CVE-2012-0158

Vulnerability updated 23 days ago (2024-11-29T14:00:46.499Z)
Download STIX
Preview STIX
CVE-2012-0158 is a software vulnerability that was first exploited in 2012, resulting from a flaw in the design or implementation of Microsoft Windows Common Controls ActiveX Control. This vulnerability was primarily leveraged through parsing Rich-text-format (.rtf) files and allowed malicious actors to execute remote code. The vulnerability was later patched, but not before it was used in several notable cyberattacks. One of these attacks occurred in 2013 when Chinese political rights activists were targeted through a spear-phishing attack. The attackers exploited CVE-2012-0158 to drop a benign executable from an Office 2003 Service Pack 2 update, which was then manipulated to load a malicious DLL. This technique has been documented since at least 2013, demonstrating the long-term risks associated with such vulnerabilities. The LOWBALL malware also exploited this vulnerability. In a spear-phishing campaign, three attachments were sent via email, each exploiting CVE-2012-0158. The filenames were "使命公民運動 我們的異象.doc", "新聞稿及公佈.doc", and "(代發)[采訪通知]港大校友關注組遞信行動.doc". In all cases, the payload was the same: a backdoor known as LOWBALL, which uses Dropbox cloud-storage service for its Command-and-Control (CnC) server. These incidents highlight the persistent threat posed by software vulnerabilities, even after they have been identified and patched.
Description last updated: 2024-09-25T13:16:24.672Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Windows
Phishing
Exploit
exploited
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The LOWBALL Malware is associated with CVE-2012-0158. Lowball is a type of malware, or malicious software, designed to exploit and damage computer systems. It was potentially utilized by a China-based cyber threat group, known as "admin@338" in some circles, which FireEye tracks as an uncategorized advanced persistent threat (APT) group. The group usedUnspecified
2
Source Document References
Information about the CVE-2012-0158 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
3 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago