CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.9%
Added: 04/12/2012
CVE: CVE-2012-0158
BID: 52911
OSVDB: 81125
Microsoft Windows bundles various common ActiveX controls in the Common Controls library **MSCOMCTL.OCX**
. Several Windows applications use these controls.
Various ActiveX controls in **MSCOMCTL.OCX**
in the Common Controls in Microsoft Office 2007 and Office 2010 allow remote attackers to execute arbitrary code via a crafted **.rtf**
file that triggers system state corruption.
Apply the update referenced in MS12-027.
<http://technet.microsoft.com/en-us/security/bulletin/ms12-027>
<http://www.net-security.org/secworld.php?id=12732>
This exploit has been tested on Microsoft Word 2007 SP3 and Microsoft Word 2010 SP1 running on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The user must open the exploit file in Microsoft Word on the target system.
Windows