A vulnerability that exists in the following ActiveX components of MSCOMCTL.OCX: ListView, ListView2, TreeView, and TreeView2. Vulnerable components were detected in the following software:
- MS Office [2003|2007|2010(x86)]
- SQL Server [2000|2005(x86)|2008/R2]
- BizTalk 2002
- Commerce Server [2002|2007|2009/R2]
- Visual FoxPro [8.0|9.0]
- Visual Basic 6.0
The flaw causes a stack-based buffer overflow allowing to overwrite the return address. By exploiting this vulnerability, cybercriminals can execute an arbitrary code when a specially generated web page, a Microsoft Word document or an RTF document is opened. The vulnerability was first discovered in April 2012.