Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS12-027: Vulnerability in MSCOMCTL.OCX could allow Remote Code Execution: April 10, 2012


View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS12-027. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top


Known issues and additional information about this security update



The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.


  • 983807 MS12-027: Description of the security update for Microsoft SQL Server 2000 Analysis Services Service Pack 4 QFE: April 10, 2012
  • 983808 MS12-027: Description of the security update for Microsoft SQL Server 2000 Service Pack 4 GDR: April 10, 2012
  • 983809 MS12-027: Description of the security update for Microsoft SQL Server 2000 Service Pack 4 QFE: April 10, 2012
  • 2597112 MS12-027: Description of the security update for Microsoft Office 2003 Service Pack 3: April 10, 2012

    Known issue in security update 2597112:
    • You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.

      To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the ".exd" file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user's profile and may also be in other locations, such as the following:
      C:\documents and settings\username\Application Data\Microsoft\Forms

      C:\documents and settings\username\AppData\Local\Temp\VBE
  • 2598039 MS12-027: Description of the security update for Office 2010: April 10, 2012

    Known issue in security update 2598039:
    • You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.

      To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the ".exd" file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user's profile and may also be in other locations, such as the following:
      C:\documents and settings\username\Application Data\Microsoft\Forms

      C:\documents and settings\username\AppData\Local\Temp\VBE
  • 2598041 MS12-027: Description of the security update for 2007 Microsoft Office system: April 10, 2012

    Known issue in security update 2598041:
    • You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.

      To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the ".exd" file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user's profile and may also be in other locations, such as the following:
      C:\documents and settings\username\Application Data\Microsoft\Forms

      C:\documents and settings\username\AppData\Local\Temp\VBE
  • 2641426 MS12-027: Description of the security update for Visual Basic 6: April 10, 2012

    Known issue in security update 2641426:
    • You cannot remove this security update through the Add or Remove Programs item or the Programs and Features item in Control Panel.
  • 2645025 MS12-027: Description of the security update for Microsoft BizTalk Server 2002: April 10, 2012
  • 2647488 MS12-027: Description of the security update for Fox Pro 8.0 Service Pack 1: April 10, 2012

    Known issue in security update 2647488:
    • You cannot remove this security update through the Add or Remove Programs item or the Programs and Features item in Control Panel.
  • 2647490 MS12-027: Description of the security update for Fox Pro 9.0 Service Pack 2: April 10, 2012

    Known issue in security update 2647490:
    • You cannot remove this security update through the Add or Remove Programs item or the Programs and Features item in Control Panel.
  • 2655547 MS12-027: Description of the security update for Microsoft Commerce Server 2009: April 10, 2012
  • 2658674 MS12-027: Description of the security update for Microsoft Commerce Server 2002: April 10, 2012
  • 2658676 MS12-027: Description of the security update for Microsoft Commerce Server 2009 R2: April 10, 2012
  • 2658677 MS12-027: Description of the security update for Microsoft Commerce Server 2007: April 10, 2012

    Known issue in security update 2658677:
    • If you uninstall this security update, the version of Mscomctrl.ocx does not roll back to the original version.

↑ Back to the top


Keywords: kbsurveynew, kbfix, kbbug, kbsecvulnerability, kbsecreview, kbmustloc, kbsecurity, kbqfe, kb, kblangall, kbexpertiseinter, kbsecbulletin

↑ Back to the top

Article Info
Article ID : 2664258
Revision : 1
Created on : 1/7/2017
Published on : 5/23/2012
Exists online : False
Views : 399