Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at





Home > Success Center > Network Performance Monitor (NPM) > Microsoft Security Bulletin: Remote code execution vulnerability in Windows Common Controls

Microsoft Security Bulletin: Remote code execution vulnerability in Windows Common Controls

Table of contents


Microsoft has released a critical security bulletin. "Microsoft Security Bulletin MS12-027" addresses a vulnerability in Windows Common Controls that could permit remotely executed code. Specifically, the vulnerable file is mscomctl.OCX, located by default in C:\Windows\SysWOW64\.

From the Executive Summary:

This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.

This security update is rated Critical for all supported Microsoft software that included the Windows common controls in their default installations. This includes all supported editions of Microsoft Office 2003, Microsoft Office 2007; Microsoft Office 2010 (except x64-based editions); Microsoft SQL Server 2000 Analysis Services, Microsoft SQL Server 2000 (except Itanium-based editions), Microsoft SQL Server 2005 (except Microsoft SQL Server 2005 Express Edition, but including Microsoft SQL Server 2005 Express Edition with Advanced Services), Microsoft SQL Server 2008, Microsoft SQL Server 2008 R2, Microsoft BizTalk Server 2002, Microsoft Commerce Server 2002, Microsoft Commerce Server 2007, Microsoft Commerce Server 2009, Microsoft Commerce Server 2009 R2, Microsoft Visual FoxPro 8.0, Microsoft Visual FoxPro 9.0, and Visual Basic 6.0 Runtime. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by disabling the vulnerable version of the Windows common controls and replacing it with a new version that does not contain the vulnerability...


The easiest way to resolve this issue is to apply the Microsoft Update, as suggested in Microsoft Security Bulletin MS12-027. As SolarWinds products are updated, the version of this file that SolarWinds products use will also be updated.

This article applies to all SolarWinds products installed on Microsoft operating systems.

Last modified
13:47, 13 Nov 2015