We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Win32/CVE-2012-0158
Aliases: MSCOMCTL.OCX RCE Vulnerability (other)
Summary
Windows Defender detects and removes this threat.
This threat uses a vulnerability to download and run files on your PC, including other malware. It is also called the "MSCOMCTL.OCX RCE Vulnerability".
It runs if you visit a web site, use a Microsoft Office document or .rtf file (Word document), and have a vulnerable version of the following applications on your PC:
- BizTalk Server 2002 SP1
- Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold, and R2
- Microsoft Office 2003 SP3
- Microsoft Office 2003 Web Components SP3
- Microsoft Office 2007 SP2 and SP3
- Microsoft Office 2010 Gold and SP1
- SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2
- Visual Basic 6.0 Runtime
- Visual FoxPro 8.0 SP1 and 9.0 SP2
It is most often distributed through emails.
You may get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
You should also run a full scan. A full scan might find other, hidden malware.
Update software
You should make sure your software is up to date:
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
