CVE-2012-1856
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
72.1%
p99
KEV
YES
Mar 3, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
72.1%EPSS · 30 days72.1%
2026-06-302026-07-16
Product
Microsoft / Office
Vulnerability
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
Added to KEV
Mar 3, 2022
Remediate by
Mar 24, 2022
Known ransomware use
No
Summary description
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-1856
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2017-11882—100.0%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2023-23397—99.9%
KEV—80Microsoft Office Outlook Privilege Escalation Vulnerability—CVE-2018-0798—99.9%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2015-1641—99.9%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2018-0802—99.8%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2010-3333—99.8%
KEV—80Microsoft Office Stack-based Buffer Overflow Vulnerability—