Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability

NVD

Known Exploited Vulnerability

CVE-2012-1856, Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

The following remediation steps are recommended / required by March 24, 2022: Apply updates per vendor instructions.