MS12-027: Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
High Nessus Plugin ID 58659
SynopsisThe remote Windows host is affected by a remote code execution vulnerability.
DescriptionA memory corruption issue exists in Windows common controls, specifically within the MSCOMCTL.TreeView, MSCOMCTL.ListView2, MSCOMCTL.TreeView2, and MSCOMCTL.ListView controls component of MSCOMCTL.OCX, due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue by convincing a user to view a specially crafted web page, resulting in the execution of arbitrary code.
SolutionMicrosoft has released a set of patches for Office 2003, 2007 and 2010; Office 2003 Web Components; SQL Server 2000, 2005, 2005 Express Edition, 2008, and 2008 R2; BizTalk Server 2002; Commerce Server 2002, 2007, 2009, and 2009 R2; Microsoft Visual FoxPro 8.0 and 9.0; and Visual Basic 6.0 Runtime.