CVE-2012-1856
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
72.1%
p99
KEV
SÍ
3 mar 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
72.1%EPSS · 30 días72.1%
2026-06-302026-07-16
Producto
Microsoft / Office
Vulnerabilidad
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
Añadido a KEV
3 mar 2022
Remediar antes de
24 mar 2022
Uso conocido en ransomware
No
Descripción resumida
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2012-1856
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2017-11882—100.0%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2023-23397—99.9%
KEV—80Microsoft Office Outlook Privilege Escalation Vulnerability—CVE-2018-0798—99.9%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2015-1641—99.9%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2018-0802—99.8%
KEV—80Microsoft Office Memory Corruption Vulnerability—CVE-2010-3333—99.8%
KEV—80Microsoft Office Stack-based Buffer Overflow Vulnerability—