1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: MS Windows Common Controls ActiveX CVE-2012-1856

Attack: MS Windows Common Controls ActiveX CVE-2012-1856

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit a remote code execution vulnerability in Microsoft Windows Common Controls ActiveX Control.

Additional Information

Microsoft Windows Common Control Library is used by Windows Explorer to create controls such as list view, header, tree tip, tooltip, tool bar, status bar, and more.

The application is prone to a remote code-execution vulnerability. This vulnerability is triggered when the affected ActiveX control corrupts the system state. Specifically, this issue affects the 'TabStrip' ActiveX control contained in the 'MSCOMCTL.OCX' file. The control is identified by the following CLSID:


An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control.


  • Microsoft Visual Fox Pro 8/9
  • Microsoft SQL Server 2005-2008
  • Microsoft Office 2010/2007/2003
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube