CVE-2012-1856 - Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability

CVE ID:CVE-2012-1856

Project:Microsoft

Product:Office

Date Added:2022-03-03Due Date:2022-03-24

Vulnerability Name

Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability

Description

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2012-1856