used in Internet Explorer, corrupts the system state. An attacker could take advantage of this condition to execute code and take control of the affected system.
The latest update resolves this issue by disabling the vulnerable version of the Windows common controls. Users are recommended to install this update in order to protect their system.
CVE Reference
CVE-2012-0158
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-027)
