10Nis
MS12-027: Enhanced protections regarding ActiveX controls in Microsoft Office documents
Security Update MS12-027 addresses a code execution vulnerability in MSCOMCTL.OCX, the Windows Common Controls ActiveX control. By default, this component is included with all 32-bit versions of Microsoft Office. We’d like to cover the following topics in this blog post: Limited, targeted attacks leveraging this vulnerability Mitigations in recent versions of Office to reduce the risk Extra protections to block all or specific ActiveX controls in Office documents The new Office 2010 kill bit feature Limited, targeted attacks leveraging this vulnerability