Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows common control vulnerability could allow remote code execution


Report ID: MS201204005
Date Published: 12 April 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft SQL Server 2000 Analysis Services
Microsoft SQL Server 2000
Microsoft SQL Server 2005 Express Edition with Advance Services
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2002
Microsoft Commerce Server 2007
Microsoft Commerce Server 2009
Microsoft Commerce Server 2009 R2
Microsoft Visual FoxPro 8.0
Microsoft Visual FoxPro 9.0
Visual Basic 6.0 Runtime




Summary

A vulnerability that exists in Windows common controls could allow an attacker to execute arbitrary code and take control of an affected system.



Detailed Description

Microsoft has issued a security update to address a vulnerability that exists in Windows common controls. The vulnerability resulted when ActiveX controls, while being used in Internet Explorer, corrupts the system state. An attacker could take advantage of this condition to execute code and take control of the affected system.

The latest update resolves this issue by disabling the vulnerable version of the Windows common controls. Users are recommended to install this update in order to protect their system.



CVE Reference

CVE-2012-0158



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-027)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.