⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2012-0158

CWE-94Code Injection28 documents14 sources
Severity
8.8HIGH
EPSS
94.3%
top 0.05%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
8
Microsoft Biztalk ServerMicrosoft Commerce ServerMicrosoft Commerce Server 2009+5 more
Timeline
PublishedApr 10
KEV addedNov 3
KEV dueMay 3
Latest updateMay 4
CISA Required Action: Apply updates per vendor instructions.

Description

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

NVDmicrosoft/commerce_server2002, 2007+1
NVDmicrosoft/office2003, 2007, 2010+2

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-xc3w-wqx5-qrf9: The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL2022-05-04
CVEList
CVE-2012-0158: The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL2012-04-10
VulnCheck
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability2012

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) (Metasploit)2012-04-25

🔍Detection Rules

2
Suricata
ET MALWARE EvilGrab/Vidgrab Checkin2013-09-04
YARA
CVE_2012_0158_KeyBoy

📋Vendor Advisories

1
CISA
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability2021-11-03

🕵️Threat Intelligence

14
Trendmicro
Asruex Backdoor Infects Files Via Old Vulnerabilities2019-08-22
Unit42
Tracking Subaat: Targeted Phishing Attack Leads to Threat Actor's Repository2017-10-27
Fortinet
Rehashed RAT Used in APT Campaign Against Vietnamese Organizations2017-09-05
Talos
When combining exploits for added effect goes wrong2017-08-14
Talos
When combining exploits for added effect goes wrong2017-08-14

📄Research Papers

1
arXiv
Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting2021-02-10
CVE-2012-0158 (HIGH CVSS 8.8) | The (1) ListView | cvebase.io