CVE-2012-0158

high

Microsoft ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

94.3%

Exploitation probability in 30 days

Top 0% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: April 10, 2012 (5146 days ago)

Last Modified: April 22, 2026

Vendor: Microsoft

Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2021-11-03

Remediation Due: 2022-05-03 (⚠ 1472d overdue)

Description

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."

CWE

CWE-94

Affected Products

microsoft officemicrosoft office web componentsmicrosoft sql server 2000microsoft sql server 2005microsoft sql server 2008microsoft biztalk servermicrosoft commerce servermicrosoft commerce server 2009microsoft visual basicmicrosoft visual foxpro

References

🔗 opensources.info 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com

CVE-2012-0158

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References