Microsoft XML Core Services vulnerability could allow remote code execution
Report ID: MS201207001
Date Published: 16 July 2012
Compromise Type: remote-code-execution
Compromise From: remote
Microsoft XML Core Services 3.0
Microsoft XML Core Services 4.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0
A vulnerability in Microsoft XML Core Services could allow a remote attacker to execute code and take control of an affected system.
Microsoft has released a security update to address a vulnerability in Microsoft XML Core Services (MSXML) that existed when attempting to access an uninitialized object in memory. Upon successful exploit, an attacker could be able to execute code in the context of a logged-on user, and take complete control of the system.
This issue has been resolved through the update, which introduced modification in the way that objects are initialized before use. Users are recommended to install the latest update to protect their system from potential exploit attempts.
NOTE: This security update addresses a 0-day vulnerability that was reported on 15 June 2012. See Microsoft XML Core Services Vulnerability.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-043)