#VU3043 Memory corruption in Microsoft products - CVE-2012-1856
Published: December 29, 2016 / Updated: November 20, 2020
Vulnerability identifier: #VU3043
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2012-1856
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Microsoft Visual Basic
Microsoft Visual FoxPro
Microsoft Office
Microsoft SQL Server
Microsoft Commerce Server
Microsoft Host Integration Server
Microsoft Visual Basic
Microsoft Visual FoxPro
Microsoft Office
Microsoft SQL Server
Microsoft Commerce Server
Microsoft Host Integration Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in MSCOMCTL.OCX ActiveX control. A remote attacker can create a specially crafted Web page that passes an overly long string argument, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to boundary error in MSCOMCTL.OCX ActiveX control. A remote attacker can create a specially crafted Web page that passes an overly long string argument, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website:
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft Office 2003 Web Components Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft Office 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft Office 2007 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft Office 2010 Service Pack 1 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=4e08bab7-1408-444d-bad7-a4db76c7f6d3
Microsoft SQL Server 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=22be7d30-86f8-4a3b-ba46-b08624581c61
https://www.microsoft.com/downloads/details.aspx?FamilyId=09ebb11b-2b82-4891-8ae9-03481c0d7b29
Microsoft SQL Server 2000 Analysis Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3f5f7d2c-1fd1-437d-a74c-f316c2cd7818
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2005 for x64-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for x64-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft Commerce Server 2002 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=9ad19d40-16ed-47ad-b907-8a48bb64c6d3
Microsoft Commerce Server 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=7d972437-f71a-4576-b5c1-a940c0824438
Microsoft Commerce Server 2009:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3879fecd-8360-4c01-b88e-d56e8570cafb
Microsoft Commerce Server 2009 R2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=ce4f9470-e2b2-417e-9015-30355e837fbb
Microsoft Host Integration Server 2004 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3dde4ef1-d41f-45b0-8660-a546cbe3fc81
Microsoft Visual FoxPro 8.0 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=0bef712a-b9e0-4ea9-98bf-68db366c8b8b
Microsoft Visual FoxPro 9.0 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=1ee09491-4871-41ca-a39c-8360d5a568d4
Visual Basic 6.0 Runtime:
https://www.microsoft.com/downloads/details.aspx?FamilyId=847ec64b-95be-463b-bdfb-969e91fe3207
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft Office 2003 Web Components Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft Office 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft Office 2007 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft Office 2010 Service Pack 1 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=4e08bab7-1408-444d-bad7-a4db76c7f6d3
Microsoft SQL Server 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=22be7d30-86f8-4a3b-ba46-b08624581c61
https://www.microsoft.com/downloads/details.aspx?FamilyId=09ebb11b-2b82-4891-8ae9-03481c0d7b29
Microsoft SQL Server 2000 Analysis Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3f5f7d2c-1fd1-437d-a74c-f316c2cd7818
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2005 for x64-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=fd9626f7-4265-48ae-94b2-68243605db6b
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for x64-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=b1c185e9-5328-4bf7-b175-fd9d7fc64097
Microsoft Commerce Server 2002 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=9ad19d40-16ed-47ad-b907-8a48bb64c6d3
Microsoft Commerce Server 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=7d972437-f71a-4576-b5c1-a940c0824438
Microsoft Commerce Server 2009:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3879fecd-8360-4c01-b88e-d56e8570cafb
Microsoft Commerce Server 2009 R2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=ce4f9470-e2b2-417e-9015-30355e837fbb
Microsoft Host Integration Server 2004 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3dde4ef1-d41f-45b0-8660-a546cbe3fc81
Microsoft Visual FoxPro 8.0 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=0bef712a-b9e0-4ea9-98bf-68db366c8b8b
Microsoft Visual FoxPro 9.0 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=1ee09491-4871-41ca-a39c-8360d5a568d4
Visual Basic 6.0 Runtime:
https://www.microsoft.com/downloads/details.aspx?FamilyId=847ec64b-95be-463b-bdfb-969e91fe3207