(MS12-060) Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
Publish Date: 15 de sierpnia de 2012
Severity: : Critical
CVE Kennungen: : CVE-2012-1856
Advisory Date: 15 de sierpnia de 2012
DESCRIPTION
This update resolves a vulnerability in MSCOMCTL.OCX, which is found in a host of Microsoft products. When successfully exploited, the vulnerability allows an attacker to remotely execute any code on the vulnerable system. Some of the affected MS products are:
- MS Visual FoxPro
- MS Commerce Server
- MS SQL Server
- MS Office
SOLUTION
AFFECTED SOFTWARE AND VERSION:
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2003 Web Components Service Pack 3
- Microsoft Office 2007 Service Pack 2
- Microsoft Office 2007 Service Pack 3
- Microsoft Office 2010 Service Pack 1 (32-bit Editions)
- Microsoft SQL Server 2000 Service Pack 4
- Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4 (Microsoft SQL Server 2000)
- Microsoft SQL Server 2005 for x64-based Systems Service Pack 4 (Microsoft SQL Server 2000)
- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 for x64-based Systems Service Pack 3 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for 32-bit Systems (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2 (Microsoft SQL Server 2008)
- Microsoft Commerce Server 2002 Service Pack 4
- Microsoft SQL Server 2000 Analysis Services Service Pack 4 (Microsoft SQL Server 2000)
- Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4 (Microsoft SQL Server 2000)
- Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4 (Microsoft SQL Server 2000)
- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 for x64-based Systems Service Pack 2 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 1 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for x64-based Systems (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 1 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2 (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for Itanium-based Systems (Microsoft SQL Server 2008)
- Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 1 (Microsoft SQL Server 2008)
- Microsoft Commerce Server 2007 Service Pack 2
- Microsoft Commerce Server 2009
- Microsoft Commerce Server 2009 R2
- Microsoft Host Integration Server 2004 Service Pack 1
- Microsoft Visual FoxPro 8.0 Service Pack 1
- Microsoft Visual FoxPro 9.0 Service Pack 2
- Visual Basic 6.0 Runtime