CVE-2012-1856

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 15, 2012

Updated: Dec 19, 2024

Summary

CVE-2012-1856 is a remote code execution vulnerability affecting the TabStrip ActiveX control in various Microsoft and SQL Server products. The issue lies in MSCOMCTL.OCX in Microsoft Office 2003, Web Components, Office 2007, Office 2010, SQL Server 2000, 2005, 2008, Commerce Server 2002, 2007, 2009, Host Integration Server 2004, Visual FoxPro 8.0 and 9.0, and Visual Basic 6.0 Runtime. Attackers can exploit this flaw by crafting malicious documents or web pages, leading to system-state corruption and the execution of arbitrary code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft SQL Server
Microsoft Office
Microsoft Commerce Server
Microsoft Visual Basic
Visual FoxPro

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners