0-Day Fixes

MICROSOFT XML CORE SERVICES VULNERABILITY

Summary

A vulnerability in Microsoft Word could, if successfully exploited, lead to remote code execution.

Detailed Description


Microsoft has reported about a vulnerability in Microsoft XML Core Services (MSXML) that affects all supported releases of Microsoft Windows, Microsoft Office 2003, and Microsoft Office 2007. The vulnerability exists when MSXML attempts to access an uninitialized object in memory, resulting in memory corruption. An attacker could take advantage of this condition to execute arbitrary code in the context of a logged-on user.

To mitigate the impact of this vulnerability, users are advised to implement some workarounds. Please refer to Microsoft Security Advisory 2719615 for complete instructions.

F-Secure detects the files taking advantage of this vulnerability as Exploit:JS/CVE-2012-1889 starting in Hydra database version 2012-06-15_02, which was released on 15 June 2012. Please allow F-Secure products to block installation of files that take advantage of this vulnerability.

CVE Reference


  • CVE-2012-1889

Detected Exploit


Detections

  • Exploit:JS/CVE-2012-1889

Databases

  • Hydra database version 2012-06-15_02

Release Dates

  • 15 June 2012

Solution


Removal/Disinfection

Allow F-Secure Internet Security or F-Secure Anti-Virus to block installation of malicious files, and to remove or disinfect malicious files if found on the system.

Original Source


Microsoft Security Advisory 2719615

SCAN & CLEAN?: YES FREE?: ABSOLUTELY

Scan and clean your PC with F-Secure's Online Scanner. The best thing is, its free!

Learn More Try Out Now!