Oval Definition:oval:org.mitre.oval:def:15462
Revision Date:2014-06-09Version:69
Title:MSCOMCTL.OCX RCE Vulnerability
Description:The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-0158
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft BizTalk Server 2002
Microsoft Commerce Server 2002
Microsoft Commerce Server 2007
Microsoft Commerce Server 2009
Microsoft Commerce Server 2009 R2
Microsoft Office 2003
Microsoft Office 2003 Web Components
Microsoft Office 2007
Microsoft Office 2010
Microsoft SQL Server 2000
Microsoft SQL Server 2000 Analysis Services
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft Visual FoxPro 8.0
Microsoft Visual FoxPro 9.0
Visual Basic 6.0 Runtime
Definition Synopsis
  • Vulnerable version of Mscomctl.Ocx
  • Multiple Affected Software
  • Microsoft Office 2003 SP3 is installed
  • OR Microsoft Office 2003 Web Components SP3 is installed
  • OR Microsoft Office 2007 SP2 is installed
  • OR Microsoft Office 2007 SP3 is installed
  • OR Microsoft Office 2010 SP1 x86 is installed
  • OR Microsoft Office 2010 SP0 x86
  • Microsoft Office 2010 is installed
  • AND an architecture of Office 2010 is x86
  • AND NOT Microsoft Office 2010 SP1 is installed
  • AND NOT Microsoft Office 2010 SP2 is installed
  • OR Microsoft SQL Server 2005 SP4 is installed
  • OR Microsoft SQL Server 2008 SP2 is installed
  • OR Microsoft SQL Server 2008 SP3 is installed
  • OR SQL Server 2008 R2 SP0 and SP1
  • NOT Microsoft SQL Server 2008 R2 SP2 is installed
  • AND Microsoft SQL Server 2008 R2 is installed
  • OR Microsoft BizTalk Server 2002 is installed
  • OR Microsoft Commerce Server 2002 is installed
  • OR Microsoft Commerce Server 2007 is installed
  • OR Microsoft Commerce Server 2009 is installed
  • OR Microsoft Visual FoxPro is installed
  • OR Microsoft Visual Basic 6.0 is installed
  • AND Mscomctl.Ocx version is less than 6.01.98.33
  • OR Microsoft SQL Server 2000 Analysis Services Service
  • Microsoft SQL Server 2000 Analysis Services SP4 is installed
  • AND The version of Msmdsrv.exe is less than 8.0.2302.0
  • OR SQL Server 2000 SP4 32-bit editions
  • Microsoft SQL Server 2000 SP4 is installed
  • AND GDR or QFE Service branch
  • the version of sqlservr.exe is less than 2000.80.2065.0
  • OR QFE
  • SQL Server 2000 QFE - the version of sqlservr.exe is greater than 2000.80.2200.0
  • AND the version of sqlservr.exe is less than 2000.80.2301.0
    • BACK