This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.
The remote Windows host is affected by a remote code execution
A memory corruption issue exists in Windows common controls,
specifically within the MSCOMCTL.TreeView, MSCOMCTL.ListView2,
MSCOMCTL.TreeView2, and MSCOMCTL.ListView controls component of
MSCOMCTL.OCX, due to improper sanitization of user-supplied input. An
unauthenticated, remote attacker can exploit this issue by convincing
a user to view a specially crafted web page, resulting in the
execution of arbitrary code.
See also :
Microsoft has released a set of patches for Office 2003, 2007 and
2010; Office 2003 Web Components; SQL Server 2000, 2005, 2005 Express
Edition, 2008, and 2008 R2; BizTalk Server 2002; Commerce Server 2002,
2007, 2009, and 2009 R2; Microsoft Visual FoxPro 8.0 and 9.0; and
Visual Basic 6.0 Runtime.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true