Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows common controls' vulnerability could allow remote code execution


Report ID: MS201208009
Date Published: 15 August 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft SQL Server 2000
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft Commence Server 2002
Microsoft Commence Server 2007
Microsoft Commence Server 2009
Microsoft Commence Server 2009 R2
Microsoft Host Integration Server 2004
Microsoft Visual FoxPro 8.0
Microsoft Visual FoxPro 9.0
Visual Basic 6.0 Runtime




Summary

A vulnerability that exists in Windows common controls could upon successful exploitation, allow an attacker to execute code and gain the same rights as a logged-on user.



Detailed Description

Microsoft has released a security update to address a vulnerability in Windows common controls, which resulted when ActiveX control corrupts the system state. An attacker could then take advantage of the condition in order to execute code and gain similar rights as a logged-on user.

This vulnerability has been addressed in the latest security update by disabling the vulnerable version of the Windows common controls, and replacing it with a non-vulnerable version. Users are recommended to get this latest update to protect their system from potential exploit attempts.



CVE Reference

CVE-2012-1856



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-060)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.