MS12-027: Vulnerability in MSCOMCTL.OCX could allow Remote Code Execution: April 10, 2012

Article translations Article translations
Article ID: 2664258 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS12-027. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Known issues and additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.
  • 983807 MS12-027: Description of the security update for Microsoft SQL Server 2000 Analysis Services Service Pack 4 QFE: April 10, 2012
  • 983808 MS12-027: Description of the security update for Microsoft SQL Server 2000 Service Pack 4 GDR: April 10, 2012
  • 983809 MS12-027: Description of the security update for Microsoft SQL Server 2000 Service Pack 4 QFE: April 10, 2012
  • 2597112 MS12-027: Description of the security update for Microsoft Office 2003 Service Pack 3: April 10, 2012

    Known issue in security update 2597112:
    • You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.

      To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the ".exd" file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user's profile and may also be in other locations, such as the following:
      C:\documents and settings\username\Application Data\Microsoft\Forms

      C:\documents and settings\username\AppData\Local\Temp\VBE
  • 2598039 MS12-027: Description of the security update for Office 2010: April 10, 2012

    Known issue in security update 2598039:
    • You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.

      To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the ".exd" file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user's profile and may also be in other locations, such as the following:
      C:\documents and settings\username\Application Data\Microsoft\Forms

      C:\documents and settings\username\AppData\Local\Temp\VBE
  • 2598041 MS12-027: Description of the security update for 2007 Microsoft Office system: April 10, 2012

    Known issue in security update 2598041:
    • You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.

      To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the ".exd" file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user's profile and may also be in other locations, such as the following:
      C:\documents and settings\username\Application Data\Microsoft\Forms

      C:\documents and settings\username\AppData\Local\Temp\VBE
  • 2641426 MS12-027: Description of the security update for Visual Basic 6: April 10, 2012

    Known issue in security update 2641426:
    • You cannot remove this security update through the Add or Remove Programs item or the Programs and Features item in Control Panel.
  • 2645025 MS12-027: Description of the security update for Microsoft BizTalk Server 2002: April 10, 2012
  • 2647488 MS12-027: Description of the security update for Fox Pro 8.0 Service Pack 1: April 10, 2012

    Known issue in security update 2647488:
    • You cannot remove this security update through the Add or Remove Programs item or the Programs and Features item in Control Panel.
  • 2647490 MS12-027: Description of the security update for Fox Pro 9.0 Service Pack 2: April 10, 2012

    Known issue in security update 2647490:
    • You cannot remove this security update through the Add or Remove Programs item or the Programs and Features item in Control Panel.
  • 2655547 MS12-027: Description of the security update for Microsoft Commerce Server 2009: April 10, 2012
  • 2658674 MS12-027: Description of the security update for Microsoft Commerce Server 2002: April 10, 2012
  • 2658676 MS12-027: Description of the security update for Microsoft Commerce Server 2009 R2: April 10, 2012
  • 2658677 MS12-027: Description of the security update for Microsoft Commerce Server 2007: April 10, 2012

    Known issue in security update 2658677:
    • If you uninstall this security update, the version of Mscomctrl.ocx does not roll back to the original version.

Properties

Article ID: 2664258 - Last Review: May 23, 2012 - Revision: 2.0
APPLIES TO
  • Microsoft SQL Server 2000 Analysis Services Service Pack 4
  • Microsoft SQL Server 2000 Analysis Services
  • Microsoft SQL Server 2000 Developer Edition
  • Microsoft SQL Server 2000 Enterprise Edition
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft Works Suite 2006
  • Microsoft Visual Basic 6.0 Enterprise Edition
  • Microsoft Visual Basic 6.0 Professional Edition
  • Microsoft Visual Basic 6.0 Standard Edition
  • Microsoft BizTalk Server 2002 Developer Edition
  • Microsoft BizTalk Server 2002 Enterprise Edition
  • Microsoft BizTalk Server 2002 Partner Edition
  • Microsoft BizTalk Server 2002 Standard Edition
  • Microsoft Visual FoxPro 8.0 Professional Edition
  • Microsoft Visual FoxPro 9.0 Professional Edition
  • Microsoft Visual FoxPro 9.0 Service Pack 2
  • Microsoft Commerce Server 2002 Developer Edition
  • Microsoft Commerce Server 2002 Enterprise Edition
  • Microsoft Commerce Server 2002 Standard Edition
  • Microsoft Commerce Server 2007 Developer Edition
  • Microsoft Commerce Server 2007 Enterprise Edition
  • Microsoft Commerce Server 2007 Standard Edition
  • Microsoft Commerce Server 2009 Enterprise
  • Microsoft Commerce Server 2009 Standard
  • Microsoft Commerce Server 2009 R2 Enterprise
  • Microsoft Commerce Server 2009 R2 Standard
Keywords: 
kbexpertiseinter kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbsurveynew KB2664258

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com