MS12-027: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by a remote code execution
vulnerability.

Description :

A memory corruption issue exists in Windows common controls,
specifically within the MSCOMCTL.TreeView, MSCOMCTL.ListView2,
MSCOMCTL.TreeView2, and MSCOMCTL.ListView controls component of
MSCOMCTL.OCX, due to improper sanitization of user-supplied input. An
unauthenticated, remote attacker can exploit this issue by convincing
a user to view a specially crafted web page, resulting in the
execution of arbitrary code.

See also :

https://technet.microsoft.com/library/security/ms12-027

Solution :

Microsoft has released a set of patches for Office 2003, 2007 and
2010; Office 2003 Web Components; SQL Server 2000, 2005, 2005 Express
Edition, 2008, and 2008 R2; BizTalk Server 2002; Commerce Server 2002,
2007, 2009, and 2009 R2; Microsoft Visual FoxPro 8.0 and 9.0; and
Visual Basic 6.0 Runtime.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 58659 ()

Bugtraq ID: 52911

CVE ID: CVE-2012-0158

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now