Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft XML Core Services vulnerability could allow remote code execution


Report ID: MS201207001
Date Published: 16 July 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Microsoft XML Core Services 3.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0




Summary

A vulnerability in Microsoft XML Core Services could allow a remote attacker to execute code and take control of an affected system.



Detailed Description

Microsoft has released a security update to address a vulnerability in Microsoft XML Core Services (MSXML) that existed when attempting to access an uninitialized object in memory. Upon successful exploit, an attacker could be able to execute code in the context of a logged-on user, and take complete control of the system.

This issue has been resolved through the update, which introduced modification in the way that objects are initialized before use. Users are recommended to install the latest update to protect their system from potential exploit attempts.

 

NOTE: This security update addresses a 0-day vulnerability that was reported on 15 June 2012. See Microsoft XML Core Services Vulnerability



CVE Reference

CVE-2012-1889



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-043)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.