#VU3883 Stack-based buffer overflow in Microsoft products - CVE-2012-0158
Published: January 10, 2017 / Updated: November 20, 2020
Vulnerability identifier: #VU3883
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2012-0158
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Microsoft Visual Basic
Microsoft Visual FoxPro
Microsoft Office
Microsoft SQL Server
Microsoft BizTalk Server
Microsoft Commerce Server
Microsoft Visual Basic
Microsoft Visual FoxPro
Microsoft Office
Microsoft SQL Server
Microsoft BizTalk Server
Microsoft Commerce Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to stack-based buffer overflow in MSCOMCTL.OCX ActiveX control. A remote attacker can create a specially crafted Web page that passes an overly long string argument, trick the victim into viewing it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to stack-based buffer overflow in MSCOMCTL.OCX ActiveX control. A remote attacker can create a specially crafted Web page that passes an overly long string argument, trick the victim into viewing it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website:
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft Office 2003 Web Components Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft Office 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft Office 2007 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft Office 2010 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=23c9d7bf-c9e0-4e01-8b66-da542332a28b
Microsoft Office 2010 Service Pack 1 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=23c9d7bf-c9e0-4e01-8b66-da542332a28b
Microsoft SQL Server 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=2a9d97e8-79e0-4997-88fe-1224707e1b37
Microsoft SQL Server 2000 Analysis Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=198f1819-818b-4b2e-a424-4a45729746eb
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2005 for x64-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for x64-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft BizTalk Server 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d90b78d2-551b-499b-9bd2-85b40646dbc7
Microsoft Commerce Server 2002 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=35de8833-50ae-482d-aa07-497bf68fb38e
Microsoft Commerce Server 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3f04fb90-8f11-4392-a4bc-800903091f04
Microsoft Commerce Server 2009:
https://www.microsoft.com/downloads/details.aspx?FamilyId=a8998b6b-e9a4-457e-a34f-0458dda81f2f
Microsoft Commerce Server 2009 R2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=e9221811-8913-412b-ae04-21a55ce7c4c5
Microsoft Visual FoxPro 8.0 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3a7ff474-f1e0-4c86-9555-64e8e7357890
Microsoft Visual FoxPro 9.0 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=53c0132e-7724-4e94-abe9-e79b76ce35d7
Visual Basic 6.0 Runtime:
https://www.microsoft.com/downloads/details.aspx?FamilyId=0afe933a-1e62-45c4-910c-ea94b203df5a
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft Office 2003 Web Components Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft Office 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft Office 2007 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft Office 2010 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=23c9d7bf-c9e0-4e01-8b66-da542332a28b
Microsoft Office 2010 Service Pack 1 (32-bit editions):
https://www.microsoft.com/downloads/details.aspx?FamilyId=23c9d7bf-c9e0-4e01-8b66-da542332a28b
Microsoft SQL Server 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=2a9d97e8-79e0-4997-88fe-1224707e1b37
Microsoft SQL Server 2000 Analysis Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=198f1819-818b-4b2e-a424-4a45729746eb
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2005 for Itanium-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2005 for x64-based Systems Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d0d34b4f-4bcd-4df7-8ebc-87367e889959
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for x64-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=17294713-5c03-4439-bcae-471e9b1e1ac9
Microsoft BizTalk Server 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=d90b78d2-551b-499b-9bd2-85b40646dbc7
Microsoft Commerce Server 2002 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=35de8833-50ae-482d-aa07-497bf68fb38e
Microsoft Commerce Server 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3f04fb90-8f11-4392-a4bc-800903091f04
Microsoft Commerce Server 2009:
https://www.microsoft.com/downloads/details.aspx?FamilyId=a8998b6b-e9a4-457e-a34f-0458dda81f2f
Microsoft Commerce Server 2009 R2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=e9221811-8913-412b-ae04-21a55ce7c4c5
Microsoft Visual FoxPro 8.0 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3a7ff474-f1e0-4c86-9555-64e8e7357890
Microsoft Visual FoxPro 9.0 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?FamilyId=53c0132e-7724-4e94-abe9-e79b76ce35d7
Visual Basic 6.0 Runtime:
https://www.microsoft.com/downloads/details.aspx?FamilyId=0afe933a-1e62-45c4-910c-ea94b203df5a