阿里云漏洞库

该漏洞EXP已公开传播，漏洞利用成本极低，建议您立即关注并修复。

Microsoft Windows是流行的计算机操作系统。

Microsoft Windows Common Controls的MSCOMCTL.TreeView、MSCOMCTL.ListView2、MSCOMCTL.TreeView2、MSCOMCTL.ListView控件(MSCOMCTL.OCX)中存在错误，可被利用破坏内存，导致任意代码执行。

受影响系统：

Microsoft Office 2010

Microsoft Office 2007

Microsoft Office 2003

Microsoft SQL Server 2005

Microsoft SQL Server 2000

Microsoft Commerce Server 2007

Microsoft Commerce Server 2002

Microsoft Commerce Server 2000

Microsoft Visual FoxPro 9.x

Microsoft Visual FoxPro 8.x

Microsoft已经为此发布了一个安全公告（MS12-027）以及相应补丁:

链接：http://www.microsoft.com/technet/security/bulletin/MS12-027.asp

参考链接
http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploi...
http://www.securityfocus.com/bid/52911
http://www.securitytracker.com/id?1026899
http://www.securitytracker.com/id?1026900
http://www.securitytracker.com/id?1026902
http://www.securitytracker.com/id?1026903
http://www.securitytracker.com/id?1026904
http://www.securitytracker.com/id?1026905
http://www.us-cert.gov/cas/techalerts/TA12-101A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-027
https://exchange.xforce.ibmcloud.com/vulnerabilities/74372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

CWE-ID	漏洞类型
CWE-94	对生成代码的控制不恰当（代码注入）