{"api_version":"1","generated_at":"2026-04-23T13:49:57+00:00","cve":"CVE-2012-1856","urls":{"html":"https://cve.report/CVE-2012-1856","api":"https://cve.report/api/cve/CVE-2012-1856.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-1856","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-1856"},"summary":{"title":"CVE-2012-1856","description":"The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka \"MSCOMCTL.OCX RCE Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2012-08-15 01:55:01","updated_at":"2026-04-22 16:48:51"},"problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.us-cert.gov/cas/techalerts/TA12-227A.html","name":"http://www.us-cert.gov/cas/techalerts/TA12-227A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"US-CERT Alert TA12-227A - Microsoft Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1856","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1856","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft Security Bulletin MS12-060 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/54948","name":"http://www.securityfocus.com/bid/54948","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-1856","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1856","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2022-03-03T00:00:00.000Z","lang":"en","value":"CVE-2012-1856 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"commerce_server","cpe6":"2002","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"commerce_server","cpe6":"2007","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"commerce_server","cpe6":"2009","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"commerce_server","cpe6":"2009","cpe7":"r2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"host_integration_server","cpe6":"2004","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2007","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2007","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office","cpe6":"2010","cpe7":"sp1","cpe8":"x86","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"office_web_components","cpe6":"2003","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2000","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2000","cpe7":"sp4","cpe8":"analysis_services","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2005","cpe7":"sp3","cpe8":"express_advanced_services","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2005","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2008","cpe7":"r2_sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2008","cpe7":"r2_sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2008","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2008","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_basic","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_foxpro","cpe6":"8.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"1856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"visual_foxpro","cpe6":"9.0","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2012","cve_id":"1856","cve":"CVE-2012-1856","vendorProject":"Microsoft","product":"Office","vulnerabilityName":"Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability","dateAdded":"2022-03-03","shortDescription":"The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-03-24","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2012-1856","cwes":"CWE-94","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:11"},"epss":{"cve_year":"2012","cve_id":"1856","cve":"CVE-2012-1856","epss":"0.915520000","percentile":"0.996780000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T19:08:38.625Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"MS12-060","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060"},{"name":"oval:org.mitre.oval:def:15447","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447"},{"name":"TA12-227A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA12-227A.html"},{"name":"54948","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/54948"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2012-1856","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-10T19:22:38.201324Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2022-03-03","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1856"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"description":"CWE-noinfo Not enough information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-22T00:05:46.865Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-1856"}],"timeline":[{"lang":"en","time":"2022-03-03T00:00:00.000Z","value":"CVE-2012-1856 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-08-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka \"MSCOMCTL.OCX RCE Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-11-07T10:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"MS12-060","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060"},{"name":"oval:org.mitre.oval:def:15447","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447"},{"name":"TA12-227A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA12-227A.html"},{"name":"54948","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/54948"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2012-1856","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka \"MSCOMCTL.OCX RCE Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"MS12-060","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060"},{"name":"oval:org.mitre.oval:def:15447","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447"},{"name":"TA12-227A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA12-227A.html"},{"name":"54948","refsource":"BID","url":"http://www.securityfocus.com/bid/54948"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2012-1856","datePublished":"2012-08-15T01:00:00.000Z","dateReserved":"2012-03-22T00:00:00.000Z","dateUpdated":"2025-10-22T00:05:46.865Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2012-08-15 01:55:01","lastModifiedDate":"2026-04-22 16:48:51","problem_types":["NVD-CWE-noinfo","n/a","CWE-noinfo Not enough information"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:commerce_server:2002:sp4:*:*:*:*:*:*","matchCriteriaId":"707A0633-6324-4D85-AF73-CEB2205D836B"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:commerce_server:2007:sp2:*:*:*:*:*:*","matchCriteriaId":"206FBC72-5535-46F3-B5B8-2FC765C382B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:commerce_server:2009:*:*:*:*:*:*:*","matchCriteriaId":"39CC1FE4-69DC-4F7D-B0C1-E1B074B2908F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:commerce_server:2009:r2:*:*:*:*:*:*","matchCriteriaId":"7CC3C563-408F-487B-8D0F-FDEB1D39B2B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:host_integration_server:2004:sp1:*:*:*:*:*:*","matchCriteriaId":"9FA8CF8C-19D9-48AC-B46C-101D9179E3A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*","matchCriteriaId":"08AF794A-435D-4171-9DBB-EB7FAED96DBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*","matchCriteriaId":"FEECD12A-5BEF-4675-B62E-86CF4A7474D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office:2010:sp1:x86:*:*:*:*:*","matchCriteriaId":"8383FADC-9391-4570-AAF9-92A952A4F04F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:office_web_components:2003:sp3:*:*:*:*:*:*","matchCriteriaId":"0A9C5BA7-0ECB-4101-9DAD-ECAA42C9E0A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*","matchCriteriaId":"A7A5116E-BD37-4539-B815-F1B70EC4D45D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2000:sp4:analysis_services:*:*:*:*:*","matchCriteriaId":"6A74FD84-90B6-41DF-B7E2-8774A8F1ADA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*","matchCriteriaId":"CF6E4324-61CD-497F-ACCD-50D253DE291A"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*","matchCriteriaId":"253CC41C-5DE2-4D76-8E69-13EF53FD256D"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2008:r2_sp1:*:*:*:*:*:*","matchCriteriaId":"CF051B57-99E0-4637-9F0F-B82596DD6505"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:*:*:*:*:*:*","matchCriteriaId":"CDC7BAB6-6166-41A2-9D86-CE31645261AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2008:sp2:*:*:*:*:*:*","matchCriteriaId":"1E28EA71-C7EF-4FCD-94C5-521C87F39405"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sql_server:2008:sp3:*:*:*:*:*:*","matchCriteriaId":"BFC56295-63BF-4EA7-99B5-0B8D019C1432"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_basic:6.0:*:*:*:*:*:*:*","matchCriteriaId":"42D281B3-B2E0-4E36-B1BD-83865AE4B3C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*","matchCriteriaId":"E5DE8B76-FA09-4EA2-9535-758C56C4C099"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*","matchCriteriaId":"5E711CC3-9094-4C54-A794-9C7A3E7F4AFA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"1856","Ordinal":"1","Title":"CVE-2012-1856","CVE":"CVE-2012-1856","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"1856","Ordinal":"1","NoteData":"The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka \"MSCOMCTL.OCX RCE Vulnerability.\"","Type":"Description","Title":"CVE-2012-1856"},{"CveYear":"2012","CveId":"1856","Ordinal":"2","NoteData":"2012-08-14","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"1856","Ordinal":"3","NoteData":"2018-11-07","Type":"Other","Title":"Modified"}]}}}