CVE-2012-0158

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-0158 to a friend

New vulnerability?
New tool?
Tell us

Credit:

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-0158

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1;
* Microsoft Office 2003 Web Components SP3;
* Microsoft SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2;
* Microsoft BizTalk Server 2002 SP1;
* Microsoft Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2;
* Microsoft Visual FoxPro 8.0 SP1 and 9.0 SP2;
* Microsoft Visual Basic 6.0 Runtime

A remote code execution vulnerability exists in the Windows common controls. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

Vendor Status:
Microsoft had issued an update for this vulnerability

Patch Availability:
http://technet.microsoft.com/en-us/security/bulletin/ms12-027

CVE Information:
CVE-2012-0158

Disclosure Timeline:
Published: Tuesday, April 10, 2012

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus