FYI...
Microsoft Security Bulletin MS12-027 - Critical
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
- https://technet.microsoft.com/en-us/...letin/ms12-027
• V2.0 (April 26, 2012): Added SP1 versions of SQL Server 2008 R2 to the Affected Software and added an entry to the update FAQ to explain which SQL Server 2000 update to use based on version ranges. These are informational changes only. There were no changes to the security update files or detection logic. For a complete list of changes, see the entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update.
MS12-027
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0158 - 9.3 (HIGH)
Last revised: 04/12/2012
CVE-2012-0158 Exploit in the Wild
- https://blogs.mcafee.com/mcafee-labs...it-in-the-wild
April 23, 2012 - "... many specially crafted files exploiting CVE-2012-0158, a vulnerability in MSCOMCTL.OCX in Microsoft Office and some other Microsoft products. This exploit can be implemented in a variety of file formats, including RTF, Word, and Excel files. We have already found crafted RTF and Word files in the wild. In the malicious RTF, a vulnerable OLE file is embedded with \object and \objocx tags... always exercise caution when opening unsolicited emails..."