MS12-027: Vulnerability in MSCOMCTL.OCX could allow Remote Code Execution: April 10, 2012

<html><body><p>Resolves a vulnerability in MSCOMCTL.OCX could allow Remote Code Execution. This was released on April 10, 2012.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS12-027. To view the complete security bulletin, visit one of the following Microsoft websites: <ul><li>Home users:<div><a href=“http://www.microsoft.com/security/pc-security/bulletins/201204.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201204.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<div><a href=“http://technet.microsoft.com/security/bulletin/ms12-027” target=“_self”>http://technet.microsoft.com/security/bulletin/MS12-027</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help installing updates: <a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></div><h2></h2><div><h3>Known issues and additional information about this security update</h3> <br /><br /> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><br /><br /><ul><li><a href=“https://support.microsoft.com/en-us/help/983807”>983807 </a> MS12-027: Description of the security update for Microsoft SQL Server 2000 Analysis Services Service Pack 4 QFE: April 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/983808”>983808 </a> MS12-027: Description of the security update for Microsoft SQL Server 2000 Service Pack 4 GDR: April 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/983809”>983809 </a> MS12-027: Description of the security update for Microsoft SQL Server 2000 Service Pack 4 QFE: April 10, 2012 </li><li><a href=“https://support.microsoft.com/en-us/help/2597112”>2597112 </a> MS12-027: Description of the security update for Microsoft Office 2003 Service Pack 3: April 10, 2012<br /><br />Known issue in security update 2597112:<ul><li>You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.<br /><br />To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the “.exd” file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user’s profile and may also be in other locations, such as the following: <div>C:\documents and settings\username\Application Data\Microsoft\Forms<br /><br />C:\documents and settings\username\AppData\Local\Temp\VBE</div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2598039”>2598039 </a> MS12-027: Description of the security update for Office 2010: April 10, 2012 <br /><br />Known issue in security update 2598039:<ul><li>You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.<br /><br />To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the “.exd” file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user’s profile and may also be in other locations, such as the following: <div>C:\documents and settings\username\Application Data\Microsoft\Forms<br /><br />C:\documents and settings\username\AppData\Local\Temp\VBE</div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2598041”>2598041 </a> MS12-027: Description of the security update for 2007 Microsoft Office system: April 10, 2012<br /><br />Known issue in security update 2598041:<ul><li>You install this security update on a computer that has a third-party software solution installed. The software solution is based on Microsoft Visual Basic for Applications (VBA). The software solution creates an instance of the control directly through Microsoft Office. In this scenario, the control may not load in your solution.<br /><br />To resolve this issue, you must delete the cached versions of the control type libraries (extender files) on the client computer. To do this, you must search your hard disk for files that have the “.exd” file name extension and delete all the .exd files that you find. These .exd files will be re-created automatically when you use the new controls the next time that you use VBA. These extender files will be under the user’s profile and may also be in other locations, such as the following: <div>C:\documents and settings\username\Application Data\Microsoft\Forms<br /><br />C:\documents and settings\username\AppData\Local\Temp\VBE</div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2641426”>2641426 </a> MS12-027: Description of the security update for Visual Basic 6: April 10, 2012<br /><br />Known issue in security update 2641426:<ul><li>You cannot remove this security update through the <strong>Add or Remove Programs</strong> item or the <strong>Programs and Features</strong> item in Control Panel.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2645025”>2645025 </a> MS12-027: Description of the security update for Microsoft BizTalk Server 2002: April 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/2647488”>2647488 </a> MS12-027: Description of the security update for Fox Pro 8.0 Service Pack 1: April 10, 2012<br /><br />Known issue in security update 2647488:<ul><li>You cannot remove this security update through the <strong><span>Add or Remove Programs</span></strong> item or the <strong><span>Programs and Features</span></strong> item in Control Panel.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2647490”>2647490 </a> MS12-027: Description of the security update for Fox Pro 9.0 Service Pack 2: April 10, 2012<br /><br />Known issue in security update 2647490:<ul><li>You cannot remove this security update through the <strong>Add or Remove Programs</strong> item or the <strong>Programs and Features</strong> item in Control Panel.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2655547”>2655547 </a> MS12-027: Description of the security update for Microsoft Commerce Server 2009: April 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/2658674”>2658674 </a> MS12-027: Description of the security update for Microsoft Commerce Server 2002: April 10, 2012 </li><li><a href=“https://support.microsoft.com/en-us/help/2658676”>2658676 </a> MS12-027: Description of the security update for Microsoft Commerce Server 2009 R2: April 10, 2012</li><li><a href=“https://support.microsoft.com/en-us/help/2658677”>2658677 </a> MS12-027: Description of the security update for Microsoft Commerce Server 2007: April 10, 2012<br /><br />Known issue in security update 2658677:<ul><li>If you uninstall this security update, the version of Mscomctrl.ocx does not roll back to the original version.</li></ul></li></ul></div></body></html>