CVE-2012-0158
Essential information
- Published
- 10/04/2012 23:55
- Modified
- 22/04/2026 23:58
- Author
- Cybersecurity and Infrastructure Security Agency
- Creator
- Cybersecurity and Infrastructure Security Agency
- CVSS
- 9.3 (v2) 8.8 HIGH (v3.1)
- CISA KEV
- Yes
- CWE
- CWE-94
- CVSS vector
-
AV:N/AC:M/Au:N/C:C/I:C/A:CCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- NETWORK
- Access complexity
- MEDIUM
- Authentication
- NONE
- Confidentiality impact
- COMPLETE
- Integrity impact
- COMPLETE
- Availability impact
- COMPLETE
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
NVD status
- NVD
- View on NVD