CVE-2012-1856 | Microsoft Office - MSCOMCTL.OCX Operational Intel

Executive Risk Summary

"The MSCOMCTL.OCX ActiveX control in Microsoft Office is vulnerable to remote code execution, allowing attackers to execute arbitrary code via a crafted document or web page. This vulnerability affects various Microsoft Office versions, including Office 2003, 2007, and 2010, as well as other Microsoft products such as SQL Server and Commerce Server."

Anticipated Attack Path

1. Initial Exploitation: Attacker crafts a malicious document or web page
2. System State Corruption: The crafted document or web page triggers system-state corruption
3. Arbitrary Code Execution: The attacker executes arbitrary code on the vulnerable system

Am I Vulnerable?

Verify if Microsoft Office is installed and if the MSCOMCTL.OCX ActiveX control is present
Check for the presence of the vulnerability in other affected Microsoft products
Apply the patch from Microsoft to remediate the vulnerability

Operational Audit Arsenal

Target Type ActiveX Control

Target Asset MSCOMCTL.OCX

Standard Path C:\Windows\System32\MSCOMCTL.OCX

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: MSCOMCTL.OCX (ActiveX Control)
$Targets = 'MSCOMCTL.OCX'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}